• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 487
  • Last Modified:

How to apply local group policies on Windows XP without affecting the administrator

How to apply local group policies on Windows XP without affecting the administrator
0
robballi
Asked:
robballi
  • 4
  • 4
  • 4
2 Solutions
 
AzyreCommented:
Is this part of a domain? If so you can use OU's and group management to get this done.  Just apply the policy on the user OU and not the Administrator OU.

I don't believe you can exclude groups from the local GPO in a non-domain situation.
0
 
robballiAuthor Commented:
No they are stand alone Windows XP Professional PCs
0
 
AzyreCommented:
You may need to look for a work around to whatever it is you are doing.  There is simply the Local GPO, and to my knowledge there isn't a way of creating multiple local GPO's that are user specific in a workgroup setting.  I may be wrong though and maybe a smarter person than I will jump in and inform you of such.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
venom96737Commented:
What kinds of things are you trying to do?  Are you trying to keep one user from doing certain things like accessing programs or turning things off?  This can be done by logging in as the user and tweaking thier registry settings which I could help you with if your just specify a little more.  
0
 
venom96737Commented:
Oh I just read more than one PC yeah you will have to do it on all pc's but if you are going to do the same stuff the easiest way to get it done is to write a registy batch file that will go in and make the edits once you click on it so all the time will be put into just making that one then click and done for the future.  That is the real downfall of using standalones little harder to control but it can be done just let me know what you need to do.  Just make sure you dont run the file while logged in as admin and you shouldnt have a problem.
0
 
robballiAuthor Commented:
thanks venom96737:

Look, let me explain, there isn't  enough funding, so the 20 machines that i have to work with these users don't have a server. So to have a better control on users i made aproximately 150 users on each computer, because they can arrive at different schedules.
As you said i would like to for instance block the control panel through group policies, but unfortunatelly the Administrator gets restricted too.
It is very simple i would like to have a global policies for the 150 users and another policy for the administrator. It seems that with Windows Server one can do that through file permision.

Thanks a lot for your help

Yes, for instance i would like to disable the control panel to
0
 
venom96737Commented:
you might want to look into something like this:
http://www.tweakxp.com/Article37921.aspx
download found here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D077A52D-93E9-4B02-BD95-9D770CCDB431&displaylang=en#QuickInfoContainer

On a standalone its different on a server you have active directories and all sorts of goodies you could play with ntfs permissions if you like but can get be annoying and time consuming.
0
 
robballiAuthor Commented:
thanks venom96737:

I tried a couple of days ago the tool Windows Steady State 2.5 and it crippled terribly a machine. It became terrible slow. Besides it activated the users welcome screen and as you can imagine 150 users it was imposible to browse your correct user.
It is very sad but it seems that it is impossible to control this shared users!!!
0
 
AzyreCommented:
Well if you just ensure that all of the user accounts aren't in the administrators group then though they may be able to see things like control panel, they won;t be able to do too much with it as they won;t have any rights.  I would lobby for a s SBS personally.  I know funding sucks, but it really should sell its self if you ave over 150 users running across 20+ machines.
0
 
venom96737Commented:
well robb its not impossible to do as i said create the registry batch file and run it on all accounts but to control it centrally through one edit yes thats impossible.
0
 
robballiAuthor Commented:
thanks again venom96737:

Today i tried to realize what you are telling me in the last message (by a reg file double clicking inside the restricted users y also tried through group policies login scripts ). But as the users are restricted users i got errors that the registry was open.
If you could give a concrete example of how to do what you are saying through batch, would be highly appreciated!!
0
 
AzyreCommented:
Write a 2 batch files with all of the registry changes you wish to have accomplished, one that will fire for administrators, and one that will fire for Standerd Users.  

http://www.pctools.com/forum/showthread.php?t=1282 contains a decent walk through on this if you need.

Then go into the GPO editor through MMC and apply the User batch file in the GPO under Local Computer Policy > Computer Config > Windows Settings > Scripts.

You will probably have to fire off the admin changes version manually after you log in as a administrator so that you do not have a conflict with the the 2 batch files both trying to process at log-in.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now