(e-mail address removed),
Josh B. said:
I took a look at these sites, and it is great informatin,
but im running into the issue of using an admin account to
make the group changes, then restarting and lokcking down
the admin accounts too. I have a limited account and 2 admin
accounts, the limited is the only account i wanted limited.
I'm having the issue of locking out the limited account and
the admin account i set the policies on.
If you looked at the first site I listed then you saw the
easiest way I know of to prevent some of the local group
policies from being applied to accounts that are members of the
Administrators group. The major shortcoming of that approach is
that it only works for the User Configuration branch of the
Local Computer Policy. If most of the policies you want to see
enforced are in the Computer Configuration branch then you're
going to have to look elsewhere for a solution. The Shared
Computer Toolkit might be do the job.
Another thing to keep in mind is that some policies go into
effect as soon as you enable them. If you use the "Deny read"
procedure, you have to log off and log back on with your
administrator account to not have those policies applied to
that account. That's one of the reasons why I advised placing
shortcuts to gpedit.msc and the C:\WINDOWS\System32 folder. If
you don't, you may find yourself locked out of reversing the
policies.
If you tried the "Deny read" procedure without success, post
back with details of what you tried and the results you got.
Meanwhile, you might want to post your question to the Group
Policy newsgroup.
Discussions in Windows Group Policy
http://www.microsoft.com/communitie...aspx?dg=microsoft.public.windows.group_policy
Good luck
Nepatsfan
