Re: Question about Group Policies in XP.
From: Mike (Mike_at_discussions.microsoft.com)
Date: 02/15/05
- Next message: Modem Ani: "Re: tool to list all patches ?"
- Previous message: Mike: "RE: Can't restore Group Policy I set up."
- In reply to: Nepatsfan: "Re: Question about Group Policies in XP."
- Next in thread: Nepatsfan: "Re: Question about Group Policies in XP."
- Reply: Nepatsfan: "Re: Question about Group Policies in XP."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Feb 2005 13:19:04 -0800
I figured out (with a little help from theeldergeek.com) that after you save
the policy has administrator you have to go to
c:\windows\system32\grouppolicy\ and take away the read permission and choose
deny instead of allow so that the policy doesn't affect the administrator
account. Thanks for all your help.
"Nepatsfan" wrote:
> I did a little experimenting but you're going to have to tweak
> this for your needs.
>
> Logon as Administrator.
> Right click an open area of your desktop and select New ->
> Shortcut.
> Enter gpedit.msc.
> Hit Next.
> Enter a name for this shorcut and select Finish.
> This will allow you to access the Local Seurity Policy after
> you've hidden the C drive.
>
> Have you enabled any policy settings that remove the Command
> Prompt entry from the Start menu? If you have then you'll have to
> create a shortcut to cmd.exe as well. That will allow you to
> access the Registry.pol file. Follow the instructions outlined in
> the Microsoft article I posted earlier and see if you get the
> results you want.
>
> Keep in mind that there are other ways of accessing the C drive
> besides My Computer or Explorer. I've just given you two examples
> of how someone can get around this policy.
>
> Keep us posted.
> --
> Nepatsfan
> "Mike" <Mike@discussions.microsoft.com> wrote in message
> news:323002FF-53D8-41EA-B0B4-DF659A59907A@microsoft.com...
> > There is an option under both Computer configuration and User
> > configuration
> > (I don't remember the exact path) but you can hide the c: drive
> > (make it
> > invisible) or restrict access to it. I haven't considered NTFS
> > permissions
> > cause I don't know enough about it but I have converted the
> > drives to NTFS.
> >
> > "Nepatsfan" wrote:
> >
> >> What exactly do you mean by "setting the c: drive to be
> >> hidden"?
> >> How did you go about hiding it? You can remove the Run command
> >> from the start menu easily enough but restricting access to a
> >> drive could (as you've already seen) have unintended
> >> consequences. Have you considered using NTFS permissions to
> >> restrict user access?
> >>
> >> --
> >> Nepatsfan
> >> "Mike" <Mike@discussions.microsoft.com> wrote in message
> >> news:4F2FF69E-176C-4DDB-8539-696110396F75@microsoft.com...
> >> > One thing that really screwed me up was setting the c: drive
> >> > to
> >> > be hidden and
> >> > taking the Run command off the start menu. I'd like to
> >> > include
> >> > these
> >> > policies under the user account but if I have to set these
> >> > policies up
> >> > logged in has administrator I won't be able to get back to
> >> > the
> >> > c: drive or
> >> > c:\windows\system32\gpedit.msc. How can I do this so I can
> >> > set
> >> > these
> >> > policies? Should I give the user account administrator
> >> > rights
> >> > then set the
> >> > policies then take the admin right away and login again has
> >> > the
> >> > user account?
> >> > That's what screwed me up initially.
> >> >
> >> > "Nepatsfan" wrote:
> >> >
> >> >> You might want to take a look here:
> >> >>
> >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
> >> >>
> >> >> Here's another tool you might want to consider:
> >> >>
> >> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
> >> >>
> >> >> --
> >> >> Nepatsfan
> >> >> "Mike" <Mike@discussions.microsoft.com> wrote in message
> >> >> news:CB797599-CA2B-4798-9A15-F0045CEC66D7@microsoft.com...
> >> >> > I'm not an expert with group policies but would like to
> >> >> > use
> >> >> > it
> >> >> > more. I'm
> >> >> > trying to set up five machines with a local group policy
> >> >> > but
> >> >> > have screwed up
> >> >> > two machines already by not being able to get gpedit.msc
> >> >> > because I set the
> >> >> > sample user configuration policy up has the user account
> >> >> > (user
> >> >> > account has
> >> >> > administrator rights) but in doing so the policies also
> >> >> > affected the
> >> >> > administrator account so I'm on my third machine. I
> >> >> > accidentally set both
> >> >> > local computer and user policies (didn't know I just had
> >> >> > to
> >> >> > use
> >> >> > user
> >> >> > configuration) Does anyone have links to any proper
> >> >> > information
> >> >> > or
> >> >> > instruction on how to group policy? We're tired of using
> >> >> > Fortres desktop
> >> >> > security.
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
- Next message: Modem Ani: "Re: tool to list all patches ?"
- Previous message: Mike: "RE: Can't restore Group Policy I set up."
- In reply to: Nepatsfan: "Re: Question about Group Policies in XP."
- Next in thread: Nepatsfan: "Re: Question about Group Policies in XP."
- Reply: Nepatsfan: "Re: Question about Group Policies in XP."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
