the best thing to do before you follow the steps below is under the administrator account create 2 shortcuts and place them on your desktop. this will keep you from possibly locking yourself out of the computer (which i have done before). shortcut to gpedit and a shortcut to the group policy folder. once you have done that you should follow these steps.
Apply local policies to all users except administrators
To apply local policies to all users except administrators, follow these steps.
Warning Microsoft strongly recommends that you perform a full backup before you start this procedure.
Open Group Policy Object Editor. To do this, click Start, click Run, type gpedit.msc, and then click OK.
Note If one of the policies that you want to apply is the removal of the Run command, Microsoft recommends that you use the Microsoft Management Console (MMC) to edit the policy and that you then save the results as an icon so that you will not have to use the Run command to complete some of the other steps in this procedure. To do this, follow these steps:
Click Start, click Run, type mmc, and then click OK.
Click Console, and then click Add/Remove Snap-in.
On the Standalone tab, click Add.
In the Add Standalone Snap-in window, click Group Policy, and then click Add.
In the Group Policy Object box, type Local Computer (if it is not already there), and then click Finish.
In the Add Standalone Snap-in window, click Close. In the Add/Remove Snap-in dialog box, click OK.
Click Console, click Save. In the Save in list, click Desktop.
In the File Name box, type a name for the console, and then click Save.
Expand User Configuration, and then expand Administrative Templates.
Click the folder that contains the policy that you want to enable, double-click a policy, and then enable it. For example, if you want to hide the My Network Places icon, click Desktop, double-click Hide My Network Places icon on desktop, click Enabled, click Apply, and then click OK.
Note Make sure that you select the correct policies. Otherwise you may restrict the ability of the administrator to log on to the computer (and complete the necessary steps to configure the computer). Microsoft recommends that you record the changes that you have made.
Close the Group Policy Object Editor or MMC, and then log off.
Log on to the computer as an administrator. You can see in this logon session that the policy changes that you made are applied. By default, the local policies apply to all users, including administrators.
Log off from the computer, and then log on to the computer as one of the non-administrator users of this computer for whom you want these policies to apply. Repeat this step for each user of this computer for whom you want these policies to apply. The policies are implemented for all these users and for the administrator.
Note You must log on as each user of the computer. User accounts that do not log on during this step will not have the policies implemented for that account.
Log on to the computer as an administrator.
Turn on the Show hidden files and folders option. To do so, follow these steps:
Click Start, point to Settings, and then click Control Panel.
Double-click Folder Options, click the View tab, click Show hidden files and folders, and then click OK.
Copy the Registry.pol file that is located in the %Systemroot%\System32\GroupPolicy\User folder to a backup location (for example, to a different hard disk, to a floppy disk, or to a folder).
Open your local policy again by using either the Group Policy Object Editor or your MMC console icon, and then reverse the changes that you made in step 3. For example, to reverse the changes that you made in step 3, double-click Hide My Network Places icon on desktop, click Disabled, click Apply, and then click OK.
Note When you do this, Policy Editor creates a new Registry.pol file.
Close Group Policy Object Editor or MMC, and then copy the backup Registry.pol file that you created in step 9 back to the %Systemroot%\System32\GroupPolicy\User folder.
When you are prompted to replace the existing file, click Yes.
Log off from the computer, and then log on to the computer as an administrator. You can see that the changes that you made in step 3 are not implemented because you have logged on to the computer as an administrator.
Log off from the computer, and then log on to the computer as another user (or other users). You can see that the changes that you made in step 3 are implemented because you have logged on to the computer as a user (not as an administrator).
Log on to the computer as an administrator to verify that the local policy does not affect you as the local administrator of that computer.
