Solved

How can I add restrictions to a user account without effecting the administrative account in windows 7

Posted on 2014-09-18
10
377 Views
Last Modified: 2014-10-21
I used to use microsoft steady state but since it doesnt work on windows 7 I have been trying to figure out how to make user policies.

I was playing around with group settings but I cant figure out how to block programs and windows folders in the user group for user accounts so it will not effect the administrator accounts..

Thank you
0
Comment
Question by:avib27
  • 2
  • 2
  • 2
  • +2
10 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 40331365
Administrators are generally not subject to user restrictions - local or domain.
0
 
LVL 1

Author Comment

by:avib27
ID: 40331379
where would i find to put on software restrictions/ and not let them alter any windows files for regular users.. I tried under user and administrator template, when I restarted the computer it effected the admin account too
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 40331395
What is it you're trying to accomplish when you say "not let them alter any windows files for regular users"?  A default user shouldn't be able to go around deleting or editing important files to begin with.  Some files have to be editable by the current user (log files, etc).

If this is a pervasive problem, I'd suggest making sure the users don't have administrative privileges, turn on file system auditing, and, when someone messes up their computer, use the audit log to finger the culprit.  Then fire that person.  I all but guarantee no one else will cause you any more problems.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 40331423
As paulmacd said, unless you've turned the UAC OFF on your Windows 7 workstations, then regular users don't have the rights to alter any operating system files anyway. Your users who shouldn't have this access should be in the local Users group.  The local administrator account is always in the Administrators group which has access to those files although the UAC will by default show a prompt whenever an administrator tries to edit anything in those areas of the file system.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
ID: 40331487
Hi

Let me put something straight: UAC does not GUARD anything. ACLs do, not UAC, only tries to modify ACLs trigger UAC. With UAC off, users cannot do more than before, hypercat. In fact, due to compatibility settings (folder virtualization), with UAC on, they can do more.

Then: "Administrators are generally not subject to user restrictions" - incorrect, at least not if you are talking about GPOs. Admins are effected by GPOs as well. But, there are two kinds of them and the less known second kind, MLGPOs are what you need:  http://technet.microsoft.com/en-us/library/cc766291(v=ws.10).aspx is a step by step guide on how to use them. Abstract: just like GPOs but this time, we may set who they are imposed on (like on groups, certain users even or on non-admins!).
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 40331512
You are of course correct, McKnife.  The part of my response referring to the UAC was inaccurate, and I apologize for the misstatement and possibly muddying the waters for the poster.  My only excuse is that raging headache I had gotten from reading the news...
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 40377104
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40377105
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_28521370.html#a40331487 is the solution for sure as what he describes is clearly what MLGPOs are made for.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now