Group Policy in non-domain envronment

R

Rob Pelletier

Can I apply policies to individuals (or local groups) on a local
workstation?
I want to restrict certain users from doing certain tasks, but allow
administrators to do anything. I can see how to restrict the ability to
do/see certain things, but can't find out how to apply these restrictions to
indivdiuals or groups.

Can anyone point me to a document that deals with this particualr item?
There is tons of info on Group Policies, but I have yet to find out how to
apply User settings to a user.

Thanks


Rob P
 
R

Rob Pelletier

More clarification...

I have some systems going onto a production line, to run some production
management software. The user needs to login, and possible to restart the
system occasionally, but nothing else. What I want to do is to disallow the
use of the Start Menu, and hide the desktop icons, but this should only be
for the user.
If I log in as myself, I want the ability use anyting I want.

Can this be done? I'm getting a feeling that these Local Policies (this is
a non-domain environment) are applied to the system, regardless of who is
using it...

Thanks.
 
G

Guest

Have u tried going into run and typing controluerpassswords2 this is a very simple command and i think this is what you are looking for!
 
R

Rob Pelletier

Thanks, but I was looking for a way to make specific restrictions in what a
user can see or do, and then apply those restrictions to a specific user or
group. I don't want to limit the system's administrator, just the users.


In spite of what Microsoft would have you believe, the User Configuration
settings in the Group Policy Editor apply to ALL users using the system,
like Computer Configuration settings. This is frustrating.

I'm thinking I'm missing something here: I can't see why Microsoft would
write the policy editor like that!

Thanks for your reply...
 
K

Kent W. England [MVP]

Rob said:
Can I apply policies to individuals (or local groups) on a local
workstation?
Click to expand...

You can use group policy rules, but they should be called "local machine
policies" instead of "group policies" because on a stand-alone
workstation, group policies apply to all accounts, exactly the opposite
of what you would expect or want.

The way around this is to implement a permissions hack which you can
google that will avoid applying group policy to "Administrators" or
bypass group policy and edit the registry keys that group policy uses to
enforce policy. www.winguides.com has an excellent set of pointers to
these policy registry keys.
 
R

Rob Pelletier

Thanks Kent. I'll take a look.

With all the improvements we've seen since the release of WIN2K and XP, this
seems like an area where they've really dropped the ball.


Rob P.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Group Policy 12
Group Policies not restricting consistently 1
Group Policy restrictions 1
Individual User settings with Group Policy 4
Local Group Policy - Restrict Internet Communication not working 1
Group Policy not applying to Workstation 2
can't access CD files or burn to a CD at the workstation as domain user with local guest permissions 2
Local Group Policy Deny Administrator 1

Top