itechsolutions3
asked on
How to Access Restricted User Policy
Hi -
I am restructuring the Group Polices that are currently in place but I want to make sure any polices that I add do not add to much work to the help desk.
When disabling the user ability to go into internet settings how would a help desk person be able to make the changes.
For Example User A is the restricted User and User B is the Help Desk Admin. User A calls with an Internet Issue, one of the first things we would do is clear Cache or reset settings, If a GPO prevents User A from making the change how would User B make the change. If User B logs in and makes any changes it is user specific, I believe the Run As would make the Changes only on User B and not User A.
I think I worded this right. If not please let me know.
I am restructuring the Group Polices that are currently in place but I want to make sure any polices that I add do not add to much work to the help desk.
When disabling the user ability to go into internet settings how would a help desk person be able to make the changes.
For Example User A is the restricted User and User B is the Help Desk Admin. User A calls with an Internet Issue, one of the first things we would do is clear Cache or reset settings, If a GPO prevents User A from making the change how would User B make the change. If User B logs in and makes any changes it is user specific, I believe the Run As would make the Changes only on User B and not User A.
I think I worded this right. If not please let me know.
You can make the Internet settings per computer as opposed to per User. This would allow the administrator to log in and change any settings and it would stick witht he user regardless of profile.
ASKER
If we deleted the Cache under administrator it would not delete the Cache under the other users I though. Same with Settings on the advanced tab. Also when you say Administrator is that any Domain Admins?
No that's a fair point. No local admins would be able to change settings ok. I would look at letting the user have access to clear cache. Not sure if GPO would be that granular though. Will have a look.
I would create a batch file that the user could run that would delete the cache and cookies. Make the batch read only to the restricted users and have the batch run with elevated privledges.
Couldn't the technician just manually delete the cookies and temporary internet files under %currentuserprofile%\Cooki es and %currentuserprofile%\Local Settings\Temporary Internet Files, if need be?
ASKER
That would be the best way to do it I believe is to just manually delete them, but that was one case one policy, I was trying to find a solution that would work with any policy, say a help desk person needs a policy taken off while working under that user account to troubleshoot , but I think the only way would be to take that user out the GPO at the time of troubleshooting then add them back once we fix the issue. I was just hoping for a better way to do it.
Thanks for the input.
Thanks for the input.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.