Re: Need advice from expert
From: Deian Popov (deian_p@yahoo.com)
Date: 06/23/02
- Next message: John E. Carty: "Re: Keeping my roommates out"
- Previous message: mike: "forgot my password"
- In reply to: Roger Abell [MVP]: "Re: Need advice from expert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Deian Popov" <deian_p@yahoo.com> Date: Sun, 23 Jun 2002 12:48:46 -0700
Thanks a lot Roger :) I will go now and check that method.
Hope this will be fixed in the next release of Windows.
Thanks again for the help,
Deian
>-----Original Message-----
>Deian,
>
>It seems you have come a long way in understanding the
tools
>and setting architecture of XP.
>
>Here is what you will not believe, so let me call it the
bad news.
>(There will be some light shed on your issue however.)
>Local Security Policy applies equally to all accounts,
with
>no exceptions, as long as the accounts can read the folder
>%windir%\system32\GroupPolicy.
>
>MS says this is by design, and I have exhausted channels
in an
>attempt to get this restriction loosened. ;-( The
purpose is that
>group policy is really a domain level control feature,
with a
>minimum visibility of the policy application engine
available
>in a non-domain machine.
>
>So, what you can do is create a special administrator
account
>and set a Deny of Full Control on the system32\GroupPolicy
>folder. This account will then not be affected by any
policies.
>When you wish to change Local Security Policy settings,
you
>will need to log in with this account (PS. Perhaps set
it to have
>a password that never expires as a safety.). After
logging in
>you will have no access to GroupPolicy and so will first
need
>to remove the Deny of Full Control in order to edit
policies.
>You will have a variable time interval to make changes
before
>background policy application will happen - so get in,
make the
>changes, get out, and reset the Deny of Full Control.
>
>There are other approaches one can take, mostly via direct
>registry editing or one other very tedious method. So,
if a
>variation of the above can work for you that would be
best.
>
>--
>Roger Abell
>MS MVP (Windows Platform), MCSE, MCDBA
>Associate Expert - Windows XP ExpertZone
>http://www.microsoft.com/windowsxp/expertzone
>
>"Deian Popov" <deian_p@yahoo.com> wrote in message
>news:1157401c21ae0$60601020$9be62ecf@tkmsftngxa03...
>> Hello, I'm trying to set up Windows XP, and I'm reaching
>> many obstructions, which makes me think that the Help is
>> not really good written.
>>
>> Here is my problem:
>>
>> 1) I'm trying to set up my computer so it will be
>> shared with other users. For that reason, I want to
>> disable some options like the run menu command, Control
>> Panel, Task Manager and many others. The solution that I
>> came up to was to use the MMC and setup Group Policy for
>> the Local Computer(It's only one and it's not connected
to
>> other computers). I was SHOCKED when I figured out that
>> the settings specified there were applied also to the
>> Administrators group, not only to let's say the Users
>> group. This is very big problem, because every time when
>> administrator logs on, he has to modify the policy, and
if
>> you have set up more than 100 options in the Group
Policy
>> it looses you a lot of time first to disable these
>> changes, and after you finish your work, to go back and
>> enable these settings again. I didn't found any
>> information in the help file that shows me how to set
up a
>> Group Policy for a specific group (That's what I'm
trying
>> to achieve!). And also, if there is some way of doing
>> that, how would I specify which policy should apply and
be
>> loaded? (Where?). Any detailed help is appreciated,
>>
>> Greetings,
>>
>> Deian
>>
>> PS: My e-mail address is deian_p@yahoo.com
>>
>
>
>.
>
- Next message: John E. Carty: "Re: Keeping my roommates out"
- Previous message: mike: "forgot my password"
- In reply to: Roger Abell [MVP]: "Re: Need advice from expert"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
