G
Guest
Can anybody point me at some useful docs about using group policy on a
standalone XP System.
Currently I cant see the wood for the forest ( AD pun intended )
I do not want to be told how wonderful and flexible it is when used with
Windows Server 2003 and Active Directory or confused by such information. I
know AD is great, but I dont have WS 2003 in my current situation. Everything
in the mmc help appears to be biased towards AD and basically says local
policy will be trashed by AD Group policy ( so I wont bother explaining it in
any detail at all ).
I want to understand how "Local Computer Policy" works without AD, what to
use it for and what it can and cannot do for me.
I would also like to understand how "Resultant Set of Policy", "Security
Configuration and Analysis" and "Security Templates" all fit together with
Local computer policy, or are they just tools for the grown-ups who have a
WS2003 and AD on the other end of the wire. Can local Policy understand all
the entries in a security template that I setup or only a subset?
What are you trying to do, I hear you cry!:
Ok, I want to set up a security template(s) for my machine, that I can
maintain as a central repository of changes, instead of making little changes
here and there to File security, Registry entries and who can do what based
on userid etc etc.
The reason is of course that every time I have to rebuild my OS it takes me
ages to set the system up as it was before rebuild, because I always forget
to log some change or other that I have made to fix something.
This turned into a bit of a rant, sorry for that. But my need is still a
real one.
Chris
PS
I found that Local Computer Policy cannot be USER specific without AD so
while I was kicking the furniture it occured to be that if I setup a Security
Configuration and Analysis database specific to each of my userids could I
write a login script to test the "USERNAME" env variable and based on that
run "secedit /configure" using the username specific database?
Is this a stupid idea or not?
It seems easier than setting up a configuration and then loging on with each
userid that it applies to inorder to get the entries to apply to that user
specifically?
Love to hear informed comment on this !
TIA
standalone XP System.
Currently I cant see the wood for the forest ( AD pun intended )
I do not want to be told how wonderful and flexible it is when used with
Windows Server 2003 and Active Directory or confused by such information. I
know AD is great, but I dont have WS 2003 in my current situation. Everything
in the mmc help appears to be biased towards AD and basically says local
policy will be trashed by AD Group policy ( so I wont bother explaining it in
any detail at all ).
I want to understand how "Local Computer Policy" works without AD, what to
use it for and what it can and cannot do for me.
I would also like to understand how "Resultant Set of Policy", "Security
Configuration and Analysis" and "Security Templates" all fit together with
Local computer policy, or are they just tools for the grown-ups who have a
WS2003 and AD on the other end of the wire. Can local Policy understand all
the entries in a security template that I setup or only a subset?
What are you trying to do, I hear you cry!:
Ok, I want to set up a security template(s) for my machine, that I can
maintain as a central repository of changes, instead of making little changes
here and there to File security, Registry entries and who can do what based
on userid etc etc.
The reason is of course that every time I have to rebuild my OS it takes me
ages to set the system up as it was before rebuild, because I always forget
to log some change or other that I have made to fix something.
This turned into a bit of a rant, sorry for that. But my need is still a
real one.
Chris
PS
I found that Local Computer Policy cannot be USER specific without AD so
while I was kicking the furniture it occured to be that if I setup a Security
Configuration and Analysis database specific to each of my userids could I
write a login script to test the "USERNAME" env variable and based on that
run "secedit /configure" using the username specific database?
Is this a stupid idea or not?
It seems easier than setting up a configuration and then loging on with each
userid that it applies to inorder to get the entries to apply to that user
specifically?
Love to hear informed comment on this !
TIA