?
Solved

How to apply local group policies on Windows XP without affecting the administrator

Posted on 2008-09-30
14
Medium Priority
?
485 Views
Last Modified: 2008-11-01
How to apply local group policies on Windows XP without affecting the administrator
0
Comment
Question by:robballi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 4
14 Comments
 
LVL 3

Expert Comment

by:Azyre
ID: 22608992
Is this part of a domain? If so you can use OU's and group management to get this done.  Just apply the policy on the user OU and not the Administrator OU.

I don't believe you can exclude groups from the local GPO in a non-domain situation.
0
 

Author Comment

by:robballi
ID: 22609417
No they are stand alone Windows XP Professional PCs
0
 
LVL 3

Expert Comment

by:Azyre
ID: 22609477
You may need to look for a work around to whatever it is you are doing.  There is simply the Local GPO, and to my knowledge there isn't a way of creating multiple local GPO's that are user specific in a workgroup setting.  I may be wrong though and maybe a smarter person than I will jump in and inform you of such.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 15

Expert Comment

by:venom96737
ID: 22610599
What kinds of things are you trying to do?  Are you trying to keep one user from doing certain things like accessing programs or turning things off?  This can be done by logging in as the user and tweaking thier registry settings which I could help you with if your just specify a little more.  
0
 
LVL 15

Accepted Solution

by:
venom96737 earned 1000 total points
ID: 22610617
Oh I just read more than one PC yeah you will have to do it on all pc's but if you are going to do the same stuff the easiest way to get it done is to write a registy batch file that will go in and make the edits once you click on it so all the time will be put into just making that one then click and done for the future.  That is the real downfall of using standalones little harder to control but it can be done just let me know what you need to do.  Just make sure you dont run the file while logged in as admin and you shouldnt have a problem.
0
 

Author Comment

by:robballi
ID: 22610653
thanks venom96737:

Look, let me explain, there isn't  enough funding, so the 20 machines that i have to work with these users don't have a server. So to have a better control on users i made aproximately 150 users on each computer, because they can arrive at different schedules.
As you said i would like to for instance block the control panel through group policies, but unfortunatelly the Administrator gets restricted too.
It is very simple i would like to have a global policies for the 150 users and another policy for the administrator. It seems that with Windows Server one can do that through file permision.

Thanks a lot for your help

Yes, for instance i would like to disable the control panel to
0
 
LVL 15

Expert Comment

by:venom96737
ID: 22611232
you might want to look into something like this:
http://www.tweakxp.com/Article37921.aspx
download found here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D077A52D-93E9-4B02-BD95-9D770CCDB431&displaylang=en#QuickInfoContainer

On a standalone its different on a server you have active directories and all sorts of goodies you could play with ntfs permissions if you like but can get be annoying and time consuming.
0
 

Author Comment

by:robballi
ID: 22611486
thanks venom96737:

I tried a couple of days ago the tool Windows Steady State 2.5 and it crippled terribly a machine. It became terrible slow. Besides it activated the users welcome screen and as you can imagine 150 users it was imposible to browse your correct user.
It is very sad but it seems that it is impossible to control this shared users!!!
0
 
LVL 3

Expert Comment

by:Azyre
ID: 22613612
Well if you just ensure that all of the user accounts aren't in the administrators group then though they may be able to see things like control panel, they won;t be able to do too much with it as they won;t have any rights.  I would lobby for a s SBS personally.  I know funding sucks, but it really should sell its self if you ave over 150 users running across 20+ machines.
0
 
LVL 15

Expert Comment

by:venom96737
ID: 22620876
well robb its not impossible to do as i said create the registry batch file and run it on all accounts but to control it centrally through one edit yes thats impossible.
0
 

Author Comment

by:robballi
ID: 22621452
thanks again venom96737:

Today i tried to realize what you are telling me in the last message (by a reg file double clicking inside the restricted users y also tried through group policies login scripts ). But as the users are restricted users i got errors that the registry was open.
If you could give a concrete example of how to do what you are saying through batch, would be highly appreciated!!
0
 
LVL 3

Assisted Solution

by:Azyre
Azyre earned 1000 total points
ID: 22634042
Write a 2 batch files with all of the registry changes you wish to have accomplished, one that will fire for administrators, and one that will fire for Standerd Users.  

http://www.pctools.com/forum/showthread.php?t=1282 contains a decent walk through on this if you need.

Then go into the GPO editor through MMC and apply the User batch file in the GPO under Local Computer Policy > Computer Config > Windows Settings > Scripts.

You will probably have to fire off the admin changes version manually after you log in as a administrator so that you do not have a conflict with the the 2 batch files both trying to process at log-in.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question