Local Group Policy settings apply to all user accounts who log on to the computers and who have READ permission to %SystemRoot%\System32\GroupPolicy folder. However, policies are not applied to users who do not have READ permission. Therefore, by denying READ permission to Administrators or other users whom you don’t want to restrict, you free those users from control by group policies.
To use this method, follow the steps:
- Make the Group Policy setting changes that you want.
- In Windows Explorer, right-click the %SystemRoot%\System32\GroupPolicy folder and choose Properties. (GroupPolicy is a hidden folder; if you can’t find it in System32, choose Tools > Folder Options > View > Show Hidden Files and Folders.)
- On the Security tab of the GroupPolicy Properties dialog, select the Administrators group and select DENY check box for READ permission.
Note: After you give DENY access to Administrators and if you want to change or modify the policy setting, you will not be able to run MMC or Group Policy Editor when you log in to the computer as Administrator unless you give back Administrators full rights to the GroupPolicy folder. To give Administrators FULL ACCESS, in Windows Explorer, right-click %SystemRoot%\System32\GroupPolicy folder > choose Properties > choose Security tab > select FULL CONTROL check box.
Recommended Books:
- Group Policy: Fundamentals, Security, and Troubleshooting (Paperback) by Jeremy Moskowitz (Author)
- Windows® Group Policy Administrator's Pocket Consultant (Paperback) by William R. Stanek (Author)
- Group Policy: Management, Troubleshooting, and Security: For Windows Vista , Windows 2003, Windows XP, and Windows 2000 (Mark Minasi Windows Administrator Library) (Paperback) by Jeremy Moskowitz (Author)
Posts
No comments:
Post a Comment