G
Guest
This is probably basic, but I've spent hours browsing the site and can't find
information at the right level.
I'm trying to set up my lab so that users logging on to the clients via the
university's domain are quite severely restricted (e.g., no Run command,
obviously no regedit). As I understand it, any changes to User Configuration
in Local Computer Policy apply to all users, including Administrators,
whether local or on the domain. But obviously Administrator needs a much less
constrained environment. So as Administrator you can go through mmc and free
up the relevant components (like Regedit, Run). Then you have to remember to
restrict them again. There must be an easier way, but what is it? I have the
vague impression from various documents that you can apply a whole security
profile (=Group Profile?) with administrative templates. What I have in mind
is to run a single file (as Admin) to loosen things up, then another one to
tighten it up again. I'd very much appreciate it if someone could help me,
either by explaining how you can implement one security policy for
Administrator and another for everyone else, or else how you can do what I've
described - have a quick and easy routine for toggling all users between
loose and tight security.
information at the right level.
I'm trying to set up my lab so that users logging on to the clients via the
university's domain are quite severely restricted (e.g., no Run command,
obviously no regedit). As I understand it, any changes to User Configuration
in Local Computer Policy apply to all users, including Administrators,
whether local or on the domain. But obviously Administrator needs a much less
constrained environment. So as Administrator you can go through mmc and free
up the relevant components (like Regedit, Run). Then you have to remember to
restrict them again. There must be an easier way, but what is it? I have the
vague impression from various documents that you can apply a whole security
profile (=Group Profile?) with administrative templates. What I have in mind
is to run a single file (as Admin) to loosen things up, then another one to
tighten it up again. I'd very much appreciate it if someone could help me,
either by explaining how you can implement one security policy for
Administrator and another for everyone else, or else how you can do what I've
described - have a quick and easy routine for toggling all users between
loose and tight security.