Setting up group policy on win 2000 no domain

  • Thread starter Thread starter rak
  • Start date Start date
R

rak

Please help
(Running win 2000 in workgroup with no domain)

OK for anyone who has followed the steps to

"HOW TO: Apply Local Policies to all Users Except
Administrators on Windows 2000 in a Workgroup Setting"
at this link

http://support.microsoft.com/default.aspx?
scid=http://support.microsoft.com:80/support/kb/articles/Q
293/6/55.ASP&NoWebContent=1

Can some please explain to me what does step 10 mean?
What policy's did i disable does that mean for all the
policy's i don't use i have to set each one to disable
then enable them all in step 10?

Also step 9 says to copy the changed registry but what if
one of the policy's I enable is to block access to the
hardrives? Does it mean I can't do this.

(Also is there any easier way to do this?)

Thanks for anyone who can help.
 
Hi Rak,

RE: "Also is there any easier way to do this?"

If the volume is formatted using NTFS you can set Discretionary Access Control Lists
(DACLs) on the Group Policy object so that specified groups are either affected or
not affected by the settings contained within that Group Policy object.

Say, for example, that you want to use Group Policies to prevent members of all
groups but Administrators from running Network and Dial-up Connections. You would:

-- Log in as local Administrator

-- Run gpedit.msc
- Set to 0 (zero): User Configuration\Administrative Templates\System\Group
Policy: Group Policy refresh interval for users [Note: This is a precaution so that
policies does not get refreshed/applied in an untimely manner].
- Set to Enabled: User Configuration\Administrative Templates\Start Menu and
Taskbar: Remove Network and Dial-up Connections from the Start Menu.

-- Close gpedit.msc.

-- Use Explorer to navigate to: C:\WINNT\system32\GroupPolicy\User\Registry.pol
- Right-click this file and then click Properties
- Select the Security tab
- In the Name box select Administrators
- In the Permissions area click the Deny checkbox for Read

For more information about how "To set, view, change, or remove file and folder
permissions", search Windows 2000 Help for words in double-quotes.

To make subsequent changes to the local Group Policy object, you must give yourself
Read access to ...GroupPolicy\User\Registry.pol, make the changes, and then remove
Read access. Keep in mind if you fail to remove Read access, log off, then log back
on, all policies are going to apply to you. And depending on the policies that you
have set, this may or may not put you in a very difficult situation.

I recommended that you record the changes you make.

--
Carrie Garth, Microsoft MVP for Windows 2000
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- c x g

: "rak" <rakstemp AT hotmail DOT com>
: Wrote in message : Sent: Monday, July 14, 2003 02:55 AM
: Please help
: (Running win 2000 in workgroup with no domain)
:
: OK for anyone who has followed the steps to
:
: "HOW TO: Apply Local Policies to all Users Except
: Administrators on Windows 2000 in a Workgroup Setting"
: at this link
:
: http://support.microsoft.com/default.aspx?
: scid=http://support.microsoft.com:80/support/kb/articles/Q
: 293/6/55.ASP&NoWebContent=1
:
: Can some please explain to me what does step 10 mean?
: What policy's did i disable does that mean for all the
: policy's i don't use i have to set each one to disable
: then enable them all in step 10?
:
: Also step 9 says to copy the changed registry but what if
: one of the policy's I enable is to block access to the
: hardrives? Does it mean I can't do this.
:
: (Also is there any easier way to do this?)
:
: Thanks for anyone who can help.
 
Back
Top