Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Disable GP Editor Access

Status
Not open for further replies.
CondorMan

CondorMan

Technical User
Jan 23, 2005
211
GB
Hello everyone

I have a single laptop with XP Pro SP2. It's connected via a router to the internet. I know that the GP Editor is very powerful and am coming to grips with it. I'd like to disallow users from accessing it - but how? I suppose that I could set permissions for gpedit.msc or delete the file from the laptop but would that stop them having a copy on a USB memory stick and running it from there? Ideally, I'd like to prevent ANY copy of gpedit.msc being run, whether "intrinsic" or "external". Obviously, I need a way for the Administrator to be able to run it via a "backdoor". Are there any registry edits that I could use? I could disable registry editing (although I know that wouldn't stop a third party editor being used) and then apply an "enabling" registry setting via VBS, for instance.

These ideas may sound "off the wall" but I'm looking for advice about how I can achieve what I'd like to do.

Thanks in anticipation.
 
Sort by date Sort by votes
This is why God made limited users.
They cannot make policy changes.
 
Upvote 0 Downvote
Hi CondorMan,
Like bcastner says, only administrators of a machine can run gpedit.msc. Who else accesses your computer? If you have set up additional users in Local Users and groups then just verify that these users are not part of the administrators group.
You can try it yourself, create a new user the log in with that account. Try and run gpedit.msc and you will be denied.
Cheers
O.G
 
Upvote 0 Downvote
Thanks to each of you for the comments. I have the built-in Administrator as well as another account with Admin rights that I use for Admin functions. I also have a series of other accounts with Limited rights. I know just how powerful GP Editor is and I wanted to make it very difficult for anyone to "play" with it. As mentioned, I have a router but also have ZoneAlarm and my AV is fully up to date. In addition, I run several other malware procedures weekly (so I hope that a hacker attack would be repelled) . I don't think I'm too paranoid about security (can anyone be TOO paranoid about this?) but wanted to know if there was a way of locking EVERYONE except the built-in (hidden) Administrator from accessing gpedit.msc.
 
Upvote 0 Downvote
CondorMan,
You do seem a little paranoid IMHO. Absolutely no offence intended by that though.
You seem to have your system locked down quite dramatically, unless you have the next nuclear attack schedule on you laptop, or something as equally as TOP SECRET. :eek:)
I would totally agree with you if you are a lawyer or doctor or want to keep something seriously hidden.
I sit behind a lynksys router and feel safe enough. I do run various spy ware apps on a weekly basis.
From what you have said you seem safe to me.

Administrators can do much more damage to your system than accessing gpedit.msc.
If i were hacking into your system your gpedit is not the first thing i would go for.

Cheers
O.G
 
Upvote 0 Downvote
Thanks O.G - your "diagnosis" of my profession is spot on. I am a medic but don't keep any confidential records etc. on my laptop!!!!

I'm reassured by the comment about my security and acknowledge that you wouldn't hack! I suppose it was also partly an academic exercise to lock down gpedit.msc, except from The Administrator.
 
Upvote 0 Downvote
Thanks CondorMan,
To my knowledge, and I have looked a bit into this, the only way you can access gpedit is by using an admin account. I'm not to sure there is actually a way to simply disable it. I have heard of a few virus's doing this job but I wouldn’t suggest that route.
You could try removing gpedit.msc and gpedit.dll from your machine. This should give minimal side effects (if any) but may make your system unstable. I have tried this and got away with it for a day then replaced them, then realised the gpedit.dll is self propagating.
Cheers
O.G
 
Upvote 0 Downvote
Cool - I had thought about removing the file(s) but that wouldn't necessarily prevent someone having a copy on a USB memory stick and using them from there or copying them to the computer.

Thanks anyway.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Andrzejek
  • Locked
  • Question
How to Disable Google Chrome Password Manager 2
Replies
3
Views
1K
combo
combo
keithinoz
  • Locked
  • Question
add ip address to quick access 2
Replies
4
Views
955
keithinoz
keithinoz
johnherman
  • Locked
  • Question
Cortana - can I disable it? 2
Replies
2
Views
247
goombawaho
goombawaho
lmcate
  • Locked
  • Question
Can't Access a Folder on Windows
Replies
2
Views
280
gbaughma
gbaughma
lmcate
  • Locked
  • Question
1 user lost access to a folder
Replies
3
Views
341
sysfix
sysfix

Part and Inventory Search

Sponsor

Back
Top