Re: Create New User Group and set permissions\limits
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx>
- Date: Sun, 15 May 2005 21:32:54 -0500
On a stand alone computer Group Policy is not really meant to apply to
different groups like it is in an Active Directory domain environment. There
are a couple of hacks that you could try to exempt a group from Local Group
Policy that normally applies to ALL users on a local computer. For this to
work best you will want to configure Group Policy exactly the way you want
it before you enable the hacks. Also for XP pro you can use Software
Restriction Policies on a computer which are very powerful and by default
local administrators are exempt from SRP. I would make sure that the
"limited accounts" are only regular user accounts. You also should use ntfs
permissions to restrict what folders a non admin user can access on your
computer and what executables they can run. If you have a family member that
refuses to cooperate I would consider barring them from using the computer
and not give them a user account. You should beware that any user with
malicious intentions that has full access to the computer could probably
gain administrator access with a little knowlege. Using encryption with
proper precautions can however prevent any user who does not have the
private keys for decryption from accessing the encrypted files. The links
below may help. --- Steve
http://www.jsifaq.com/sube/tip2400/rh2492.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;308418
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
http://support.microsoft.com/default.aspx?scid=KB;en-us;q300958
"dan" <dm@xxxxxxxxxxx> wrote in message
news:OxqX%23DZWFHA.1404@xxxxxxxxxxxxxxxxxxxxxxx
> Hello, I want to create a New User Group (Visitors) and set very limited
> permissions\limits using Group Policy Editor. This is on a stand alone
> computer running Win XP Pro sp2. I have family members visit and use the
> computer but I do not want them to be able to change setting or install
> programs. I want them to be able use the internet and use Microsoft
> Office. I would create a new user account (family) to add to the new group
> and it would only be in that group. I know how to create the new group and
> the new account. I do not now how to set permissions\limits using the
> Group Policy Editor for a new group. I am a novice at doing any of this. I
> have "use simple file sharing" unchecked. Can this be done for one group
> and then the account could only use the computer for what I am looking
> for, is it something I could do? I have an account and my wife has an
> account on this same computer. There are some very sensitive files on the
> computer which are encrypted with PGP, but I do not want the visitors
> changing and looking all over the computer. We have one family member that
> will look and change settings even after we ask her not to. I would like
> an account in a group that would stop her and not have a big issue. Just
> tell her use this one or none. Thank you for any help or advice.
>
> Dan
>
.
- Follow-Ups:
- References:
- Prev by Date: Re: can you block a web site through Group Policy ?
- Next by Date: Re: XP VPN connection changes to Dial-Up connection after wizard
- Previous by thread: Create New User Group and set permissions\limits
- Next by thread: Re: Create New User Group and set permissions\limits
- Index(es):
Relevant Pages
|
