Re: group policy
From: - Almazick - (Almazick@yahoo.com)
Date: 05/19/02
- Next message: Chris: "accessability for limited user"
- Previous message: Ben West: "Re: can't send/recived files in ICQ 2002 in internet sharing."
- In reply to: john durcan: "group policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "- Almazick -" <Almazick@yahoo.com> Date: Sat, 18 May 2002 19:16:08 -0600
sure you can
HOW TO: Apply Local Policies to all Users Except Administrators on Windows
2000 in a Workgroup Setting (Q293655)
----------------------------------------------------------------------------
----
The information in this article applies to:
a.. Microsoft Windows 2000 , Professional
a.. Microsoft Windows 2000 , Server
----------------------------------------------------------------------------
----
IN THIS TASK
a.. SUMMARY
a.. Apply Local Policies to All Users Except Administrators
a.. Restore Original Local Policies
SUMMARY
This article describes how to apply local policies to all users, except
administrators, on a Windows 2000-based computer that is in a workgroup
setting.
When you use either a Windows 2000 Professional-based or Windows 2000
Server-based computer in a workgroup setting (not a domain), you may need to
implement local policies on that computer that can apply to all users of
that computer, but not to administrators. This exception enables the
administrator to have unlimited access and control of the computer, and to
be able to restrict the users that can log on to that computer.
The Windows 2000 Professional-based computer or Windows 2000-based member
server must be in a workgroup setting for this procedure to work. In this
situation the domain policies cannot overwrite the local policies because
the domain policies do not exist. It is recommended to make backup copies of
all the files that are edited.
back to the top
Apply Local Policies to All Users Except Administrators
To implement local policies to all users, except administrators:
1.. Log on to the computer as an administrator.
2.. Open your local security policy: Either click Start , click Run , and
then type: gpedit.msc , or click Start , click Run , type: mmc , and then
load the local security policy. If the removal of the run command is one of
the policies that you want, it is recommended that you edit the policy by
means of Microsoft Management Console (MMC), and then save the results as an
icon. Then, the run command is not needed to reopen the policy. When the
policy is open, expand User Configuration , and then expand Administrative
Templates .
3.. Enable whatever policies you want (for example, Desktop for "Hide My
Network Places" or "Hide Internet Explorer Icon on Desktop").
NOTE : Ensure that you select the correct policies, otherwise you may
restrict the ability of the administrator to log on to the computer (and
complete the necessary steps to configure the computer). It is recommended
that you record what changes you have made (you can also use this
information for step #10).
4.. Close the Gpedit.msc Group Policy snap-in, or if you use MMC, save the
console as an icon to make it accessible later, and then log off from the
computer.
5.. Log on to the computer as an administrator. You can observe in this
logon session the policy changes that had been made earlier, as by default,
the local policies apply to all users, which includes administrators.
6.. Log off from the computer, and then log on to the computer as all of
the other users for this computer for which you want these policies to apply
to. The policies are implemented for all of these users as well as the
administrator.
NOTE : Any user account that is not logged on to the computer at this step
cannot have the policies implemented for that account.
7.. Log on to the computer as an administrator.
8.. Click Start , click Settings , click Control Panel , and then
double-click Folder Options . Click the View tab, click the Show Hidden
Files and Folders option, and then click OK so that you can view the Group
Policy hidden folder. Or, you can access these settings if you open Windows
Explorer, click Tools , and then click Folder Options .
9.. Copy the Registry.pol file that is located in the
%Systemroot%\System32\GroupPolicy\User\Registry.pol folder to a backup
location (for example, a different hard disk, floppy disk, or folder).
10.. Open your local policy again by using either the Gpedit.msc Group
Policy snap-in or your MMC console icon, and then enable the exact features
that had been disabled in the original policy that had been created for that
computer.
11.. Close your policy editor, and then take the backup Registry.pol file
that had been copied in step #9 and copy it back into the
%Systemroot%\System32\GroupPolicy\User folder. Copy the backup Registry.pol
file over the new, existing, Registry.pol file that had been just created by
disabling the same features. When you are prompted by the operating system
as to whether you want to replace the existing file, click Yes .
12.. Log off from the computer, and then log on to the computer as an
administrator. You can observe that the changes that had been originally
made are not implemented for you because you have logged on to the computer
as an administrator.
13.. Log off from the computer, and then log on to the computer as another
user (or other users). You can observe that the changes that had been
originally made are implemented for you because you have logged on to the
computer as a user (not an administrator) to that computer .
14.. Log on to the computer as an administrator to verify that the local
policy does not affect you as the local administrator to that computer.
back to the top
Restore Original Local Policies
To reverse the process described above:
1.. Log on to the computer as an administrator.
2.. Click Start , click Settings , click Control Panel , and then
double-click Folder Options . Click the View tab, click the Show Hidden
Files and Folders option, and then click OK so that you can view the Group
Policy hidden folder. Or, you can open Windows Explorer, click Tools , and
then click Folder Options .
3.. Either move, rename, or delete the Registry.pol file from the
%Systemroot%\System32\GroupPolicy\User folder. Another default Registry.pol
file is created by the Windows File Protection system after you log off from
or restart the computer.
4.. Open the local policy: Click Start , click Run , and then type:
gpedit.msc , or click Start , click Run , type: mmc , and then load the
local security policy. Then, set all of the items that are set to either
"disable" or "enable" to "not configured" to reverse any policy changes that
had been implemented to the Windows 2000 registry as specified by the
Registry.pol file.
5.. Log off from the computer as an administrator, and then log on the
computer as an administrator.
6.. Log off from the computer, and then log on the computer as all of the
users on the local computer so that the changes can be reversed on their
accounts as well.
--
\ \\ // /
( @ @ )
----oOOO----(_)----OOOo-------
- Almazick -
---------------Oooo-------------
oooO ( )
( ) ) /
\ ( (_/
\_)
"john durcan" <johnadurcan@hotmail.com> wrote in message
news:emQ$tkb9BHA.1880@tkmsftngp04...
> I have a home network without a server and wanted to know if I could setup
> policies for user groups without active directory. I like the use of
> gpedit.msc but if I set a restriction it also sets it for myself(admin
> account). what I have done is create a reg file that i import for each
user
> when I setup the account but it would be much better and convienient to
use
> something like gpedit.msc. poledit.exe used to work perfectly for this on
> windows NT.
>
> Cheers
> JD
>
>
- Next message: Chris: "accessability for limited user"
- Previous message: Ben West: "Re: can't send/recived files in ICQ 2002 in internet sharing."
- In reply to: john durcan: "group policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
