can-do-chris
asked on
How to disable "default user" local policy
Hi,
I have a problem with an internet cafe that a colleague and I were setting up. We applied local policies to each of the ICafe machines on a profile called "user". Unfortunatley on one of the machines the policy was applied to the "default user" profile instead of the "user" profile. The outcome of this being that I can no longer edit the policies even under the "Administrator" profile.
Does anyone know of a way that I can remove this policy from "default user" so that I can edit policies on the local machine again.
Cheers
Chris.
I have a problem with an internet cafe that a colleague and I were setting up. We applied local policies to each of the ICafe machines on a profile called "user". Unfortunatley on one of the machines the policy was applied to the "default user" profile instead of the "user" profile. The outcome of this being that I can no longer edit the policies even under the "Administrator" profile.
Does anyone know of a way that I can remove this policy from "default user" so that I can edit policies on the local machine again.
Cheers
Chris.
gidds99
Create a
Create a new admin account. Log on using your existing admin account and navigate to c:\winnt\system32\group policy and right click on the group policy folder. Click on the security tab and add the new admin account to the users area at the top. Then change the permissions in the bottom window for the new admin user so that they are all set to "deny".
I had the same problem when setting up an internet cafe.
I had the same problem when setting up an internet cafe.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks alots gidds99 I would never have thought to deny the policy folder!
you've saved my bacon!
you've saved my bacon!
If you are still having the problem of not being able to edit the policies in the original admin account then try what I suggested above - create a shortcut for gpedit on the desktop. Then even if you have no access to the desktop you can access gpedit from windows explorer on the start menu. It took me sometime to get the restrictions for my "user" account correct as I had to keep logging into admin and loosening the policy off so I could make changes in the user account and then log in as admin again to tighten the policy back up. The new admin account allows me to install updates etc without being restricted. I am now considering using ghost so I dont have to re-do the policy if I have to rebuild.
Hope this helps.
Hope this helps.