Domain Admins
164
edits
Changes
From Pumping Station One
Adding Authorization Controlled Domain Groups (view source)
Revision as of 01:46, 8 May 2017
, 01:46, 8 May 2017→1) Domain Steps
** For example: Boss Laser Authorized
** For example: Boss Laser Authorized
* Create an Authorizer security group
* Create an Authorizer security group
** For example: Boss Laser Authorizer
** For example: Boss Laser Authorizer
** NOTE: Now is a good time to add all Authorizer (likely danger committee users) to this group.
=== 2) Django Steps ===
=== 2) Django Steps ===
=== 3) Group Policy Steps ===
=== 3) Group Policy Steps ===
* Create a new group policy and place it in the OU you originally created
* Create a new group policy and place it in the OU you originally created
* Edit this new group policy
* Edit new group policy with the following selection
** Computer Configuration
*** Policies
**** Windows Settings
***** Security Settings
****** Local Policies / User Rights Assignment
******* (Policy) Allow Log On Locally
******** (Setting) PS1\Domain Admins, PS1\[Authorizer Security Group], PS1\[Authorized Security Group], BUILTIN\Administrators, BUILTIN\Administrators
****** Local Policies / Security Options
******* (Policy) Interactive Logon: Do not require CTRL+ALT+DELETE
********(Setting) Disabled
****** Restricted Groups
******* (Group) PS1\[Authorizer Group]
******** (Member Of) BUILTIN\Administrators
** User Configuration
*** NONE
Here is an example of how the GPO should look.
[[File:BossGroupPolicy.png|Example of group polciy]]
== Final Notes ==
To finalize the changes, it is recommended you reboot the affected computer, or run "gpupdate /force" from a command prompt.
