Re: Group Policy per user
From: Doug Knox MS-MVP (dknox_at_mvps.org)
Date: 08/19/04
- Next message: Doug Knox MS-MVP: "Re: Please Hekp: Hard Drive Access Denied"
- Previous message: Josh Mikow: "Re: Creating Custom group for local XP Pro SP2 machine"
- In reply to: Nick: "Group Policy per user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 Aug 2004 16:52:12 -0400
The User level group policies are Per-User. So when you log into the machine as the Administrator, copy the Registry.pol file, make your GPEDIT changes, then copy the Registry.pol file back, you've only affected the Administrator. You need to repeat these steps for all Administrator level users.
9) Copy the Registry.pol file that is located in the %Systemroot%\System32\GroupPolicy\User folder to a backup location (for example, to a different hard disk, to a floppy disk, or to a folder).
10) Open your local policy again by using either the Group Policy Object Editor or your MMC console icon, and then reverse the changes that you made in step 3. For example, to reverse the changes that you made in step 3, double-click Hide My Network Places icon on desktop, click Disabled, click Apply, and then click OK.
Note When you do this, Policy Editor creates a new Registry.pol file.
11) Close Group Policy Object Editor or MMC, and then copy the backup Registry.pol file that you created in step 9 back to the %Systemroot%\System32\GroupPolicy\User folder.
When you are prompted to replace the existing file, click Yes.
12) Log off from the computer, and then log on to the computer as an administrator. You can see that the changes that you made in step 3 are not implemented because you have logged on to the computer as an administrator.
Otherwise, you have to manipulate each User's Registry (NTUSER.DAT file) manually, via Regedit, or some 3rd party application, like mine.
You might want to try this as an alternate method. Say you have 6 accounts on the computer. 2 Administrator and 3 Users, plus the built in Administrator account.
User1 = Admin
User2 = Admin
User3 thru 5 = Users
1) Log in to the computer with the built in Administrator account.
2) Copy the NTUSER.DAT files for User1 and User2 to a different folder. Do not delete them, just copy them.
3) Log off the Administrator and log in to User1's account.
4) Copy the Administrators NTUSER.DAT file to a different folder.
5) Still logged into User1's account, open GPEDIT.MSC and apply all the changes that you want, then close GPEDIT.
6) Log off User1, and log into each user account on the system, including the built in Administrator.
7) Log off the last account you used and log back in as User1.
6) Replace the Administrator and User2's NTUSER.DAT files with the backed up copies.
7) Log off User1 and log into the Administrator account.
8) Replace User1's NTUSER.DAT file with the backed up copy.
-- Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display Win 95/98/Me/XP Tweaks and Fixes http://www.dougknox.com -------------------------------- Per user Group Policy Restrictions for XP Home and XP Pro http://www.dougknox.com/xp/utils/xp_securityconsole.htm -------------------------------- Please reply only to the newsgroup so all may benefit. Unsolicited e-mail is not answered. "Nick" <nreser37@yahoo.com> wrote in message news:96b001c48611$71e90880$a601280a@phx.gbl... >I have seen various pieces of information regarding Group > Policy when searching on the Internet. Many say there are > work arounds to setting individual policies on each user, > but nobody seems to know or be willing to tell how to > accomplish that. I am using XP Pro on my own pc, although > on a network, the policies would be in effect only on my > machine. An article on Microsoft's site explains how to > set group policy for non-administrative users, but when I > have gone through that process, it applies only to the one > user that I administrative account that I have applied the > changes in. All other admin accounts are blocked from > access to the disabled features. The article number is: > 293655. I understand that the article is for Win 2000 > Pro, but I figure enough of the basics should stay the > same for this to work. Also, I have seen that Doug Knox > has some software that can help with this. Not that I > don't want or need the software, but I would like to know > how to do this manually as well if it is possible. Can > anyone provide assistance with this matter? I would > greatly appreciate it.
- Next message: Doug Knox MS-MVP: "Re: Please Hekp: Hard Drive Access Denied"
- Previous message: Josh Mikow: "Re: Creating Custom group for local XP Pro SP2 machine"
- In reply to: Nick: "Group Policy per user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
