GP editor question

roger · Apr 14, 2006

I think i asked this question, but i don't think ive gotten it fixed yet.

xp pro SP2 installed. Single computer, no domain.
Goal: Prevent any user except one specific administrator from changing any
settings within secpol. Is this possible? if so, how?

Wesley Vogel · Apr 14, 2006

can get you to Administrators, but not one specific Administrator.

How to apply local policies to all users except administrators in a
workgroup setting in Windows 2000
http://support.microsoft.com/?id=293655

HOW TO Apply Local Policies to All Users Except Administrators on Windows
Server 2003 in a Workgroup Setting
http://support.microsoft.com/kb/325351

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

Steven L Umbach · Apr 14, 2006

Only administrators can open and use Local Security Policy. While
realistically you can not restrict a knowledgeable administrator what you
could try is to give users/group deny permissions to the
\Windows\system32\group policy\machine folder and that user or user in the
group will not be able to open Local Security Policy of local Group Policy
unless they figure it out and remove the deny permissions. --- Steve

GP not appling to single client and GP core failure	8	Jul 5, 2006
Restriction Error when launching url from outlook	2	Oct 20, 2004
make domain GP not apply to local computer?	5	May 7, 2006
SimpleFileSharing & Security Tab problems - GP only way to fix?	4	Jul 23, 2006
Will my WinXP SP2 firewall GP affect my Windows 2003 SP1 firewall	1	Oct 25, 2005
Roaming Profiles & Their Local Security Permissions	4	Nov 1, 2005
Possible to enforce LP over GP?	3	Apr 19, 2007
server 2003 gp templates in 2000 domain	4	May 27, 2009

GP editor question

roger

Wesley Vogel

Steven L Umbach

Ask a Question

Similar Threads