Solved

How to apply local group policies on Windows XP without affecting the administrator

Posted on 2008-09-30
14
481 Views
Last Modified: 2008-11-01
How to apply local group policies on Windows XP without affecting the administrator
0
Comment
Question by:robballi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 4
14 Comments
 
LVL 3

Expert Comment

by:Azyre
ID: 22608992
Is this part of a domain? If so you can use OU's and group management to get this done.  Just apply the policy on the user OU and not the Administrator OU.

I don't believe you can exclude groups from the local GPO in a non-domain situation.
0
 

Author Comment

by:robballi
ID: 22609417
No they are stand alone Windows XP Professional PCs
0
 
LVL 3

Expert Comment

by:Azyre
ID: 22609477
You may need to look for a work around to whatever it is you are doing.  There is simply the Local GPO, and to my knowledge there isn't a way of creating multiple local GPO's that are user specific in a workgroup setting.  I may be wrong though and maybe a smarter person than I will jump in and inform you of such.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 15

Expert Comment

by:venom96737
ID: 22610599
What kinds of things are you trying to do?  Are you trying to keep one user from doing certain things like accessing programs or turning things off?  This can be done by logging in as the user and tweaking thier registry settings which I could help you with if your just specify a little more.  
0
 
LVL 15

Accepted Solution

by:
venom96737 earned 250 total points
ID: 22610617
Oh I just read more than one PC yeah you will have to do it on all pc's but if you are going to do the same stuff the easiest way to get it done is to write a registy batch file that will go in and make the edits once you click on it so all the time will be put into just making that one then click and done for the future.  That is the real downfall of using standalones little harder to control but it can be done just let me know what you need to do.  Just make sure you dont run the file while logged in as admin and you shouldnt have a problem.
0
 

Author Comment

by:robballi
ID: 22610653
thanks venom96737:

Look, let me explain, there isn't  enough funding, so the 20 machines that i have to work with these users don't have a server. So to have a better control on users i made aproximately 150 users on each computer, because they can arrive at different schedules.
As you said i would like to for instance block the control panel through group policies, but unfortunatelly the Administrator gets restricted too.
It is very simple i would like to have a global policies for the 150 users and another policy for the administrator. It seems that with Windows Server one can do that through file permision.

Thanks a lot for your help

Yes, for instance i would like to disable the control panel to
0
 
LVL 15

Expert Comment

by:venom96737
ID: 22611232
you might want to look into something like this:
http://www.tweakxp.com/Article37921.aspx
download found here:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D077A52D-93E9-4B02-BD95-9D770CCDB431&displaylang=en#QuickInfoContainer

On a standalone its different on a server you have active directories and all sorts of goodies you could play with ntfs permissions if you like but can get be annoying and time consuming.
0
 

Author Comment

by:robballi
ID: 22611486
thanks venom96737:

I tried a couple of days ago the tool Windows Steady State 2.5 and it crippled terribly a machine. It became terrible slow. Besides it activated the users welcome screen and as you can imagine 150 users it was imposible to browse your correct user.
It is very sad but it seems that it is impossible to control this shared users!!!
0
 
LVL 3

Expert Comment

by:Azyre
ID: 22613612
Well if you just ensure that all of the user accounts aren't in the administrators group then though they may be able to see things like control panel, they won;t be able to do too much with it as they won;t have any rights.  I would lobby for a s SBS personally.  I know funding sucks, but it really should sell its self if you ave over 150 users running across 20+ machines.
0
 
LVL 15

Expert Comment

by:venom96737
ID: 22620876
well robb its not impossible to do as i said create the registry batch file and run it on all accounts but to control it centrally through one edit yes thats impossible.
0
 

Author Comment

by:robballi
ID: 22621452
thanks again venom96737:

Today i tried to realize what you are telling me in the last message (by a reg file double clicking inside the restricted users y also tried through group policies login scripts ). But as the users are restricted users i got errors that the registry was open.
If you could give a concrete example of how to do what you are saying through batch, would be highly appreciated!!
0
 
LVL 3

Assisted Solution

by:Azyre
Azyre earned 250 total points
ID: 22634042
Write a 2 batch files with all of the registry changes you wish to have accomplished, one that will fire for administrators, and one that will fire for Standerd Users.  

http://www.pctools.com/forum/showthread.php?t=1282 contains a decent walk through on this if you need.

Then go into the GPO editor through MMC and apply the User batch file in the GPO under Local Computer Policy > Computer Config > Windows Settings > Scripts.

You will probably have to fire off the admin changes version manually after you log in as a administrator so that you do not have a conflict with the the 2 batch files both trying to process at log-in.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question