Link to home
Start Free TrialLog in
Avatar of ptpovo
ptpovo

asked on

poledit & microsoft family login

Is it possible to set up user policies on a stand alone machine using poledit and the microsoft family login service.  The user policies seem to be processed through grouppol.dll in the \windows\system directory.  If I create a .pol file with each of the usernames, set restrictions, and save it in the \windows directory, nothing different happens.  The only changes that seem to work with poledit are those which effect the entire machine regardless of the user.
ASKER CERTIFIED SOLUTION
Avatar of smeebud
smeebud

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of smeebud
smeebud

Some other options,
-----------
Restrictions without running Poledit
If you want to make restrictions to what users can do without having to running Poledit,
changes can be made directly to the Registry.
This will allow you to make a REG file with the specific restrictions you want
and importing them all at once.
1.Start Regedit
2.Go to HKEY_Current_User / Software / Microsoft / CurrentVersion / Policies
3.There should already be at least a Explorer
4.Additional keys that can be created under Policies are System, Network and WinOldApp
5.You can then add DWORD values set to 1 in the appropriate keys
6.In the Explorer key you can add:
NoDeletePrinter - Disables Deletion of Printers
NoAddPrinter - Disables Addition of Printers
NoRun - Disables Run Command
NoSetFolders - Removes Folders from Settings on Start Menu
NoSetTaskbar - Removes Taskbar from Settings on Start Menu
NoFind - Removes the Find Command
NoDrives - Hides Drives in My Computers
NoNetHood - Hides the Network Neighborhood
NoDesktop - Hides all items on the Desktop
NoClose - Disables Shutdown
NoSaveSettings - Don't save settings on exit
DisableRegistryTools - Disable Registry Editing Tools - NOTE: Be Careful of this one
7.In the System key you can enter:
NoDispCPL - Disable Display Control Panel
NoDispBackgroundPage - Hide Background Page
NoDispScrSavPage - Hide Screen Saver Page
NoDispAppearancePage - Hide Appearance Page
NoDispSettingsPage - Hide Settings Page
NoSecCPL - Disable Password Control Panel
NoPwdPage - Hide Password Change Page
NoAdminPage - Hide Remote Administration Page
NoProfilePage - Hide User Profiles Page
NoDevMgrPage - Hide Device Manager Page
NoConfigPage - Hide Hardware Profiles Page
NoFileSysPage - Hide File System Button
NoVirtMemPage - Hide Virtual Memory Button
8.In the Network key you can enter:
NoNetSetupSecurityPage - H
NoNetSetup - Disable the Network Control Panel
NoNetSetupIDPage - Hide Identification Page
NoNetSetupSecurityPage - Hide Access Control Page
NoFileSharingControl - Disable File Sharing Controls
NoPrintSharing - Disable Print Sharing Controls
9.In the WinOldApp key you can enter:
Disabled - Disable MS-DOS Prompt
NoRealMode - Disables Single-Mode MS-DOS

Bud
Avatar of ptpovo

ASKER

Thank you very much for such a comprehensive answer.  I applied the information beginning at "Separatist Policies" and it works well.  I do, however have an additional question regarding hidden drives which I will post.  Thanks again...
Oh, just something I had laying around::))

Glad it's working and I could be of help.

Regards,
Bud
Avatar of ptpovo

ASKER

I figured out the hidden drive routine as well so I've deleted my second question.  In Poledit, you have the option of hiding all drives in 'My Computer'. Problem is, the current user's apps can't figure out where to save anything.  I've found Tweak UI in conjuction with Poledit is the solution.  Choose the drives you want hidden (or visible) in Tweak UI then use Poledit to hide the control panel so that your settings can't be (easily) changed.

Thanks again!
Great trick PT.
I'll keep that for my database::))

Thanks
Bud