limiting local user accounts server 2003

I have a unique situation where a client wants use use T.S to access his 3 tanning salons however there are no other workstations. So i need to setup a profile for just basic users locally that only allow access to one program that uses SQL as its database. How do i lock down the useres without locking down the administrator acct?

Dan
dream3d_Asked:
Who is Participating?
 
Jay_Jay70Commented:
thats where it gets complex....

the same process is for 2003
http://support.microsoft.com/?id=293655
0
 
MessHallManCommented:
You should be able to set machine policies to lock down to the specific program, and then just do not apply the machine policy to the administrator.
0
 
Jay_Jay70Commented:
Hi dream3d_,

all the users logon to one machine which is the server? is it 2003 OS on each site
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
dream3d_Author Commented:
Hi yes every site has an 03' server and all users login to each machine, several emlpoyees work at all of the locations so i have to have the identical policy on each machine is there a pre canned policy that will lock everything, then i can modify from there?
0
 
Jay_Jay70Commented:
my advice would be to promote each DC to a domain, and then apply group policies, this way you have so much more control of what you allow and what you lock.....

if you need help with that just ask
0
 
dream3d_Author Commented:
I could promote it to a domain but it is a situation where i do not want to do long term support with this client, so if i use the GPO to edit local policys to restrcit the "USER" group how do i ensure that I exclude the admin account in that policy?
0
 
dream3d_Author Commented:
Thanks that did it !!!!!
0
 
Jay_Jay70Commented:
in regards to your email, what isnt working at the moment??
0
 
dream3d_Author Commented:
Hey Jay,

basically when i copy the Registry.pol file back after making all of the changes, so that only the admin count has an un restricted policy it over writes the the others and takes away any policy changes i made to the other users.

Basically puts me back to square one after i do step 11 on the KB Article you gave me.
0
 
Jay_Jay70Commented:
hmm its a procedure that i havent used as i try and avoid local policies, only suggestion i can make is to go through it again and trial it, if it doesnt work we'll reopen the question and get your points back as it wasnt a solution

group policy is such a better option! its shame its not available for you
0
 
dream3d_Author Commented:
ok if i were to try a grooup policy how would i seperate the admin acct
0
 
Jay_Jay70Commented:
are you in a domain environment?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.