Was wondering if anyone knows of any modifications to the Global Policy editor on XP Pro that can lock down a user.
The user just needs to send/receive email (outlook); create MS word documents; access to the net (through squid proxy) and access to a network folder. Otherwise I want to lock down all other privileges eg. add/remove programs; change system settings and so on.
Group policy editor entries, lock down PC?
Standard user
Giving the user "standard user" privileges should restrict most of the stuff you're asking?
Preferably, you wouldn't want to use the local Group Policy on a PC, since this would change settings for all users on that PC.
Preferably, you wouldn't want to use the local Group Policy on a PC, since this would change settings for all users on that PC.
Be Silly. Be Honest. Be Kind. | Ralph Waldo Emerson
That is true. But using the local Group Policy is not recommended due to the effect that it has. If Global Group Policy is used, then there is still the option of changing the policy from the domain controller and if a local admin logs onto the local machine then the policy doesn't have an effect.
The difference with editing the local Group Policy is that the changes affect the entire machine, including the local admin user. 8O
The difference with editing the local Group Policy is that the changes affect the entire machine, including the local admin user. 8O
Be Silly. Be Honest. Be Kind. | Ralph Waldo Emerson
Thanks for all the help, but what do you propose I do? Is there another option?Tel wrote:That is true. But using the local Group Policy is not recommended due to the effect that it has. If Global Group Policy is used, then there is still the option of changing the policy from the domain controller and if a local admin logs onto the local machine then the policy doesn't have an effect.
The difference with editing the local Group Policy is that the changes affect the entire machine, including the local admin user. 8O
Which is scary...Tel wrote:The difference with editing the local Group Policy is that the changes affect the entire machine, including the local admin user. 8O
Gromit, the way Group Policys were meant to work was through a domain environment. If you have a domain what you are wanting to do is a cinch.
Do what Tel said or
hack the registry so only specific applications can run.
http://www.winguides.com/registry/display.php/113/
Just be careful
Note: If you are the person who applies Group Policy, do not apply this restriction to yourself. If applied too broadly, this policy can prevent administrators from running Group Policy or the registry editors. As a result, once applied, you cannot change this policy except by reinstalling Windows.
hack the registry so only specific applications can run.
http://www.winguides.com/registry/display.php/113/
Just be careful
Note: If you are the person who applies Group Policy, do not apply this restriction to yourself. If applied too broadly, this policy can prevent administrators from running Group Policy or the registry editors. As a result, once applied, you cannot change this policy except by reinstalling Windows.