group policy?---advanced
Results 1 to 3 of 3

Thread: group policy?---advanced

  1. #1
    Registered User
    Join Date
    Oct 2003
    Posts
    3

    Question group policy?---advanced

    I have a computer running XP pro, and it is part of a workgroup network. I wasnt to know how to edit permissions for certain users, or groups. I want to use the GPEDIT.MSC module, but this applies the settings to all users. For example, i want to disable certain users from shutting down the system, or other users from accessing the control panel. How do i do this, if it can be done? I realize this may be a bit complicated, but i would appreciate it if someone could help me. THANKS!

  2. #2
    Banned TripleRLtd's Avatar
    Join Date
    Aug 2003
    Location
    SW Florida...eye of the storm.
    Posts
    7,251
    Welcome to windrivers !!!

    Recommendation:
    Change every other accont on the PC to limited user:

    PS,
    More details would definitely help.
    Especially since you mention gpedit.msc, it seems like you must know what you are doing.
    So, what are the issues you are REALLY concerned about?
    Do you know the following:


    User Accounts overview

    A user account defines the actions a user can perform in Windows. On a stand-alone computer or a computer that is a member of a workgroup, a user account establishes the privileges assigned to each user. On a computer that is part of a network domain, a user must be a member of at least one group. The permissions and rights granted to a group are assigned to its members.

    User accounts on a computer that is a member of a network domain

    You must be logged on as an administrator or a member of the Administrators group to use User Accounts in Control Panel.

    User Accounts allows you to add users to your computer and to add users to a group. In Windows, permissions and user rights usually are granted to groups. By adding a user to a group, you give the user all the permissions and user rights assigned to that group.

    For instance, a member of the Users group can perform most of the tasks necessary to do his or her job, such as logging on to the computer, creating files and folders, running programs, and saving changes to files. However, only a member of the Administrators group can add users to groups, change user passwords, or modify most system settings.

    User Accounts lets you create or change the password for local user accounts, which is useful when creating a new user account or if a user forgets a password. A local user account is an account created by this computer. If the computer is part of a network, you can add network user accounts to groups on your computer, and those users can use their network passwords to log on. You cannot change the password of a network user.

    Notes



    • You cannot create groups using User Accounts. Use Local Users and Groups for that purpose.
    • In User Accounts, you can place a user in only one group. Usually you can find a group with the combination of permissions needed by any user. If you need to add a user to more than one group, use Local Users and Groups.
    • To improve the security of a password, it should contain at least two of these elements: uppercase letters, lowercase letters, and numbers. The more random the sequence of characters, the more secure the password.
    • If you want to set up other password requirements such as minimum length, expiration time, or uniqueness, open Group Policy and go to Password Policy. For more information about changing password requirements, click Related Topics.
    User Accounts on a computer that is a member of a workgroup or is a stand-alone computer



    There are two types of user accounts available on your computer: computer administrator and limited. The guest account is available for users with no assigned account on the computer.

    Computer administrator account

    The computer administrator account is intended for someone who can make systemwide changes to the computer, install programs, and access all files on the computer. Only a user with computer administrator account has full access to other user accounts on the computer. This user:



    • Can create and delete user accounts on the computer.
    • Can create account passwords for other user accounts on the computer.
    • Can change other people's account names, pictures, passwords, and account types.
    • Cannot change his or her own account type to a limited account type unless there is at least one other user with a computer administrator account type on the computer. This ensures that there is always at least one user with a computer administrator account on the computer.
    Limited account



    The limited account is intended for someone who should be prohibited from changing most computer settings and deleting important files. A user with a limited account:



    • Cannot install software or hardware, but can access programs that have already been installed on the computer.
    • Can change his or her account picture and can also create, change, or delete his or her password.
    • Cannot change his or her account name or account type. A user with a computer administrator account must make these kinds of changes.
    Note





    • Some programs might not work properly for users with limited accounts. If so, change the user's account type to computer administrator, either temporarily or permanently.
    Guest account



    The guest account is intended for use by someone who has no user account on the computer. There is no password for the guest account, so the user can log on quickly to check e-mail or browse the Internet. A user logged on to the guest account:



    • Cannot install software or hardware, but can access programs that have already been installed on the computer.
    • Cannot change the guest account type.
    • Can change the guest account picture.
    Note





    • An account with the name "Administrator" is created during installation. This Administrator account, with computer administrator privileges, uses the administrator password you entered during setup.
    Note





    • User Accounts is located in Control Panel. To open User Accounts, click Start, point to Settings, click Control Panel, and then double-click User Accounts.
    Last edited by TripleRLtd; October 14th, 2003 at 10:50 PM.

  3. #3
    Geezer confus-ed's Avatar
    Join Date
    Jul 1999
    Location
    In front of my PC....
    Posts
    13,087
    To cut a long story short, you create user groups each with its own policy enforcing whatever restriction, you then make each user part of one or more groups where these policy restrictions are in place. (there ! - that was much quicker wasn't it !?! )

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •