Editing gpedit.msc for Certain users only

  • Thread starter Thread starter reginalimys
  • Start date Start date
R

reginalimys

Hi all,

I need to configre my Win2k Stnd Server to Remove the Run menu from the
Start Menu. But editing this in gpedit.msc will applies to all user who
login to that server. Does this include adminstrator? And how can I
restrict this just for certain users or a group of users?

Thanks in advance!

Regards,
Regina Lim
 
You have a couiple of options:

1) You could create a separate OU and put the Administrators in that OU. In
that OU create a policy that specifically couteracts the one that you have
created for the rest of the domain. The policy on the OU will overwrite the
policy on the Domain.

2) Create a policy whose only change is to remote the Run Menu. Apply it to
the domain so that you now have two policies - Default Domain Policy and
Remove Menu Policy. Then adust the permissions on the Remove Menu Policy so
that Administrators cannot read/apply it. Then, the policy will not apply to
them.

As a suggestion, I would use the Group Policy Manager (downloaded from
www.microsoft.com/downloads) so that you can test the applied policies and
manage the multiple policies a little easier.

Paul Hinsberg, MCSE
 
Hi all,

Thanks for the reply. Sorry for not being clear.

What I want to achieve is when groupABC (domain group) login to
serverXYZ
(server is on the domain), the RUN option is not available on the Start
Menu.

Any other users or group who login to serverXYZ will be able to see the
RUN option.

But when groupABC login to any other servers on the network, the RUN
option will still be available for them.

Policy is we cannot use local group and this server has to be part of
the domain.

Hope I am clearer this time.

Thank you!

Regards,
Regina Lim
 
Hi all,

Thanks for the reply. Sorry for not being clear.

What I want to achieve is when groupABC (domain group) login to
serverXYZ
(server is on the domain), the RUN option is not available on the
Start Menu.

Any other users or group who login to serverXYZ will be able to see
the RUN option.

But when groupABC login to any other servers on the network, the RUN
option will still be available for them.

Policy is we cannot use local group and this server has to be part of
the domain.
Click to expand...

Create a new OU in ADU&C, then create a a new Group Policy for this OU that
removes the Run from the start menu, then move these users to this OU. The
only deal is, this policy will apply to any machine they login on.
 
Hi Kelvin,

That's the prob. It's only for some machine and not all the servers
they login to.

Maybe the next version of Windows can rectify this :-)

Regards,
Regina Lim
 
Hi Kelvin,

That's the prob. It's only for some machine and not all the servers
they login to.

Maybe the next version of Windows can rectify this :-)

Regards,
Regina Lim
 
Hi

Is it not possible to use security filtering the GPMC to filter the policy to
just one group (groupABC) and then link the policy to the OU wit only
serverXYZ in?

What am I missing?

S

Hi Kelvin,

That's the prob. It's only for some machine and not all the servers
they login to.

Maybe the next version of Windows can rectify this :-)

Regards,
Regina Lim
[quoted text clipped - 40 lines]
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Click to expand...
Click to expand...
 
Back
Top