View Full Version : policy settings for stand-alone pc
Richard
January 10th 05, 11:47 PM
I have a stand-alone (i.e. non-domain) pc running xp pro. There are multiple
user accounts most of which are set to "limited". But I want to make further
restrictions on what such accounts can see and/or do. The type of things that
a group policy would normally control if the pc was in a domain. Is there an
easy way to do this?
I looked at local policies but these appear to apply the same settings to
all users, even members of the admins group!
I tried to use a logon script to set the registry settings that a group
policy would normally set but that failed because a "limited" user can't
write to the registry!
I think I can do a "runas" in vb.net (maybe scripting too?) so maybe I could
call my .net application from my login script? But this seams alot of work!
Malke
January 11th 05, 03:26 AM
Richard wrote:
> I have a stand-alone (i.e. non-domain) pc running xp pro. There are
> multiple user accounts most of which are set to "limited". But I want
> to make further restrictions on what such accounts can see and/or do.
> The type of things that a group policy would normally control if the
> pc was in a domain. Is there an easy way to do this?
>
> I looked at local policies but these appear to apply the same settings
> to all users, even members of the admins group!
>
> I tried to use a logon script to set the registry settings that a
> group policy would normally set but that failed because a "limited"
> user can't write to the registry!
>
> I think I can do a "runas" in vb.net (maybe scripting too?) so maybe I
> could call my .net application from my login script? But this seams
> alot of work!
Make new *groups* that have the restrictions you want. Set the
restrictions with Group Policy Editor (Start>Run gpedit.msc [enter]).
Add the users who should belong to that group. Make sure you also add
yourself and the Administrator to the group.
Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
Richard
January 11th 05, 11:35 AM
....but surely this will end up with all users (including my account and the
administrator account) having the same group policy settings. I want members
of different groups to have different settings. Can this be done?
"Malke" wrote:
> Richard wrote:
>
> > I have a stand-alone (i.e. non-domain) pc running xp pro. There are
> > multiple user accounts most of which are set to "limited". But I want
> > to make further restrictions on what such accounts can see and/or do.
> > The type of things that a group policy would normally control if the
> > pc was in a domain. Is there an easy way to do this?
> >
> > I looked at local policies but these appear to apply the same settings
> > to all users, even members of the admins group!
> >
> > I tried to use a logon script to set the registry settings that a
> > group policy would normally set but that failed because a "limited"
> > user can't write to the registry!
> >
> > I think I can do a "runas" in vb.net (maybe scripting too?) so maybe I
> > could call my .net application from my login script? But this seams
> > alot of work!
>
> Make new *groups* that have the restrictions you want. Set the
> restrictions with Group Policy Editor (Start>Run gpedit.msc [enter]).
> Add the users who should belong to that group. Make sure you also add
> yourself and the Administrator to the group.
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
>
pardal51
January 11th 05, 01:19 PM
Richard,
Steve Riley has put this in another post, I think this will solve your
problem...
**************************************************
http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
Steve Riley
**************************************************
"Richard" wrote:
> ...but surely this will end up with all users (including my account and the
> administrator account) having the same group policy settings. I want members
> of different groups to have different settings. Can this be done?
>
> "Malke" wrote:
>
> > Richard wrote:
> >
> > > I have a stand-alone (i.e. non-domain) pc running xp pro. There are
> > > multiple user accounts most of which are set to "limited". But I want
> > > to make further restrictions on what such accounts can see and/or do.
> > > The type of things that a group policy would normally control if the
> > > pc was in a domain. Is there an easy way to do this?
> > >
> > > I looked at local policies but these appear to apply the same settings
> > > to all users, even members of the admins group!
> > >
> > > I tried to use a logon script to set the registry settings that a
> > > group policy would normally set but that failed because a "limited"
> > > user can't write to the registry!
> > >
> > > I think I can do a "runas" in vb.net (maybe scripting too?) so maybe I
> > > could call my .net application from my login script? But this seams
> > > alot of work!
> >
> > Make new *groups* that have the restrictions you want. Set the
> > restrictions with Group Policy Editor (Start>Run gpedit.msc [enter]).
> > Add the users who should belong to that group. Make sure you also add
> > yourself and the Administrator to the group.
> >
> > Malke
> > --
> > MS MVP - Windows Shell/User
> > Elephant Boy Computers
> > www.elephantboycomputers.com
> > "Don't Panic!"
> >
Richard
January 11th 05, 07:31 PM
I've read the article. It looks to describe exactly what I'm trying to do.
Thanks for your help.
"pardal51" wrote:
> Richard,
>
> Steve Riley has put this in another post, I think this will solve your
> problem...
> **************************************************
> http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
>
> Steve Riley
>
> **************************************************
>
>
> "Richard" wrote:
>
> > ...but surely this will end up with all users (including my account and the
> > administrator account) having the same group policy settings. I want members
> > of different groups to have different settings. Can this be done?
> >
> > "Malke" wrote:
> >
> > > Richard wrote:
> > >
> > > > I have a stand-alone (i.e. non-domain) pc running xp pro. There are
> > > > multiple user accounts most of which are set to "limited". But I want
> > > > to make further restrictions on what such accounts can see and/or do.
> > > > The type of things that a group policy would normally control if the
> > > > pc was in a domain. Is there an easy way to do this?
> > > >
> > > > I looked at local policies but these appear to apply the same settings
> > > > to all users, even members of the admins group!
> > > >
> > > > I tried to use a logon script to set the registry settings that a
> > > > group policy would normally set but that failed because a "limited"
> > > > user can't write to the registry!
> > > >
> > > > I think I can do a "runas" in vb.net (maybe scripting too?) so maybe I
> > > > could call my .net application from my login script? But this seams
> > > > alot of work!
> > >
> > > Make new *groups* that have the restrictions you want. Set the
> > > restrictions with Group Policy Editor (Start>Run gpedit.msc [enter]).
> > > Add the users who should belong to that group. Make sure you also add
> > > yourself and the Administrator to the group.
> > >
> > > Malke
> > > --
> > > MS MVP - Windows Shell/User
> > > Elephant Boy Computers
> > > www.elephantboycomputers.com
> > > "Don't Panic!"
> > >
vBulletin® v3.6.4, Copyright ©2000-2024, Jelsoft Enterprises Ltd.