Solved

How can I add restrictions to a user account without effecting the administrative account in windows 7

Posted on 2014-09-18
10
387 Views
Last Modified: 2014-10-21
I used to use microsoft steady state but since it doesnt work on windows 7 I have been trying to figure out how to make user policies.

I was playing around with group settings but I cant figure out how to block programs and windows folders in the user group for user accounts so it will not effect the administrator accounts..

Thank you
0
Comment
Question by:avib27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
10 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 40331365
Administrators are generally not subject to user restrictions - local or domain.
0
 
LVL 1

Author Comment

by:avib27
ID: 40331379
where would i find to put on software restrictions/ and not let them alter any windows files for regular users.. I tried under user and administrator template, when I restarted the computer it effected the admin account too
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 40331395
What is it you're trying to accomplish when you say "not let them alter any windows files for regular users"?  A default user shouldn't be able to go around deleting or editing important files to begin with.  Some files have to be editable by the current user (log files, etc).

If this is a pervasive problem, I'd suggest making sure the users don't have administrative privileges, turn on file system auditing, and, when someone messes up their computer, use the audit log to finger the culprit.  Then fire that person.  I all but guarantee no one else will cause you any more problems.
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 40331423
As paulmacd said, unless you've turned the UAC OFF on your Windows 7 workstations, then regular users don't have the rights to alter any operating system files anyway. Your users who shouldn't have this access should be in the local Users group.  The local administrator account is always in the Administrators group which has access to those files although the UAC will by default show a prompt whenever an administrator tries to edit anything in those areas of the file system.
0
 
LVL 55

Accepted Solution

by:
McKnife earned 500 total points
ID: 40331487
Hi

Let me put something straight: UAC does not GUARD anything. ACLs do, not UAC, only tries to modify ACLs trigger UAC. With UAC off, users cannot do more than before, hypercat. In fact, due to compatibility settings (folder virtualization), with UAC on, they can do more.

Then: "Administrators are generally not subject to user restrictions" - incorrect, at least not if you are talking about GPOs. Admins are effected by GPOs as well. But, there are two kinds of them and the less known second kind, MLGPOs are what you need:  http://technet.microsoft.com/en-us/library/cc766291(v=ws.10).aspx is a step by step guide on how to use them. Abstract: just like GPOs but this time, we may set who they are imposed on (like on groups, certain users even or on non-admins!).
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 40331512
You are of course correct, McKnife.  The part of my response referring to the UAC was inaccurate, and I apologize for the misstatement and possibly muddying the waters for the poster.  My only excuse is that raging headache I had gotten from reading the news...
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 40377104
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 40377105
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Windows_7/Q_28521370.html#a40331487 is the solution for sure as what he describes is clearly what MLGPOs are made for.
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question