Hottest Free Downloads - DownloadPipe.com Over 197,000 downloads! Bookmark Now!
DownloadPipe.com - New Downloads Every Minute
 SEARCH:
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

User Profiles?

  
   Windows (Home) -> Configuration Manage RSS
Next:  'Internet Connection' appears when when wireless ..  
Author Message
C.S.Farmer

External


Since: Aug 12, 2004
Posts: 1



(Msg. 1) Posted: Thu Aug 12, 2004 3:12 pm
Post subject: User Profiles?
Archived from groups: microsoft>public>windowsxp>configuration_manage (more info?)
OK, I'm trying to get to grips with the way XP pro and XP home actually work
in respect to
User Profiles. Note this is without the PC being joined to a network and
hence their is no Domain assignment. I've read about the Group Policies in
XP pro and think that I understand that setting a group policy using
gpedit.msc User Configuration\Administrative templates\..... will
effectively set the policy for all User Profiles since there is only one
Local Policy? So if I logon as a user that is a member of the Administrators
group (or the Administrator) how do I set policies for Users that are
members of the User group? can this be done without a network domain?

I'm assuming that if I wanted to setup a system that had several users each
with different policy restrictions I could create accounts for each of the
users and allow them to be Administrators. Logon to each in turn and make
the desired policy settings manually then log back on to my administrators
account and change each of the account types to Limited (user) ??

Is this Correct? Is there any way I can effectively make settings in the
HKEY_CURRENT_USER hive for another user whilst logged on as administrator
without effecting other users or my own administrators account? Presumably
this would mean reading and writing to the uses NTuser.dat file

When you create a user account of the Limited type several registry keys are
protected against writing to! I've been trying to override this built in
functionality by setting permissions on a specific registry key so that the
use is included with full access. It appears to work untill you logon as the
user then the permissions are not available? Can this be done?
I thought that if I logged on as the user then ran regedit under the
Administrators credentials I'd be able to set policies manually for that
user but this doesn't seem to be the case!

Thanks for any info you can give with this
Chris
Back to top
Login to vote
Carrie Garth

External


Since: Aug 13, 2004
Posts: 10



(Msg. 2) Posted: Fri Aug 13, 2004 3:50 pm
Post subject: Re: User Profiles? [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
| "C.S.Farmer" <http://www.microsoft.com/communities/privacy.mspx
| Message news:eXcp6ZHgEHA.3536@TK2MSFTNGP12.phx.gbl...
| OK, I'm trying to get to grips with the way XP pro and XP home
| actually work in respect to User Profiles. Note this is without
| the PC being joined to a network and hence their is no Domain
| assignment. I've read about the Group Policies in XP pro and
| think that I understand that setting a group policy using
| gpedit.msc User Configuration\Administrative templates\.....
| will effectively set the policy for all User Profiles since
| there is only one Local Policy? So if I logon as a user that is
| a member of the Administrators group (or the Administrator) how
| do I set policies for Users that are members of the User group?
| can this be done without a network domain? <SNIP>

For a Windows XP Professional computer in a non-Active Directory
environment (a workgroup and/or stand-alone computer), only one
local Group Policy object exists. As such, every policy set
using the Administrative Templates Node in the Group Policy
console (registry-based policy) will effect every user of the
computer, including the built-in Administrator.

For more information about Group Policies and a Windows XP
Professional stand-alone computer search the Windows XP
Professional Help and Support Center for "Client operating
systems" (with the quotes) and read the "Note" in the Full-text
Search Match by that title.

One way to manage desktops in a non-Active Directory environment
is to use poledit. For some information about poledit see the
following Microsoft Documentation:

Windows XP Professional Product Documentation
Part II Desktop Management | Ch 5 Managing Desktops
Managing Desktops Without Active Directory
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit...-us/prd

Another way, if the volume is formatted using NTFS, is to set
Discretionary Access Control Lists (DACLs) on the Group Policy
object so that specified groups are either affected or not
affected by the settings contained within that Group Policy
object.

Say, for example, that you want to use Group Policies to "Remove
links and access to Windows Update" for members of all groups but
Administrators.

You would:

- Log in as local Administrator

- Run gpedit.msc

- As a precaution so that policies do not get refreshed/applied
in an untimely manner, navigate to the following policy and set
it to 0:

Administrative Templates\System\Group Policy:
Group Policy refresh interval for users

- Navigate to the following policy and set it to Enabled:

Administrative Templates\Start Menu and Taskbar:
Remove links and access to Windows Update

- Close gpedit.msc

- Use Explorer to navigate to:

%SYSTEMROOT%\system32\GroupPolicy\User\Registry.pol

- Right-click this file and then click Properties

- Select the Security tab

- In the Name box select Administrators

- In the Permissions area click the Deny checkbox for Read

For more information about how to "set, view, change, or remove
file and folder permissions" search the Windows XP Help and
Support Center for the phrase in double-quotes (with the quotes)
and read the Full-text Search Match by that title.

To make subsequent changes to the local Group Policy object, you
must give yourself Read access to the Group Policy object, make
the changes, and then remove Read access. Keep in mind if you
fail to remove Read access, log off, then log back on, all
policies are going to apply to you. And depending on the
policies that you have set, this may or may not put you in a very
difficult situation.

I recommended that you record ALL the changes you make on a piece
of paper (and/or in a computer file).

You can find links to peer-to-peer support newsgroups for Group
Policy and Active Directory technologies below.

Management Technologies Newsgroups
Newsgroup: microsoft.public.windows.group_policy
AKA: Windows: Group Policy
http://www.microsoft.com/windowsserver2003/community/newsgroups/manage...t/defau

And here are some links to some documentation about
Registry-Based Group Policy:

Microsoft Windows XP
Resources about Group Policy and related technologies
http://www.microsoft.com/resources/documentation/windows/xp/all/proddo...en-us/g

From the aforementioned page I recommend starting with the
Implementing Registry-Based Group Policy whitepaper.

Group Policy Settings Reference for Windows Server 2003
(PolicySettings.xls)
http://microsoft.com/downloads/details.aspx?FamilyId=7821C32F-DA15-438...E48-459

PolicySettings.xls is a detailed spreadsheet that lists the full
set of Group Policy settings described in Administrative Template
(.adm) files. Fields included in the spreadsheet are: *.adm
File, Computer/User Node, Policy Path, Full Policy Name,
Supported on, Help/Explain Text, Registry Settings. For anyone
interested in Registry-Based Group Policy, I highly recommend
downloading PolicySettings.xls
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Color Profiles - I'm running PhotoShop 6 in Windows XP. My color profiles are in C:\ windows\system32\spool\drivers\color. When I try to organize and rename the profiles (using Windows Explorer) Photoshop doesn't recognize the new names even after restarting Photosho...

User profile - All, I would like to know if there is a way to setup users to have the same basic profile when they first log on. For example, I would like to force all the users to use the classic view instead of the new XP view Thanks

Local User Policy - Hi, I have local admin rights to my XP Pro. Is there a way to customize and restrict local users from accessing control panel or disabling the logoff options? I have tried using Group Policy, (not sure if I did it correctly) apparently, any changes I..

How to clone user settings? - Hello, How can I "clone" users? I mean how is it possible to create a new user with the settings of an existing one to awoid the whole setup work? Thanks, John

Configuring Limited User Accounts. - Hello, I am a XP Home user. I wanted to know if it was possible for me to change the access of certain features of windows xp to limited user such as: removing start button, disabling right-click, hiding my computer icon, etc. I have seen these some....
       Windows (Home) -> Configuration Manage All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum
Categories:
  Windows Forums
 Game Forums
 Linux Forums
 Mac Forums
 PDA Forums
 Mobile Forums
  Top  |  Store  |  RSS Feeds RSS  |  Data Feeds  |  Advertise  |  Submit  |  Bookmark  |  Newsletter  |  Contact