Restricted user rights localy

fr0x used Ask the Experts™

I know that it is possible, to make policy to user localy without Active Directory. I have one pc which runs Windows 2000 professional.

I would like to create user: 'tontons' and set some rights restrictions to him.

For example,
#1 Remove Run from Start menu
#2 Remove Search from Start menu
#3 Disable application install feature
and other sort of this kind.

I have dig in Help, but, there is not sad (probably, I just could not found) how to set these things for created user.

I can set these things to current user (administrator), but how to make these settings effect only my chosen user, i dont't know.

What have I done. I have logged as as administrator and run --> mmc (Management Console), and Snaped in Local Computer Policy.

So there are all settings, i have to use, but how to make these settings affect only my choosen user i don't know. Don't forget -- i need to set them localy on PC.

Can you help me!

Thanks in advance

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
You can use poledit to set these types of restrictions. Click Start->Run nad type Poledit. You can create entries for each user you want to set restrictiosn on.


to jjmck,

i tried to run "Poledit" , but got an error, that it cannot be found.
Sorry, it comes with W2K Server. If you have access to a server, it can be found in the winnt directory.
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.


I got these files form server 2k. I can create policy file, to my local win 2k professional. But when I log on with user XXX i set restrictions they doesn't affect on this user.

I save this policy to XXX_user.pol but what to do then? Should i put it in folder, or what?

Log in as the user tontons and do exactly what you did in the local computer policy for administrator, log out, and log back in as administrator. Next time Tontons log's in, he will be restricted appropriately.

No need to play with pushing it out remotely if you are only doing this for one user on one machine!



to do exactly what i did in administrator, i cannot do with tontons user, because he has no permission to do these things. Besides, when i do it with administrator these settings affect all users, but i need only 'Tontons'.
Here's exactly what you need to do:

1) Open poledit and choose File->New Policy
2) Click Edit->Add User and browse for the user you want to set restrictions on. This will create a new icon for this user
3) Open the icon and check the boxes beside any settings you want to modify
4) You should open the Default User Icon and make sure that the boxes you checked for the icon you created are white (not grey) for the Default User. This will ensure that the settings are not applied for any other users.
5) Open the Default Computer Icon and expand Network->System Policies Update.
6) Check the box beside Remote update and select an Update mode of Manual. Beside Path for manual update, type c:\ntconfig.pol and click OK
7) Choose File->Save As and browse to the root of your C drive. Type ntconfig and Save
8) Choose File->Open Rigistry
9) Open the Local Computer Icon and expand Network->System Policies Update
10) Check the box beside Remote update and select an Update mode of Manual. Beside Path for manual update, type c:\ntconfig.pol and click OK
11) Choose File->Save
12) Reboot your PC
13) Log on as the user you specified restrictions for
14) Log off, then back on again
15) Your restrictions should appear


Thanks!! This is the right answer.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial