Local Policy

G

Guest

Hello Everyone

I altered the local policy of a computer in the domain. I removed many
things such as "Rub", the "Properties", the Right-click, etc. This is
because the machine is at the reception and many users use it. Users now are
restricted to do anything related to the setup and the system configuration.
However, these changes are also applying to the Local Administrator group and
the Domain Administrator group. The only way I could find is to create a
shortcut of the Group Policy console on the desktop of both the Local or
Domain Admin profile. So if, for example, a user complained about the
Internet, I would login as a Domain Admin, click on the shortcut, disable the
Local Policy, access the properties of the IE and do the rest... Then return
to the Local Policy, enable it and logoff.

My question is how can I exclude the Local and Domain Admin from the
Policies I put into place, i.e. when I log in as either Local or Domain
Admin, I'd find all the facilities and privileges ?

Many thanks

Best
 
V

Vincent Xu [MSFT]

Hi,

Create a new OU and move the computers which is used by domain admin to the
new OU.

Regarding the local admin's priviledge, I'm afraid there is no suche method
if the policy is applied on Computer configuration.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
 
G

Guest

Thanks Vicent

Sorry I failed to understand the meaning of «create a new OU and move the
computers which is used by domain admin to the new OU.»

Regards

Best

=====
 
V

Vincent Xu [MSFT]

Hi Best,

For example, user account A is a memeber of Domain Admins. the guy who uses
account A always log on to a fixed computer X. Then , you can create a new
OU and move X to the new OU. Create new GPO and link to the new OU. In this
GPO, don't apply the settings you concerned.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Group Policy Problems on new xp pro machine w/ SP3 1
Group Policy Question 1
Logon/Logoff scripts not running for domain users 1
Effective Policy 1
Cannot view hidden files and folders, or edit default domain polic 1
password local policy in domain 2
Group Policy Issue/Question 1
ensure domain admin always has admin rights to client ? 1

Top