Hi,
I've been tasked with setting up a dozen laptops for customers for which
the general user must not be able to get to any windows functions other
than the program that auto-starts. However naturally the administrator
will require greater rights.
As the Win2000 laptops will never be connected to a network and group
policies are applied to all users on a stand-alone computer I have a
problem as I can't restrict the day to day users without also
restricting the administrator.
I've googled the problem and come up with a scheme which relies on
setting a policy and then restricting the access privileges to the group
policy directory for the administrator so that it is not read on start-
up. However the general user (and power user) now ignore the policy in
the directory on boot up even though they can read and write the
directory. OTOH the administrator only ignores it when permissions are
removed.
Before I tried this the user logins were happily reading and abiding by
the rules but now even if I change the policy (from the admin account)
the user account still ignores it (Also tried secedit /refreshpolicy
USER_POLICY to no avail)
Why is this behaving like this and is there anyway I can set a policy
for users but not administrators on a stand-alone machine ?
--
Rob Hayward
|
Similar Threads
