View Full Version : Group policy editor and winXP (WXP)
poopsie
07-08-2002, 03:29 PM
I am trying to configure 15 STANDALONE pc's with windows xp, not on a network. XP's group policy editor is such a powerful tool, I'd like to use it to set restrictions to a user account. Unfortunately, any changes I make affect the Administrator account as well. Is there any way to avoid this, besides buying WinGuides Tweak Manager? LOL!
the only other option I have was suggested that I give the user account admin rights, edit the registry with hacks from winguides cool site, and then take those admin rights away. Although this is great, it's a little time consuming. Any way of being able to just use XP's GPE?
thanks
king_ging
07-08-2002, 03:42 PM
i have not used xp policy editor but i expect it to be similar to poledit for nt/2k, and then you can usually create a default (standard) user, an administratror and maybe a teacher profile
dredarc
07-11-2002, 01:24 PM
Fairly easy process to restrict policies from tatooing the local admin account. There are numerous ways but here is the approach I use.
First, get a copy of file manager (Winfile) and have it handy
Create a second admin account in case you mess up (not that it hashappened to me!!))
As you know local policies apply to all users, even the local admin account. To combat this open the local policy editor and set the required policies
Close mmc, open explorer and tranverse to the
c:\winnt\system32\GroupPolicy\User directory.
Directory may be hidden so unhide first
Locate the Registry.pol file (only one), right click and select properties ->security.
Select the DENY option for the administors group and accept the warning.
This is the registry file than is read when users log on. Denying the administrator rights removes the security settings applied to this account.
You will see numerous event log errors to this effect should you care to look.
If you want to change a policy, simply modify the permissions on the file, open the policy, change the settings, and then reapply the deny permission.
Dont' FORGET to reapply the deny permissions are else the entire policy file will tattoo the administrator. There's ways around that too but that's another story.
Hope that helps
Powered by vBulletin™ Version 4.1.0 Copyright © 2012 vBulletin Solutions, Inc. All rights reserved.