Basic Questions Windows 2003 Server ... adding Users, Groups & Group Policy?
Hello all im new to Windows 2003 and I have some basic questions on Windows 2003... Im going to start off by saying that im just trying to help my parents out with a small business and im fluent in building computers, networking, XP, and i have basic concepts down with registry, Group Policy, users Setup: 1) Windows 2003 SP2 Server acting as the DNS Server, Domain Controller with Active Directory 2) 20 Windows XP SP3 Computers Currently I joined the XP clients to the Domain using "Administrator" and "password" and i never gave anyone a unique username or password they simply log onto their XP clients using "Administrator" and "password" i know this is poor practice so i want to change it Goal: 1) Everyone logs onto the Domain with thier XP Client using a unique username and password - Create Multiple Users - Create Group 2) Setting up a Group Policy for the employees that will limit their Internet browsing I have an idea on how to do both i just have some very specific questions i want to ask before i do it Question : 1) Start --> Administrative Tools --> Active Directory Users and Computers --> Select my Domain I know how to add a USER but i don't know where to place the newly created USER - Should i place the USER in one of the many default folders that come with the domain such as Builtin, Computer, Domain Controller, ForeignSecurityPrincipals, Users or - Should i create a new Shared Folder or OU and put the USER inside of that? 2) Same question as #1 except when i make a GROUP where do i place it? 3) I would like to enable Content Advisor in the Group Policy Right Click my Domain --> Properties --> Group Policy I read it was bad to edit the default so i guess i need to create a new one I know it reads Policy from the bottom up so i place the new Policy at the top If i have not touched the Original Domain Policy is the default Domain Policy the same as a new one that i create? User Configuration --> Windows Settings --> Internet Explorer Maintenance --> Security --> Security Zones and Content Ratings --> Import Settings
December 26th, 2009 9:31pm

You might start with these articles.http://support.microsoft.com/winsvr2003adhowtohttp://www.microsoft.com/WindowsServer2003/techinfo/overview/adsmallbiz.mspxRegards, Dave Patrick .... Microsoft Certified Professional Microsoft MVP [Windows]
Free Windows Admin Tool Kit Click here and download it now
December 26th, 2009 9:53pm

Hello,Question1/2:Create your own OU structure reflecting the company needs, for example an OU "company" inside one OUs for "users" and one OU for "computers" where you place the user accounts/computer accounts. This way you can also create separate Group policies for the users and computers. Groups for users i would then place into the users OU.Also GPOs have a computer configuration AND user configuration part so keep this in mind to link a GPO to the users or computers OU.Question3:First install Group policy management console on the server or on a machine used for administration of the domain:http://www.microsoft.com/downloads/details.aspx?FamilyID=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887This gives you a better overview and addtional options then using only the builtin option.As you said before, leave the 2 default GPOs allone and create your own ones, in case of problems you can delete the self created ones and after a reboot the default ones will apply and reset most settings back to default. The password/account lockout settings MUST be configured on domain level, no other place will work in OS version 2003 or lower.If you create a new GPO it will be complete empty with no settings enabled/disabled. The name of the new GPO is just optical and can be changed to whatever you like later on.Controlling internet access via GPO is not really possible, you have to use a proxy server like SQUID(free) or ISA server to have control.Answer4 (even if you didn't ask):Active Directory and also GPOs relies highly on correct DNS setup. Make sure to use on all domain machines ONLY the domain DNS server, normally the DC with AD integrated zones, as preferred on the NIC and not any external DNS server as your ISP. Then configure the DNS server according to:http://support.microsoft.com/kb/323418/http://support.microsoft.com/kb/323380Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
December 27th, 2009 10:03pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics