Local GPO's
Hi, I am currently struggling with Local GPO's, and I am not sure if the solution i am looking for exists. I have set up a Windows 7 machine, that will be used in a retail environment. I want to prevent users from using the computer for their own use, maliciously damage the OS setup, or even accidentally reconfiguring settings, so i decided to set up restrictions. Windows 7 allows you to attach a GPO to individual users, which is brilliant, however this still needs some work to become the 100% solution. The IT department managers all store computers from a central point. So we rely heavily on remote access. We use DSL with the VNC protocol to log onto computers and we use Dial-up when the DSL is down. The problem comes in when we need to log out and log back in as administrator, this does not work with our dial-up set up. My idea is then to use the 'run as' to get into the a console session. From here i can load a template in that brings all the settings to 'default'. You would then do what administration you need to on the machine, once you done, you open the console again and load the restricted template back in. Is this at all possible? is any part of it possible? I don't mind doing the Work, just would like some pointers or guidance in the right direction. Even if you have a better idea for me, please let me know. Regards, Stuart
June 29th, 2010 4:55pm

It is impossible. However there is a workaround for you. You can run a scheduled task as administrator even you do not have administrative privilege. 1. Click Start, right click on Computer and choose “Manage”. 2. Click “Task Scheduler” on the left panel. 3. Click “Create Task” on the right panel. 4. Type a name for the task. 5. Check “Run with highest privileges”. 6. Click Actions tab. 7. Click “New…”. 8. Browse to the program in the “Program/script” box. Click OK. 9. On desktop, right click, choose New and click “Shortcut”. 10. In the box type: schtasks.exe /run /tn TaskName where TaskName is the name of task you put in on the basics tab and click next. 11. Type a name for the shortcut and click Finish.Arthur Xie - MSFT
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2010 10:29am

Hi Arthur Thank you Very Much for your Reply. I have come to a make shift Solution myself. Even though it is a bit buggy and i would need to work on it. This is what i did - I first Navigated to c:\windows\system32\GroupPolicyUsers\<Insert User ID Number>\user - You copy the Registry.pol to another directory for safe keeping, I just dumped this into a folder called c:\GPO updating\Default - I then went ahead and started configuring all the GPO settings for the other user in the console - Copy then New Registry.pol to another place, i used c:\GPO updating\Strict - Now you can then create a bat files with the following commands copy "c:\GPO updating\Default\Registry.pol" "c:\windows\system32\GroupPolicyUsers\<Insert User ID Number>\user" gpupdate /force - Make thie bat file available to the ordinary user. When you in the situation, of removing restrictions quickly then implement them quickly you can just "right click> run as" the bat file. You would have two bat files though, one for loading the strict policy in and the default policy. Kind Regards, Stuart
July 7th, 2010 11:35am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics