Want to put an end to the user free-for-all and "not this again" help desk requests? Sonny Discini walks us through the basics of locking down those workstations with Microsoft Management Console and Active Directory.

First, you have to lay the groundwork.

Microsoft MMC How To: Hardening Desktops for Improved Security - eITplanet

Let's start with a manual workstation lockdown.

When defining a local security policy you will be working in the following areas: Account Policies, Local Policies, Event Log, Restricted Groups, System Services, Registry and the File System. Once you have a working hardened image, you can then deploy it out across your enterprise.

Make sure that your baseline image does not interfere with supported enterprise apps or you will be going through the lockdown phase many more times than you will like.
Click-by-click instructions await if you visit this MMC tutorial.