Scenario: An XP Pro workstation computer joined to a Windows 2003 SBS network domain.
Objective: To disable any user at this computer, except for local administrator/domain admins, access to delete browser history.
Hide or denying access to inetcpl.cpl in the Control Panel would suffice.
If this can be done via the local computer GPO, I need help to ensure that it is done properly. In particular,
1) Local administrator / domain admins must not be denied access
2) Presumably local policies will take precedence over group policies?
3) What happens if user uses another browser eg Firefox instead. Does that mean user should also be denied rights to install programs?
4) User should of course be denied access to gpedit.msc as well
There may well be other considerations.
Any suggestions, tips pointers to resources would be gratefully received.