Restrict Domain User Completely

Hello Friends, as an IT Administrator this is your key responsibility to keep your domain safe. Therefore, Active Directory Domain Admins need to make sure that your domain remains intact from unauthorized access. To achieve this, Domain Administrator need to apply appropriate GPOs over single or set of users. Putting restrictions over domain users can vary depends upon environment where you are working. Normally domain users can perform so many tasks in their workstations. But if we talk about restrict domain users completely then it is pretty clear that we want to do it purposely and wanna give access over specific applications only.

In this post we are going to restrict specific domain user on specific machine. Here we will give only web browsers access to the user. Everything will be hidden from desktop, like shortcuts, icons etc. Only browsers icons will be displaying in task bar. In my case, will show IE and Chrome browser.

Restrict Domain User Fully

There are multiple GPOs settings to restrict domain users which are being given at the end of this article. Here, will learn how to limit icons in taskbar.

First of all, add / pin those all icons in taskbar which you want to show there and remove unwanted icons. Then go to below registry path:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband]

Click on Taskband. Then on right hand side keep all those entries which are kept in taskbar. Delete remaining all.

Then take export of Taskband.

GPO Creation:

First of all, open Group Policy Management Console and create a new Group Policy or freshers can follow link How To Open Group Policy Management ConsoleNow Group Policy Editor is ready to use and go to the path as shown below:

User Configuration –> Windows Settings–> Logon/Logoff

Double click on Logon–> Click on “Show File”–> Copy exported registry file over here –> Click on “Add” button–> Type Regedit.exe in first box. In second box, give parameter that is “/s registryfilename.reg” (will give parameter without quotes).

Now check on user and machine where you applied this group policy.

To restrict users please follow below link:

https://www.gpoedit.com/2018/01/restrict-active-directory-user-account-via-gpo

Thanks for choosing GPOEdit website (https://www.gpoedit.com) to find out your solutions.

Feedback: gpoadmin@gpoedit.com

Thanks.

Other Post:

3 thoughts on “Restrict Domain User Completely

Leave a Reply