Hi,
We use a 2008 AD environment and I have a requirement to lock down some windows 7 PCs. For example, we have 1 machine which is set to auto logon and is only used to display 1 web page.
This PC uses a local account to logon, but is on the domain.
Am I correct in thinking that as the PC is on the domain, the only domain policies which apply are the computer configuration part of gpos?
I need to lock down the PCs so that people can't use powershell, command line, remove games, etc. I was thinking of creating a security template and applying it to several PCs and using that as a quick and easy way to lock desktops down.
Am I right in thinking the best way forward is using the Microsoft Security Compliance manager for this?
thanks
IT Support/Everything