Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to apply local policy in workgroup ennviron 1

Status
Not open for further replies.
mufaza

mufaza

Technical User
May 23, 2003
34
US
Hi,
Is there a way to apply local policy for users except administrators in windows 2000 Pro workgroup environment?
I have checked thru support.microsoft.com and found this KB article 293655. I am able to follow the article till step 12. Step 13 when i log in as user its back to normal. No restrictions are applied to the user account.

Is there any other way around to apply polices for users only and not for administrators.

Thanks
 
Sort by date Sort by votes
The "Everyone but the Administrator" trick:

You use the security settings of NTFS to remove all permissions of Administrator from the folder c:\winnt\system32\GroupPolicy

Remember as Administrator you need to add yourself back to modify local policies, then remove yourself from the folder again.

This results in local policy applying to everyone except the Administrator.

 
Upvote 0 Downvote
Can you pls elaborate on how to change/remove the NTFS permission for administrator accts. Thanks
 
Upvote 0 Downvote
In Windows Explorer, right click the folder c:\winnt\system32\GroupPolicy and select Properties.

Under the Security tab, either:

. Uncheck all permissions for the Group Administrator
. Uncheck all permissions for the user Administrator
. Or completely remove both groups from the security window
 
Upvote 0 Downvote
It surely works !!!Great...i had gone thru as i said 293655 article from support.microsoft and it didn't do its trick. Anyways the only issue i still face is to block or restrict hard drives from being viewed by clients. I was thinking would a logon script do the needful of blocking the user from usage of c:\ and just use g:\ for saving and downloading files? If so what command would the script contain.
BTW some of the items disabled are still being viewed even when logged as user. Eg: right click on 'My computer'
Thanks Mufaza.
 
Upvote 0 Downvote
There are group policy objects to hide the drives, or use TweakUI.

Be careful, as the NTFS permissions that would prevent the drive from being viewed would also prevent the drive from being accessed to run programs.

There are also Third Party tools that can "hide" folders.
 
Upvote 0 Downvote
using policy editor/registry editor you can remove the "my computer icon", remove the right mouse button menu, remove the start menu "run" option and remove the address bar within windows explorer/internet explorer so they can't type paths there. You can also remove their ability to run "explorer.exe" which would stop them from accessing any folders except through your own shell.

_____________________________________________________________________________________________________________________
There are 10 kinds of people in the world; those who understand binary and those who don't.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question
How to configure Bookmarks in Chrome 2
Replies
4
Views
705
pjw001
pjw001
Andrzejek
  • Locked
  • Question
How to Disable Google Chrome Password Manager 2
Replies
3
Views
995
combo
combo
bobadams52
  • Locked
  • Question
error 12 program swcocx in mas90
Replies
0
Views
513
bobadams52
bobadams52
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
859
pjw001
pjw001
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
2K
Flinx
Flinx

Part and Inventory Search

Sponsor

Back
Top