Sign in with
Sign up | Sign in
Your question

Question about Group Policies in XP.

Last response: in Windows XP
Share
February 10, 2005 4:27:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I'm not an expert with group policies but would like to use it more. I'm
trying to set up five machines with a local group policy but have screwed up
two machines already by not being able to get gpedit.msc because I set the
sample user configuration policy up has the user account (user account has
administrator rights) but in doing so the policies also affected the
administrator account so I'm on my third machine. I accidentally set both
local computer and user policies (didn't know I just had to use user
configuration) Does anyone have links to any proper information or
instruction on how to group policy? We're tired of using Fortres desktop
security.
Anonymous
February 10, 2005 7:40:38 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

You might want to take a look here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;293655

Here's another tool you might want to consider:

http://www.dougknox.com/xp/utils/xp_securityconsole.htm

--
Nepatsfan
"Mike" <Mike@discussions.microsoft.com> wrote in message
news:CB797599-CA2B-4798-9A15-F0045CEC66D7@microsoft.com...
> I'm not an expert with group policies but would like to use it
> more. I'm
> trying to set up five machines with a local group policy but
> have screwed up
> two machines already by not being able to get gpedit.msc
> because I set the
> sample user configuration policy up has the user account (user
> account has
> administrator rights) but in doing so the policies also
> affected the
> administrator account so I'm on my third machine. I
> accidentally set both
> local computer and user policies (didn't know I just had to use
> user
> configuration) Does anyone have links to any proper information
> or
> instruction on how to group policy? We're tired of using
> Fortres desktop
> security.
February 10, 2005 7:40:39 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks for your help.

"Nepatsfan" wrote:

> You might want to take a look here:
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
>
> Here's another tool you might want to consider:
>
> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>
> --
> Nepatsfan
> "Mike" <Mike@discussions.microsoft.com> wrote in message
> news:CB797599-CA2B-4798-9A15-F0045CEC66D7@microsoft.com...
> > I'm not an expert with group policies but would like to use it
> > more. I'm
> > trying to set up five machines with a local group policy but
> > have screwed up
> > two machines already by not being able to get gpedit.msc
> > because I set the
> > sample user configuration policy up has the user account (user
> > account has
> > administrator rights) but in doing so the policies also
> > affected the
> > administrator account so I'm on my third machine. I
> > accidentally set both
> > local computer and user policies (didn't know I just had to use
> > user
> > configuration) Does anyone have links to any proper information
> > or
> > instruction on how to group policy? We're tired of using
> > Fortres desktop
> > security.
>
>
>
Related resources
February 10, 2005 7:40:39 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

One thing that really screwed me up was setting the c: drive to be hidden and
taking the Run command off the start menu. I'd like to include these
policies under the user account but if I have to set these policies up
logged in has administrator I won't be able to get back to the c: drive or
c:\windows\system32\gpedit.msc. How can I do this so I can set these
policies? Should I give the user account administrator rights then set the
policies then take the admin right away and login again has the user account?
That's what screwed me up initially.

"Nepatsfan" wrote:

> You might want to take a look here:
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
>
> Here's another tool you might want to consider:
>
> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>
> --
> Nepatsfan
> "Mike" <Mike@discussions.microsoft.com> wrote in message
> news:CB797599-CA2B-4798-9A15-F0045CEC66D7@microsoft.com...
> > I'm not an expert with group policies but would like to use it
> > more. I'm
> > trying to set up five machines with a local group policy but
> > have screwed up
> > two machines already by not being able to get gpedit.msc
> > because I set the
> > sample user configuration policy up has the user account (user
> > account has
> > administrator rights) but in doing so the policies also
> > affected the
> > administrator account so I'm on my third machine. I
> > accidentally set both
> > local computer and user policies (didn't know I just had to use
> > user
> > configuration) Does anyone have links to any proper information
> > or
> > instruction on how to group policy? We're tired of using
> > Fortres desktop
> > security.
>
>
>
Anonymous
February 10, 2005 10:24:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

What exactly do you mean by "setting the c: drive to be hidden"?
How did you go about hiding it? You can remove the Run command
from the start menu easily enough but restricting access to a
drive could (as you've already seen) have unintended
consequences. Have you considered using NTFS permissions to
restrict user access?

--
Nepatsfan
"Mike" <Mike@discussions.microsoft.com> wrote in message
news:4F2FF69E-176C-4DDB-8539-696110396F75@microsoft.com...
> One thing that really screwed me up was setting the c: drive to
> be hidden and
> taking the Run command off the start menu. I'd like to include
> these
> policies under the user account but if I have to set these
> policies up
> logged in has administrator I won't be able to get back to the
> c: drive or
> c:\windows\system32\gpedit.msc. How can I do this so I can set
> these
> policies? Should I give the user account administrator rights
> then set the
> policies then take the admin right away and login again has the
> user account?
> That's what screwed me up initially.
>
> "Nepatsfan" wrote:
>
>> You might want to take a look here:
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
>>
>> Here's another tool you might want to consider:
>>
>> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>>
>> --
>> Nepatsfan
>> "Mike" <Mike@discussions.microsoft.com> wrote in message
>> news:CB797599-CA2B-4798-9A15-F0045CEC66D7@microsoft.com...
>> > I'm not an expert with group policies but would like to use
>> > it
>> > more. I'm
>> > trying to set up five machines with a local group policy but
>> > have screwed up
>> > two machines already by not being able to get gpedit.msc
>> > because I set the
>> > sample user configuration policy up has the user account
>> > (user
>> > account has
>> > administrator rights) but in doing so the policies also
>> > affected the
>> > administrator account so I'm on my third machine. I
>> > accidentally set both
>> > local computer and user policies (didn't know I just had to
>> > use
>> > user
>> > configuration) Does anyone have links to any proper
>> > information
>> > or
>> > instruction on how to group policy? We're tired of using
>> > Fortres desktop
>> > security.
>>
>>
>>
February 10, 2005 10:24:05 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

There is an option under both Computer configuration and User configuration
(I don't remember the exact path) but you can hide the c: drive (make it
invisible) or restrict access to it. I haven't considered NTFS permissions
cause I don't know enough about it but I have converted the drives to NTFS.

"Nepatsfan" wrote:

> What exactly do you mean by "setting the c: drive to be hidden"?
> How did you go about hiding it? You can remove the Run command
> from the start menu easily enough but restricting access to a
> drive could (as you've already seen) have unintended
> consequences. Have you considered using NTFS permissions to
> restrict user access?
>
> --
> Nepatsfan
> "Mike" <Mike@discussions.microsoft.com> wrote in message
> news:4F2FF69E-176C-4DDB-8539-696110396F75@microsoft.com...
> > One thing that really screwed me up was setting the c: drive to
> > be hidden and
> > taking the Run command off the start menu. I'd like to include
> > these
> > policies under the user account but if I have to set these
> > policies up
> > logged in has administrator I won't be able to get back to the
> > c: drive or
> > c:\windows\system32\gpedit.msc. How can I do this so I can set
> > these
> > policies? Should I give the user account administrator rights
> > then set the
> > policies then take the admin right away and login again has the
> > user account?
> > That's what screwed me up initially.
> >
> > "Nepatsfan" wrote:
> >
> >> You might want to take a look here:
> >>
> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
> >>
> >> Here's another tool you might want to consider:
> >>
> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
> >>
> >> --
> >> Nepatsfan
> >> "Mike" <Mike@discussions.microsoft.com> wrote in message
> >> news:CB797599-CA2B-4798-9A15-F0045CEC66D7@microsoft.com...
> >> > I'm not an expert with group policies but would like to use
> >> > it
> >> > more. I'm
> >> > trying to set up five machines with a local group policy but
> >> > have screwed up
> >> > two machines already by not being able to get gpedit.msc
> >> > because I set the
> >> > sample user configuration policy up has the user account
> >> > (user
> >> > account has
> >> > administrator rights) but in doing so the policies also
> >> > affected the
> >> > administrator account so I'm on my third machine. I
> >> > accidentally set both
> >> > local computer and user policies (didn't know I just had to
> >> > use
> >> > user
> >> > configuration) Does anyone have links to any proper
> >> > information
> >> > or
> >> > instruction on how to group policy? We're tired of using
> >> > Fortres desktop
> >> > security.
> >>
> >>
> >>
>
>
>
Anonymous
February 10, 2005 10:24:06 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Start | Run | Type: gpedit.msc | OK |

Navigate to >>
User Configuration \ Administrative Templates \ Start Menu and Taskbar
Remove Run menu from Start Menu

[[Removes the Run command from the Start menu and removes the New Task (Run)
command from Task Manager. Also, users with extended keyboards can no longer
display the Run dialog box by pressing the Application key (the key with the
Windows logo)+ R.]]

HKCU\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer
NoRun
-----

User Configuration\Administrative Templates\Windows Components\
Windows Explorer\
Hide these specified drives in My Computer

[[Removes the icons representing selected drives from My Computer and
Windows Explorer. Also, the drive letters representing the selected drives
do not appear in the standard Open dialog box.

This policy removes the drive icons. Users can still gain access to drive
contents by using other methods, such as by typing the path to a directory
on the drive in the Map Network Drive dialog box, in the Run dialog box, or
in a command window.]]

HKCU\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer
NoDrives
-----

User Configuration\Administrative Templates\Windows Components\
Windows Explorer\
Prevent access to drives from My Computer

[[Prevents users from using My Computer to gain access to the content of
selected drives.

If you enable this policy, users cannot view the contents of the selected
drives in My Computer and Windows Explorer. Also, they cannot use the Run
dialog box, the Map Network Drive dialog box, or the Dir command to view the
directories on these drives.

The icons representing the specified drives still appear in My Computer, but
if users double-click the icons, a message appears explaining that a policy
prevents the action.]]

HKCU\Software\Microsoft\Windows\
CurrentVersion\Policies\Explorer
NoViewOnDrive

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:323002FF-53D8-41EA-B0B4-DF659A59907A@microsoft.com,
Mike <Mike@discussions.microsoft.com> hunted and pecked:
> There is an option under both Computer configuration and User
> configuration (I don't remember the exact path) but you can hide the
> c: drive (make it invisible) or restrict access to it. I haven't
> considered NTFS permissions cause I don't know enough about it but I
> have converted the drives to NTFS.
>
> "Nepatsfan" wrote:
>
>> What exactly do you mean by "setting the c: drive to be hidden"?
>> How did you go about hiding it? You can remove the Run command
>> from the start menu easily enough but restricting access to a
>> drive could (as you've already seen) have unintended
>> consequences. Have you considered using NTFS permissions to
>> restrict user access?
>>
>> --
>> Nepatsfan
>> "Mike" <Mike@discussions.microsoft.com> wrote in message
>> news:4F2FF69E-176C-4DDB-8539-696110396F75@microsoft.com...
>>> One thing that really screwed me up was setting the c: drive to
>>> be hidden and
>>> taking the Run command off the start menu. I'd like to include
>>> these
>>> policies under the user account but if I have to set these
>>> policies up
>>> logged in has administrator I won't be able to get back to the
>>> c: drive or
>>> c:\windows\system32\gpedit.msc. How can I do this so I can set
>>> these
>>> policies? Should I give the user account administrator rights
>>> then set the
>>> policies then take the admin right away and login again has the
>>> user account?
>>> That's what screwed me up initially.
>>>
>>> "Nepatsfan" wrote:
>>>
>>>> You might want to take a look here:
>>>>
>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
>>>>
>>>> Here's another tool you might want to consider:
>>>>
>>>> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>>>>
>>>> --
>>>> Nepatsfan
>>>> "Mike" <Mike@discussions.microsoft.com> wrote in message
>>>> news:CB797599-CA2B-4798-9A15-F0045CEC66D7@microsoft.com...
>>>>> I'm not an expert with group policies but would like to use
>>>>> it
>>>>> more. I'm
>>>>> trying to set up five machines with a local group policy but
>>>>> have screwed up
>>>>> two machines already by not being able to get gpedit.msc
>>>>> because I set the
>>>>> sample user configuration policy up has the user account
>>>>> (user
>>>>> account has
>>>>> administrator rights) but in doing so the policies also
>>>>> affected the
>>>>> administrator account so I'm on my third machine. I
>>>>> accidentally set both
>>>>> local computer and user policies (didn't know I just had to
>>>>> use
>>>>> user
>>>>> configuration) Does anyone have links to any proper
>>>>> information
>>>>> or
>>>>> instruction on how to group policy? We're tired of using
>>>>> Fortres desktop
>>>>> security.
February 10, 2005 10:24:07 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I know about these already. Thanks anyway. Thanks for all your help.

"Wesley Vogel" wrote:

> Start | Run | Type: gpedit.msc | OK |
>
> Navigate to >>
> User Configuration \ Administrative Templates \ Start Menu and Taskbar
> Remove Run menu from Start Menu
>
> [[Removes the Run command from the Start menu and removes the New Task (Run)
> command from Task Manager. Also, users with extended keyboards can no longer
> display the Run dialog box by pressing the Application key (the key with the
> Windows logo)+ R.]]
>
> HKCU\Software\Microsoft\Windows\
> CurrentVersion\Policies\Explorer
> NoRun
> -----
>
> User Configuration\Administrative Templates\Windows Components\
> Windows Explorer\
> Hide these specified drives in My Computer
>
> [[Removes the icons representing selected drives from My Computer and
> Windows Explorer. Also, the drive letters representing the selected drives
> do not appear in the standard Open dialog box.
>
> This policy removes the drive icons. Users can still gain access to drive
> contents by using other methods, such as by typing the path to a directory
> on the drive in the Map Network Drive dialog box, in the Run dialog box, or
> in a command window.]]
>
> HKCU\Software\Microsoft\Windows\
> CurrentVersion\Policies\Explorer
> NoDrives
> -----
>
> User Configuration\Administrative Templates\Windows Components\
> Windows Explorer\
> Prevent access to drives from My Computer
>
> [[Prevents users from using My Computer to gain access to the content of
> selected drives.
>
> If you enable this policy, users cannot view the contents of the selected
> drives in My Computer and Windows Explorer. Also, they cannot use the Run
> dialog box, the Map Network Drive dialog box, or the Dir command to view the
> directories on these drives.
>
> The icons representing the specified drives still appear in My Computer, but
> if users double-click the icons, a message appears explaining that a policy
> prevents the action.]]
>
> HKCU\Software\Microsoft\Windows\
> CurrentVersion\Policies\Explorer
> NoViewOnDrive
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:323002FF-53D8-41EA-B0B4-DF659A59907A@microsoft.com,
> Mike <Mike@discussions.microsoft.com> hunted and pecked:
> > There is an option under both Computer configuration and User
> > configuration (I don't remember the exact path) but you can hide the
> > c: drive (make it invisible) or restrict access to it. I haven't
> > considered NTFS permissions cause I don't know enough about it but I
> > have converted the drives to NTFS.
> >
> > "Nepatsfan" wrote:
> >
> >> What exactly do you mean by "setting the c: drive to be hidden"?
> >> How did you go about hiding it? You can remove the Run command
> >> from the start menu easily enough but restricting access to a
> >> drive could (as you've already seen) have unintended
> >> consequences. Have you considered using NTFS permissions to
> >> restrict user access?
> >>
> >> --
> >> Nepatsfan
> >> "Mike" <Mike@discussions.microsoft.com> wrote in message
> >> news:4F2FF69E-176C-4DDB-8539-696110396F75@microsoft.com...
> >>> One thing that really screwed me up was setting the c: drive to
> >>> be hidden and
> >>> taking the Run command off the start menu. I'd like to include
> >>> these
> >>> policies under the user account but if I have to set these
> >>> policies up
> >>> logged in has administrator I won't be able to get back to the
> >>> c: drive or
> >>> c:\windows\system32\gpedit.msc. How can I do this so I can set
> >>> these
> >>> policies? Should I give the user account administrator rights
> >>> then set the
> >>> policies then take the admin right away and login again has the
> >>> user account?
> >>> That's what screwed me up initially.
> >>>
> >>> "Nepatsfan" wrote:
> >>>
> >>>> You might want to take a look here:
> >>>>
> >>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
> >>>>
> >>>> Here's another tool you might want to consider:
> >>>>
> >>>> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
> >>>>
> >>>> --
> >>>> Nepatsfan
> >>>> "Mike" <Mike@discussions.microsoft.com> wrote in message
> >>>> news:CB797599-CA2B-4798-9A15-F0045CEC66D7@microsoft.com...
> >>>>> I'm not an expert with group policies but would like to use
> >>>>> it
> >>>>> more. I'm
> >>>>> trying to set up five machines with a local group policy but
> >>>>> have screwed up
> >>>>> two machines already by not being able to get gpedit.msc
> >>>>> because I set the
> >>>>> sample user configuration policy up has the user account
> >>>>> (user
> >>>>> account has
> >>>>> administrator rights) but in doing so the policies also
> >>>>> affected the
> >>>>> administrator account so I'm on my third machine. I
> >>>>> accidentally set both
> >>>>> local computer and user policies (didn't know I just had to
> >>>>> use
> >>>>> user
> >>>>> configuration) Does anyone have links to any proper
> >>>>> information
> >>>>> or
> >>>>> instruction on how to group policy? We're tired of using
> >>>>> Fortres desktop
> >>>>> security.
>
>
Anonymous
February 10, 2005 11:43:23 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I did a little experimenting but you're going to have to tweak
this for your needs.

Logon as Administrator.
Right click an open area of your desktop and select New ->
Shortcut.
Enter gpedit.msc.
Hit Next.
Enter a name for this shorcut and select Finish.
This will allow you to access the Local Seurity Policy after
you've hidden the C drive.

Have you enabled any policy settings that remove the Command
Prompt entry from the Start menu? If you have then you'll have to
create a shortcut to cmd.exe as well. That will allow you to
access the Registry.pol file. Follow the instructions outlined in
the Microsoft article I posted earlier and see if you get the
results you want.

Keep in mind that there are other ways of accessing the C drive
besides My Computer or Explorer. I've just given you two examples
of how someone can get around this policy.

Keep us posted.
--
Nepatsfan
"Mike" <Mike@discussions.microsoft.com> wrote in message
news:323002FF-53D8-41EA-B0B4-DF659A59907A@microsoft.com...
> There is an option under both Computer configuration and User
> configuration
> (I don't remember the exact path) but you can hide the c: drive
> (make it
> invisible) or restrict access to it. I haven't considered NTFS
> permissions
> cause I don't know enough about it but I have converted the
> drives to NTFS.
>
> "Nepatsfan" wrote:
>
>> What exactly do you mean by "setting the c: drive to be
>> hidden"?
>> How did you go about hiding it? You can remove the Run command
>> from the start menu easily enough but restricting access to a
>> drive could (as you've already seen) have unintended
>> consequences. Have you considered using NTFS permissions to
>> restrict user access?
>>
>> --
>> Nepatsfan
>> "Mike" <Mike@discussions.microsoft.com> wrote in message
>> news:4F2FF69E-176C-4DDB-8539-696110396F75@microsoft.com...
>> > One thing that really screwed me up was setting the c: drive
>> > to
>> > be hidden and
>> > taking the Run command off the start menu. I'd like to
>> > include
>> > these
>> > policies under the user account but if I have to set these
>> > policies up
>> > logged in has administrator I won't be able to get back to
>> > the
>> > c: drive or
>> > c:\windows\system32\gpedit.msc. How can I do this so I can
>> > set
>> > these
>> > policies? Should I give the user account administrator
>> > rights
>> > then set the
>> > policies then take the admin right away and login again has
>> > the
>> > user account?
>> > That's what screwed me up initially.
>> >
>> > "Nepatsfan" wrote:
>> >
>> >> You might want to take a look here:
>> >>
>> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
>> >>
>> >> Here's another tool you might want to consider:
>> >>
>> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> >>
>> >> --
>> >> Nepatsfan
>> >> "Mike" <Mike@discussions.microsoft.com> wrote in message
>> >> news:CB797599-CA2B-4798-9A15-F0045CEC66D7@microsoft.com...
>> >> > I'm not an expert with group policies but would like to
>> >> > use
>> >> > it
>> >> > more. I'm
>> >> > trying to set up five machines with a local group policy
>> >> > but
>> >> > have screwed up
>> >> > two machines already by not being able to get gpedit.msc
>> >> > because I set the
>> >> > sample user configuration policy up has the user account
>> >> > (user
>> >> > account has
>> >> > administrator rights) but in doing so the policies also
>> >> > affected the
>> >> > administrator account so I'm on my third machine. I
>> >> > accidentally set both
>> >> > local computer and user policies (didn't know I just had
>> >> > to
>> >> > use
>> >> > user
>> >> > configuration) Does anyone have links to any proper
>> >> > information
>> >> > or
>> >> > instruction on how to group policy? We're tired of using
>> >> > Fortres desktop
>> >> > security.
>> >>
>> >>
>> >>
>>
>>
>>
February 15, 2005 4:19:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I figured out (with a little help from theeldergeek.com) that after you save
the policy has administrator you have to go to
c:\windows\system32\grouppolicy\ and take away the read permission and choose
deny instead of allow so that the policy doesn't affect the administrator
account. Thanks for all your help.

"Nepatsfan" wrote:

> I did a little experimenting but you're going to have to tweak
> this for your needs.
>
> Logon as Administrator.
> Right click an open area of your desktop and select New ->
> Shortcut.
> Enter gpedit.msc.
> Hit Next.
> Enter a name for this shorcut and select Finish.
> This will allow you to access the Local Seurity Policy after
> you've hidden the C drive.
>
> Have you enabled any policy settings that remove the Command
> Prompt entry from the Start menu? If you have then you'll have to
> create a shortcut to cmd.exe as well. That will allow you to
> access the Registry.pol file. Follow the instructions outlined in
> the Microsoft article I posted earlier and see if you get the
> results you want.
>
> Keep in mind that there are other ways of accessing the C drive
> besides My Computer or Explorer. I've just given you two examples
> of how someone can get around this policy.
>
> Keep us posted.
> --
> Nepatsfan
> "Mike" <Mike@discussions.microsoft.com> wrote in message
> news:323002FF-53D8-41EA-B0B4-DF659A59907A@microsoft.com...
> > There is an option under both Computer configuration and User
> > configuration
> > (I don't remember the exact path) but you can hide the c: drive
> > (make it
> > invisible) or restrict access to it. I haven't considered NTFS
> > permissions
> > cause I don't know enough about it but I have converted the
> > drives to NTFS.
> >
> > "Nepatsfan" wrote:
> >
> >> What exactly do you mean by "setting the c: drive to be
> >> hidden"?
> >> How did you go about hiding it? You can remove the Run command
> >> from the start menu easily enough but restricting access to a
> >> drive could (as you've already seen) have unintended
> >> consequences. Have you considered using NTFS permissions to
> >> restrict user access?
> >>
> >> --
> >> Nepatsfan
> >> "Mike" <Mike@discussions.microsoft.com> wrote in message
> >> news:4F2FF69E-176C-4DDB-8539-696110396F75@microsoft.com...
> >> > One thing that really screwed me up was setting the c: drive
> >> > to
> >> > be hidden and
> >> > taking the Run command off the start menu. I'd like to
> >> > include
> >> > these
> >> > policies under the user account but if I have to set these
> >> > policies up
> >> > logged in has administrator I won't be able to get back to
> >> > the
> >> > c: drive or
> >> > c:\windows\system32\gpedit.msc. How can I do this so I can
> >> > set
> >> > these
> >> > policies? Should I give the user account administrator
> >> > rights
> >> > then set the
> >> > policies then take the admin right away and login again has
> >> > the
> >> > user account?
> >> > That's what screwed me up initially.
> >> >
> >> > "Nepatsfan" wrote:
> >> >
> >> >> You might want to take a look here:
> >> >>
> >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
> >> >>
> >> >> Here's another tool you might want to consider:
> >> >>
> >> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
> >> >>
> >> >> --
> >> >> Nepatsfan
> >> >> "Mike" <Mike@discussions.microsoft.com> wrote in message
> >> >> news:CB797599-CA2B-4798-9A15-F0045CEC66D7@microsoft.com...
> >> >> > I'm not an expert with group policies but would like to
> >> >> > use
> >> >> > it
> >> >> > more. I'm
> >> >> > trying to set up five machines with a local group policy
> >> >> > but
> >> >> > have screwed up
> >> >> > two machines already by not being able to get gpedit.msc
> >> >> > because I set the
> >> >> > sample user configuration policy up has the user account
> >> >> > (user
> >> >> > account has
> >> >> > administrator rights) but in doing so the policies also
> >> >> > affected the
> >> >> > administrator account so I'm on my third machine. I
> >> >> > accidentally set both
> >> >> > local computer and user policies (didn't know I just had
> >> >> > to
> >> >> > use
> >> >> > user
> >> >> > configuration) Does anyone have links to any proper
> >> >> > information
> >> >> > or
> >> >> > instruction on how to group policy? We're tired of using
> >> >> > Fortres desktop
> >> >> > security.
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
Anonymous
February 15, 2005 7:53:24 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Glad you found a workaround. Though, it really shouldn't be
necessary to change permissions on that folder. A common mistake
some people make when they go through the procedure outlined in
the MS article (step 10) is to change the settings back to "Not
Configured" instead of Disabled.

--
Nepatsfan
"Mike" <Mike@discussions.microsoft.com> wrote in message
news:B004DCCC-1A54-4A95-AA10-A071E17227E7@microsoft.com...
>I figured out (with a little help from theeldergeek.com) that
>after you save
> the policy has administrator you have to go to
> c:\windows\system32\grouppolicy\ and take away the read
> permission and choose
> deny instead of allow so that the policy doesn't affect the
> administrator
> account. Thanks for all your help.
>
> "Nepatsfan" wrote:
>
>> I did a little experimenting but you're going to have to tweak
>> this for your needs.
>>
>> Logon as Administrator.
>> Right click an open area of your desktop and select New ->
>> Shortcut.
>> Enter gpedit.msc.
>> Hit Next.
>> Enter a name for this shorcut and select Finish.
>> This will allow you to access the Local Seurity Policy after
>> you've hidden the C drive.
>>
>> Have you enabled any policy settings that remove the Command
>> Prompt entry from the Start menu? If you have then you'll have
>> to
>> create a shortcut to cmd.exe as well. That will allow you to
>> access the Registry.pol file. Follow the instructions outlined
>> in
>> the Microsoft article I posted earlier and see if you get the
>> results you want.
>>
>> Keep in mind that there are other ways of accessing the C
>> drive
>> besides My Computer or Explorer. I've just given you two
>> examples
>> of how someone can get around this policy.
>>
>> Keep us posted.
>> --
>> Nepatsfan
>> "Mike" <Mike@discussions.microsoft.com> wrote in message
>> news:323002FF-53D8-41EA-B0B4-DF659A59907A@microsoft.com...
>> > There is an option under both Computer configuration and
>> > User
>> > configuration
>> > (I don't remember the exact path) but you can hide the c:
>> > drive
>> > (make it
>> > invisible) or restrict access to it. I haven't considered
>> > NTFS
>> > permissions
>> > cause I don't know enough about it but I have converted the
>> > drives to NTFS.
>> >
>> > "Nepatsfan" wrote:
>> >
>> >> What exactly do you mean by "setting the c: drive to be
>> >> hidden"?
>> >> How did you go about hiding it? You can remove the Run
>> >> command
>> >> from the start menu easily enough but restricting access to
>> >> a
>> >> drive could (as you've already seen) have unintended
>> >> consequences. Have you considered using NTFS permissions to
>> >> restrict user access?
>> >>
>> >> --
>> >> Nepatsfan
>> >> "Mike" <Mike@discussions.microsoft.com> wrote in message
>> >> news:4F2FF69E-176C-4DDB-8539-696110396F75@microsoft.com...
>> >> > One thing that really screwed me up was setting the c:
>> >> > drive
>> >> > to
>> >> > be hidden and
>> >> > taking the Run command off the start menu. I'd like to
>> >> > include
>> >> > these
>> >> > policies under the user account but if I have to set
>> >> > these
>> >> > policies up
>> >> > logged in has administrator I won't be able to get back
>> >> > to
>> >> > the
>> >> > c: drive or
>> >> > c:\windows\system32\gpedit.msc. How can I do this so I
>> >> > can
>> >> > set
>> >> > these
>> >> > policies? Should I give the user account administrator
>> >> > rights
>> >> > then set the
>> >> > policies then take the admin right away and login again
>> >> > has
>> >> > the
>> >> > user account?
>> >> > That's what screwed me up initially.
>> >> >
>> >> > "Nepatsfan" wrote:
>> >> >
>> >> >> You might want to take a look here:
>> >> >>
>> >> >> http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
>> >> >>
>> >> >> Here's another tool you might want to consider:
>> >> >>
>> >> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm
>> >> >>
>> >> >> --
>> >> >> Nepatsfan
>> >> >> "Mike" <Mike@discussions.microsoft.com> wrote in message
>> >> >> news:CB797599-CA2B-4798-9A15-F0045CEC66D7@microsoft.com...
>> >> >> > I'm not an expert with group policies but would like
>> >> >> > to
>> >> >> > use
>> >> >> > it
>> >> >> > more. I'm
>> >> >> > trying to set up five machines with a local group
>> >> >> > policy
>> >> >> > but
>> >> >> > have screwed up
>> >> >> > two machines already by not being able to get
>> >> >> > gpedit.msc
>> >> >> > because I set the
>> >> >> > sample user configuration policy up has the user
>> >> >> > account
>> >> >> > (user
>> >> >> > account has
>> >> >> > administrator rights) but in doing so the policies
>> >> >> > also
>> >> >> > affected the
>> >> >> > administrator account so I'm on my third machine. I
>> >> >> > accidentally set both
>> >> >> > local computer and user policies (didn't know I just
>> >> >> > had
>> >> >> > to
>> >> >> > use
>> >> >> > user
>> >> >> > configuration) Does anyone have links to any proper
>> >> >> > information
>> >> >> > or
>> >> >> > instruction on how to group policy? We're tired of
>> >> >> > using
>> >> >> > Fortres desktop
>> >> >> > security.
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
!