Re: Create New User Group and set permissions\limits
- From: "dan" <dm@xxxxxxxxxxx>
- Date: Mon, 16 May 2005 14:46:43 -0400
Glenn,
I did as you instructed, and when I got to "user rights assignments" the
"log on locally" already had guests there along with "users" "power users"
"administrators" "backup operators" I followed the tree down to the user
rights assignments and double clicked "log on locally and that is what was
there in the window that opened to add or remove groups. I am on a
standalone computer if that has anything to do with it. Thanks
Dan
"Glenn L" <the.only(delete)@gmail dot com> wrote in message
news:%23$1oDBdWFHA.228@xxxxxxxxxxxxxxxxxxxxxxx
> Dan,
>
> Create a new user account.
> Remove it from the 'users' group.
> Add it to the 'guests' group.
> Grant the 'guests' group the 'log on locally' user right. gpedit.msc
> computer configuration\windows settings\security settings\local
> policies\user rights assignments\"log on locally"
>
> That should do it.
> The user will be able to run office apps and IE.
> The user will not be able to access sensitive information, nor make system
> wide changes.
> Be sure and log in as the new user to make sure it works as expected and
> the user does not have access where they shouldn't.
>
> --
> Glenn L
> CCNA, MCSE 2000/2003 + Security
>
> "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx> wrote in message
> news:OvERJ%23bWFHA.796@xxxxxxxxxxxxxxxxxxxxxxx
>> On a stand alone computer Group Policy is not really meant to apply to
>> different groups like it is in an Active Directory domain environment.
>> There are a couple of hacks that you could try to exempt a group from
>> Local Group Policy that normally applies to ALL users on a local
>> computer. For this to work best you will want to configure Group Policy
>> exactly the way you want it before you enable the hacks. Also for XP pro
>> you can use Software Restriction Policies on a computer which are very
>> powerful and by default local administrators are exempt from SRP. I would
>> make sure that the "limited accounts" are only regular user accounts. You
>> also should use ntfs permissions to restrict what folders a non admin
>> user can access on your computer and what executables they can run. If
>> you have a family member that refuses to cooperate I would consider
>> barring them from using the computer and not give them a user account.
>> You should beware that any user with malicious intentions that has full
>> access to the computer could probably gain administrator access with a
>> little knowlege. Using encryption with proper precautions can however
>> prevent any user who does not have the private keys for decryption from
>> accessing the encrypted files. The links below may help. --- Steve
>>
>> http://www.jsifaq.com/sube/tip2400/rh2492.htm
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;308418
>> http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
>> http://support.microsoft.com/default.aspx?scid=KB;en-us;q300958
>>
>> "dan" <dm@xxxxxxxxxxx> wrote in message
>> news:OxqX%23DZWFHA.1404@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hello, I want to create a New User Group (Visitors) and set very limited
>>> permissions\limits using Group Policy Editor. This is on a stand alone
>>> computer running Win XP Pro sp2. I have family members visit and use the
>>> computer but I do not want them to be able to change setting or install
>>> programs. I want them to be able use the internet and use Microsoft
>>> Office. I would create a new user account (family) to add to the new
>>> group and it would only be in that group. I know how to create the new
>>> group and the new account. I do not now how to set permissions\limits
>>> using the Group Policy Editor for a new group. I am a novice at doing
>>> any of this. I have "use simple file sharing" unchecked. Can this be
>>> done for one group and then the account could only use the computer for
>>> what I am looking for, is it something I could do? I have an account and
>>> my wife has an account on this same computer. There are some very
>>> sensitive files on the computer which are encrypted with PGP, but I do
>>> not want the visitors changing and looking all over the computer. We
>>> have one family member that will look and change settings even after we
>>> ask her not to. I would like an account in a group that would stop her
>>> and not have a big issue. Just tell her use this one or none. Thank you
>>> for any help or advice.
>>>
>>> Dan
>>>
>>
>>
>
>
.
- References:
- Create New User Group and set permissions\limits
- From: dan
- Re: Create New User Group and set permissions\limits
- From: Steven L Umbach
- Re: Create New User Group and set permissions\limits
- From: Glenn L
- Create New User Group and set permissions\limits
- Prev by Date: Re: Create New User Group and set permissions\limits
- Next by Date: Re: Create New User Group and set permissions\limits
- Previous by thread: Re: Create New User Group and set permissions\limits
- Next by thread: Re: Create New User Group and set permissions\limits
- Index(es):
Relevant Pages
|
