Re: Group Policy

AD stands for Active Directory, a Windows server infrastructure where a
collection of PCs and servers are controlled from a single point.

As a matter of fact Lanwench, I should have posted this inquiry in Windows
Server group, as I was actually talking about AD environment.
With AD in effect, how to do that? I tried it on a member server's GP but
it did not allow for user groups exclusions. Do I have to do it on the DC
domain policy management console?


"Lanwench [MVP - Exchange]" wrote:

Twayne <nobody@xxxxxxxxxxxxxxxxxxx> wrote:
yba02 <yba02@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Running Windows XP SP2.
Is there a way where I can apply group policy
on some users and
exclude other users, such as administrators?
Example, I need to
restrict access to all hard disks on the
machine on members of the
"users" group, while members of
"administrators" group can still
access those HD's.

Any input is highly appreciated.


Not without AD. In standalone XP & 2k, local
policies are per
machine, not per user. Check out Windows Steady
State or Doug Knox's
XP Security Console (google it) for options.

But it could be done by assigning the users to
user groups, could it not? Some admin, some power
users, etc.? Admins will have access to all, and
others limited as the programmer prefers, right?

What do you mean by "AD"?


AD = Active Directory.

Without AD in use, you can't use policies unless you want them to affect all
users per machine - group membership has nothing to do with it. The word
"group" in "group policy" frequently confuses people :-)