Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Local Policy security settings not taking effect

Status
Not open for further replies.
Tams

Tams

IS-IT--Management
Mar 24, 2003
27
GB
Hi Guys,
I have created a local policy, and I have denied the admin the appropriate permissions (on the GP folder and on the mmc just to be safe) for it not to effect him. However the policy still applies to him. Even when I run the Secedit commands (which go through successfully). Its definitely the security on the policy which is effecting this. As the admin is still able to administer the policy even though he has deny permissions. Any ideas?
 
Sort by date Sort by votes
"Computer Configuration Registry.pol is implemented at the time the system is loaded. User Configuration Registry.pol comes into play when a user logs into the system.

There is nothing you can alter about the Computer Configuration side of Group Policy because it loads when the system boots. There just simply isn't any opportunity to specify breaking it apart into different users or groups. What that means is when you set a policy in the Computer Configuration section of Local Group Policy it's going to apply to the entire computer -- everyone -- that uses the machine. No exceptions.

In the User Configuration section of Local Group Policy we have a bit more latitude since the Registry.pol is 'read' when the user logs into the system, and that delayed 'read' is the key. By altering Read permissions on the Group Policy folder it's possible to divide the User Configuration portion of Local Group Policy into two distinct groups of users;

. Users that are affected by the settings in Local Group Policy User Configuration.
. Users that are not affected by the settings in Local Group Policy User Configuration.

Use the following steps to separate the users or groups into the two categories.

Institute the policies you want for Local Group Policy - User Configuration.

Navigate to C:\Windows\System32\GroupPolicy folder, right click and select Properties.

Click the Security tab on the GroupPolicy Properties dialog box.

Highlight the Group or Username that you want to exclude from being affected by the User Configuration part of Local Group Policy.

In the Permissions section, change the Read permission from Allow to Deny.

Click Allow. Click OK. "

Source:
 
Upvote 0 Downvote
Thank you for your reply!!

This is exactly what I have done and still no joy!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
1K
pjw001
pjw001
VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
2K
guitarzan
guitarzan
Flinx
  • Locked
  • Question
Nero Burning ROM not seeing disk change 2
Replies
3
Views
764
gbaughma
gbaughma
pmonett
  • Locked
  • Question
Cannot install Notes R12 1
Replies
13
Views
812
Rick998
Rick998
David Hamilton
  • Locked
  • Question
Windows Snipping Tool Shortcut not Working
Replies
7
Views
471
David Hamilton
David Hamilton

Part and Inventory Search

Sponsor

Back
Top