One for the Experts

[Darryle]

Thanks for replying quickly David, and thanks for the
suggestion. Unfortunately that is not an option for me at
this time, for I do not have administrative privileges on
the domain in question. I do not immediately expect those
in power to pass along such control to me either, although
there are future plans that include such measures once the
college more fully adopts Active Directory. In the mean
time, is there anything that I can do to solve this
problem using only local administrative control of the
systems? Again, thank you.

 

[David Jone]

You could note to those in power that when using any AD
domain, admins can delegate the ability to
create/modify/etc policies that affect specific users
and/or computers to a specific account or group, so no
domain admin rights are needed.


What you can do in the meantime is set a NTFS deny ACL on
the %windir%\GroupPolicy directory for any accounts or
groups you do NOT want the local computer policy to
affect - you'll need to reset this ACL any time you want
to modify the policies though.

 

[Darryle]

Thank you David for your expert advice. I will try
implementing the second suggestion immediately, and
mention the first suggestion to those in control as
opportunity presents itself. Again thanks.