Windows 2000 Professional Group Security (Limit Scope)

[Ryan Palkovic]

My objective is this:

Severly and structurally limit access to users on a
standalone PC running windows 2000 professional in a
retail Point of Sale enviroment.


Solution that worked:

Use gpedit.msc to limit various actions within the
operating system.


Reason solution as it is is unusable:

Not only did it restrict access to the user account, it
also restriced access to the administrator account.


Question:
I need to know how to limit the scope of a Group Policy
object within a standalone Windows 2000 Professional
machine. Any help would be greatly appreciated.

 

[Steven L Umbach]

There are two possibilities as described in the links below. Configuring deny
permissions to the \winnt\group policy\user folder for the administrators group
usually works keeping in mind that permissions will have to be changed back to
further modify policy. Another thing that may work is to logon to a non locked down
computer with the logon name/password of an administrator of a locked down machine
and use mmc /Group Policy -another machine snapin to manage Group Policy on the
locked down machine remotely. Be sure to test out possible solutions on a lab
machine. --- Steve

http://www.jsiinc.com/sube/tip2400/rh2492.htm
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q293655&