Re: Group Policy lock down
- From: "Nepatsfan" <nepatsfan@xxxxxxxxxxx>
- Date: Tue, 6 May 2008 16:40:48 -0400
As I said in my initial response, it's been a while since I've had need to work
with this procedure. And when I did, it only involved two computers and a few
settings so there wasn't that great a need to know how to replicate the
configuration.
I went through my notes on the subject and couldn't find anything that addresses
the issue you raise. That said, I seem to recall hearing that you should be able
to copy the Local Group Policy settings from one computer to another.
I suspect that using a .bat file would somehow involve having to invoke the
gpupdate command to apply the GP settings and the cacls command to configure the
permissions on the folder. Since this is a guess, and probably not a very good
one, you might want to post your question to the microsoft.public.group_policy
newsgroup. Hopefully, someone there will have an answer for you.
Good luck
Nepatsfan
"James" <jbrister@xxxxxxxxxxxx> wrote in message
news:ubDccY6rIHA.4544@xxxxxxxxxxxxxxxxxxxxxxx
Thanks. That looks like what I'm looking for. A follow up question... I
have had success installing apps and moving files with bat files. Is it
possible to "export" the Group Policy and 1) copy it to each laptop and 2)
"automatically" (via the bat file) set the security on the "Group Policy"
folder via a bat file? Thanks again for all of the help.
"Nepatsfan" <nepatsfan@xxxxxxxxxxx> wrote in message
news:%23rkob65rIHA.4260@xxxxxxxxxxxxxxxxxxxxxxx
"James" <jbrister@xxxxxxxxxxxx> wrote in message
news:utXq%23t5rIHA.3780@xxxxxxxxxxxxxxxxxxxxxxx
I have mobile laptops that I need to apply a group policy to. They will
never be on a domain. I have checked the steady state utility and Doug
security console. Neither of them give me the results I'm looking for. I
have also found a MS KB article 293655 which applies to Windows 2000 Pro,
this article discribes what I want to do but, I can't get it to work on
Windows XP Pro SP2. Any ideas?
I haven't tried that procedure in some time but while it's a bit cumbersome
to configure, it does work in XP.
Another approach you can take is to assign the Deny permission to the
Administrators group for the C:\Windows\System32\GroupPolicy folder.
Take a look at these articles for more info.
The Most Frequently Asked Question About Group Policy in a Workgroup
Situation
http://www.theeldergeek.com/gp07.htm
Lockdown by group using Local Computer Policy without Active Directory
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Miscellaneous/LockdownbygroupusingLocalComputerPolicywithoutActiveDirectory.html
It also helps to put shortcuts to gpedit.msc and the C:\WINDOWS\System32
folder on the desktop of the admin account. Also, take note of the tip in the
second article about disabling settings from being enabled immediately.
Good luck
Nepatsfan
.
- References:
- Group Policy lock down
- From: James
- Re: Group Policy lock down
- From: Nepatsfan
- Re: Group Policy lock down
- From: James
- Group Policy lock down
- Prev by Date: RE: synchronizing domain user Local cached credentials with domain
- Next by Date: EFS - Sharing Files
- Previous by thread: Re: Group Policy lock down
- Next by thread: General help with XP, EFS, and Domain
- Index(es):
Relevant Pages
|
