467,169 Members | 986 Online
Bytes | Developer Community
Ask Question

Home New Posts Topics Members FAQ

Post your question to a community of 467,169 developers. It's quick & easy.

WIndows Server 2003-Group Policy Editor

i'm trying to create a 'kiosk' type of workstation, based on a particular login (where the desktop is pretty much locked and the user won't have access to run commands, change taskbar, etc). Now, the OS of this syetsm is WIndows Server 2003.

I'm trying to achieve this using LOCAL Group Policy Editor (i'm not worried abt domain right now). Now, i created an account called "TENANT" and made it a member of groups "user" and "Administrators". After this, i log back in the machine as TENANT. Now, i open up "gpedit.msc", and in the local group policy editor:

Local Computer policy > User Configuration > Administrative Templates > Start menu and taskbar, desktop and Control Panel, i enabled all the necessary group policies. (for example, i enabled "Remove run command from start menu". When i check in the start menu, the 'run command' is gone. Good).

Now, i log back in as myself (member of 'administrators' group). Remove TENANT from "administrators" group (so TENANT is now just a member of group "Users"). Having logged in as myself, now, i go again to Group policy editor, remove all restrictions (now i see the run command back in start menu).

Now, i log myself out and log back in as TENANT hoping that he still has the restrictions. But no. He has no restrictions. (run command is present in the start menu, even tho' i logged in as TENANT).

How to create Local Group policy based on user-login, where one user (or group) is set as administrator and has all privilages and another user (or group) is set as TENANT with almost no privilages?
Dec 27 '07 #1
  • viewed: 8121
1 Reply
I open up mmc (management console). File--> Add/remove snap-in--> Standalone-->Add-->Group policy object editor-->Add

Now i'm in 'Select Group policy object' screen. I click "browse".

According to KB from Microsoft, now i should see 2 tabs, (1)Computers (2) Users. This is so i can attach my group policy object to LOCAL COMPUTER and/or a particular user called TENANT. However, i'm not seeing the 2nd tab called Users. All i'm seeing is one tab called "Computers", with Local computer selected.

Now, ehn i finish the box, the group policy related to Local computer is snaped in to the mmc. So i cannot do different group policies for different users, as any changes to group policies affects the local computer as a whole.

ANy suggestions in regards to the missing "USERS" tab or just how to achive different group policies for different users in the same lcoal computer?

Dec 28 '07 #2

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

6 posts views Thread by Nathan Sokalski | last post: by
2 posts views Thread by Joseph Geretz | last post: by
10 posts views Thread by Mark | last post: by
7 posts views Thread by Cliff Harris | last post: by
7 posts views Thread by lvpaul@gmx.net | last post: by
10 posts views Thread by Ger | last post: by
reply views Thread by Charles Leonard | last post: by
7 posts views Thread by =?Utf-8?B?RWRkaWU=?= | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.