Re: Locking down XP machines on a peer to peer network

Chris Swinney <swin@xxxxxxxxxxxxx> wrote:
Thanks,

that stuff looks like it will fit the bill very well.

Chris

Glad to help- best o' luck.


"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:eGARt3LUIHA.4476@xxxxxxxxxxxxxxxxxxxxxxx
Chris Swinney <swin@xxxxxxxxxxxxx> wrote:
Hi,

We have a small XP network on a peer-to-peer basis that is going to
be used as an open access suite. I want to lock down these machines
(such as removing access to the control panel and restricting access
to the C drive) which I thought could be fairly simply done using
the Local Computer Policy via gpedit.msc.

However, I am used to working in a domain environment so being able
to apply different policies to different users or groups. We also
want some users (such as administrators) to be able to log on and
access all features. It seems that if I apply a Local Computer
Policy, I cannot differentiate between users. Is there a way to save
a policy file (one with features turned on, or one with them turned
off) so that they can be simply applied by an administrator, or is
there a better way to do this?
In addition, I can remember vaguely that Microsoft used to provide
example settings of Group Policy for machines in certain situations;
however, I can't remember the link to the pages. Does anyone know
the whereabouts of these examples and if they can be applied out of
a domain controlled environment?
Many Thanks

Chris

Group policy isn't an option if you aren't using AD, and you really
don't want to muck around with a bunch of local policies (it's
maddening and you can all too easily lock your keys in the car, as
it were). You're correct that a local policy applies to all users,
anyway. Check out Windows Steady State for kiosk-type setups, and/or Doug
Knox's Security Console (google for both)



.

Relevant Pages

  • Re: access denied for administrator accounts
    ... or when you try to actually change a policy ... >> in your AD on modifying policies? ... "Group policy error, You ... affecting both normal users and Administrators. ...
    (microsoft.public.windows.terminal_services)
  • Re: How do I get Restricted Groups to be real time?
    ... > Then I changed the Group Policy refresh interval for computers and the ... > Policy refresh interval for domain controllers both to 0. ... > of a hacker-with admin rights. ... over Administrators, Domain Admins, Enterprise Admins is not ...
    (microsoft.public.win2000.security)
  • Re: can built-in user rights be changed?
    ... Domain and any OU group policy applied ... to a machine will override local policy settings. ... > What defines the rights given to a built-in user account, ... > Administrators and Domain Users both log in under the 'Default Domain ...
    (microsoft.public.win2000.security)
  • Re: Disable user shutdown of TS Server (2003)
    ... I added a snap-in for GPO to the MMC, this time for Local Computer Policy ... permissions on applying Group Policy, but when I go to Local Computer Policy ... > MCSE, CCEA, Microsoft MVP - Terminal Server ...
    (microsoft.public.win2000.termserv.apps)
  • Re: Locking down XP machines on a peer to peer network
    ... want some users (such as administrators) to be able to log on and ... It seems that if I apply a Local Computer ... Policy, ... Group policy isn't an option if you aren't using AD, ...
    (microsoft.public.windowsxp.security_admin)