Updating Local Group Policies by modifying the registry

From: Mikel Pirie (mikel.pirie@nospam.valen.ca)
Date: 06/10/02 

From: "Mikel Pirie" <mikel.pirie@nospam.valen.ca>
Date: Mon, 10 Jun 2002 07:35:49 -0700

How is this different from just using permissions on the
GPO to deny the "Apply Group Policy" for admins?

cheers
Mike
>-----Original Message-----
>I would like to apply local group policies by modifying
the registry
>on the PC when a user logs in.
>
>To test this I made a backup of the registry and then
made the GPO
>changes I wanted with the GPO snapin. I made another
backup of the
>registry after the changes had been made (restrict.reg).
The policies
>took effect as they should. I then wanted to remove the
restrictions
>by reverting to the backup registry (backup.reg). I
clicked on the
>backup.reg file and told the PC I wanted to import these
changes into
>the registry. After a few seconds I received a message
stating that
>not all of the registry could be imported because some of
the files
>were in use. The then checked to see if restoring the
registry
>removed the policies I had set into effect, the policies
were still
>applied. Is there a way to do this?
>
>When the Admin account logs on I want a login script to
modify the
>registry so that none of group policies are enabled. I
believe the
>command is "regedt32 /s backup.reg". Then when the admin
logs off I
>want the log off script to return the registry to the one
where the
>group policies are enabled. "regedt32 /s restrict.reg".
Can this be
>done? I need to set this up because we use Novell so I
can't use the
>domain GPO to apply different restrictions to different
users.
>
>thanks in advance,
>John
>.
>

Relevant Pages

  • RE: Moving from NT4 policy to Group Policy
    ... The mixed environment of Group policies and System policies ... policies which are permanently applied in the registry and Group Policy ... which is all documented by MS for non GPO ...
    (microsoft.public.windows.server.active_directory)
  • Updating Local Group Policies by modifying the registry
    ... >GPO to deny the "Apply Group Policy" for admins? ... >>I would like to apply local group policies by modifying ... >>on the PC when a user logs in. ... >>To test this I made a backup of the registry and then ...
    (microsoft.public.win2000.security)
  • Re: User Policies
    ... Specifically, I am looking for a very aggressive group policy which a) doesn't alllow software installation or removal b) doesn't allow user to view registries c) doesn't allow user to view network configuration, etc... ... There are sample configuration out there but I doubt there's a sample GPO that does exactly what you're trying to do. ... For b) You can use Sofware Restriction Policies to prevent regedit and regedt32 from running, but I doubt you'll catch all kinds of registry browsers. ...
    (microsoft.public.windows.group_policy)
  • Re: Updating Local Group Policies by modifying the registry
    ... otherwise I would deny the read for admins. ... >>I would like to apply local group policies by modifying ... >>on the PC when a user logs in. ... >>To test this I made a backup of the registry and then ...
    (microsoft.public.win2000.security)
  • Re: Local policy, IE and SP2...
    ... I must mention here that I rarely use GPEdit and almost always I change the Explorer or System policies through registry. ... The same I did for those tests I mentioned for SP2. ... this is true - those policies will not allow you to lock user accounts from launching applications from hidden drives. ...
    (microsoft.public.windowsxp.embedded)