Skip to content

Simple Guide : Creating & Configure GPO in Windows Server 2012 R2 – Part 2

August 18, 2013

Hi all,

In my part 2 of GPO, lets go through how to create & configure a very basic GPO, for those who missed out my part 1 of GPO configuration, please refer to this link :

As usual, I used my existing infra for this demo which DC01.comsys.local and my Windows 8 Client (Surface01)…

For this demo objective, I’m going to restrict access to control panel, and restrict few apps such as Notepad.exe and Calc.exe my Marketing & Production users.

Lets get started…

1 – As usual on the domain server, create a new GPO, in my case my new GPO will be Comsys Infra Standard


2 – Next, right click Comsys Infra Standard GPO and click Edit…



3 – Next, on the Group Policy Management Editor, expand User Configuration, Policies, and Administrative Templates, and then click System, next double click Don’t run specified Windows applications, click Enabled and click Show…



4 – In the Show Contents box, in the Value list, type notepad.exe, Calc.exe and Paint.exe and then click OK…





5 – Next, click Control Panel, on the right pane, double click Prohibit access to Control Panel and PC Settings, then click Enabled and click OK



6 – Next, lets Link the Comsys Infra Standard GPO to our domain, right click Comsys.local and click Link an Existing GPO…



7 – On the Select GPO box, under Group Policy Object, click Comsys Infra Standard and then click OK to proceed…



8 – Next, you can open CMD and type gpupdate /boot /force…



9 – Next, log in to your Windows client PC, in my case my Windows 8 Client and I log in as my domain user (either your Marketing @ Production users…



10 – once you successfully log on, try open notepad and Control Panel and you will be presented with Restrictions warning box…



11 – Next, back to your Domain Server and open Control Panel (remember that my Domain Server is longed in as Domain Administrator)…



12 – once you click Control Panel, you will be presented with Restrictions warning box, but I’m a Domain Administrator, why I had this Restriction??



13 – Not to worry with this error, what you need to do to solve this small issue just a simple step where as in the Group Policy Management, click Comsys Infra Standard GPO, on the right pane, under Security Filtering, click Authenticated Users and then click Remove…



14 – On the Group Policy Management box, click OK to confirm remove the Authenticated Users group…



15 – Next, still in the Security Filtering, please add Marketing and Production group so that only this 2 groups will effected with this GPO…



Orait, thats all for Part 2, wait for my Group policy Part 3…


One Comment
  1. Abdul ahad permalink

    You are Awesome.. Ma shaa Allah..very easy and simple explanation.. to the point..
    Thanks alot 🙂

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: