1. Background of demand
To implement security requirements for a batch of desktop environments, it is necessary to configure AD domain policies for related security, and then apply GPOs to specific OUs, so as to control computers in different OUs and implement different security features.
2. Demand analysis and realization
1) Prohibit the transfer of files inside and outside the desktop: Group Policy - Remote Desktop Session Host function to achieve
2) Prohibit text-only clipboard copying: group policy—horizon group policy to achieve
3) Security requirements for different groups of computers are blocked: by placing different computers under the blocked OU;
4) Isolation between groups, prohibiting network access: realized through NSX firewall - security group;
5) Only allow specific websites to access, all others are prohibited: Group policy or Internet behavior management software or firewall to achieve
6) Different computers are in different OUs: This is achieved by moving AD objects in batches through scripts.
3. Script
C:\Windows\system32> Import-Module activedirectory
# 导出域中所有的计算机名和操作系统类型:allpc.txt为从ad的计