abclukeabcluke Member Posts: 52 ■■□□□□□□□□
Hi all, plodding along through 70-210 pressbook, and on the chapter about 'group & local security policies'. Anyways, I was playing around with some of the policies, and decided to disable control panel, run on the start menu etc, ie things users wouldnt need on this machine. When I logged on here as the administrator though, these optitions were disabled for me too.

Any ideas why this is so, and how can I get is so admin has all these privelages but users dont?


  • Options
    mikiemovmikiemov Member Posts: 182
    Sounds like you have applied the GPO to the computer and not the user. When a GPO is applied to a computer as opposed to the user, the GPO is applied to the computer when the workstation is booted up and therfore does not take into account logon names.

    if you have applied the GPO's via Active Directory, I'd remove the GPO on a domain controller, or if they are local...logon as administrator use "administrative tools" and remove them locally.

    Good luck
    A woman drove me to drink, and I didnt have the decency to thank her.
  • Options
    rossonieri#1rossonieri#1 Member Posts: 799 ■■■□□□□□□□
    group policy is not too effective when applied to local machine and the worst is that the administrator group also included in that such policy because you cant find anywhere in the group policy to exclude administrator group on local machine. so if you want to make a group policy object, do it in active directory context, it will give you a much difference between local and domain group policy. or in the simple way, you can just turn to administrative tools->local security policy:) :)
    the More I know, that is more and More I dont know.
Sign In or Register to comment.