Group Policy on a Standalone XP System (where can I find i..
Last response: in Windows XP
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Can anybody point me at some useful docs about using group policy on a
standalone XP System.
Currently I cant see the wood for the forest ( AD pun intended )
I do not want to be told how wonderful and flexible it is when used with
Windows Server 2003 and Active Directory or confused by such information. I
know AD is great, but I dont have WS 2003 in my current situation. Everything
in the mmc help appears to be biased towards AD and basically says local
policy will be trashed by AD Group policy ( so I wont bother explaining it in
any detail at all ).
I want to understand how "Local Computer Policy" works without AD, what to
use it for and what it can and cannot do for me.
I would also like to understand how "Resultant Set of Policy", "Security
Configuration and Analysis" and "Security Templates" all fit together with
Local computer policy, or are they just tools for the grown-ups who have a
WS2003 and AD on the other end of the wire. Can local Policy understand all
the entries in a security template that I setup or only a subset?
What are you trying to do, I hear you cry!:
Ok, I want to set up a security template(s) for my machine, that I can
maintain as a central repository of changes, instead of making little changes
here and there to File security, Registry entries and who can do what based
on userid etc etc.
The reason is of course that every time I have to rebuild my OS it takes me
ages to set the system up as it was before rebuild, because I always forget
to log some change or other that I have made to fix something.
This turned into a bit of a rant, sorry for that. But my need is still a
real one.
Chris
PS
I found that Local Computer Policy cannot be USER specific without AD so
while I was kicking the furniture it occured to be that if I setup a Security
Configuration and Analysis database specific to each of my userids could I
write a login script to test the "USERNAME" env variable and based on that
run "secedit /configure" using the username specific database?
Is this a stupid idea or not?
It seems easier than setting up a configuration and then loging on with each
userid that it applies to inorder to get the entries to apply to that user
specifically?
Love to hear informed comment on this !
TIA
Can anybody point me at some useful docs about using group policy on a
standalone XP System.
Currently I cant see the wood for the forest ( AD pun intended )
I do not want to be told how wonderful and flexible it is when used with
Windows Server 2003 and Active Directory or confused by such information. I
know AD is great, but I dont have WS 2003 in my current situation. Everything
in the mmc help appears to be biased towards AD and basically says local
policy will be trashed by AD Group policy ( so I wont bother explaining it in
any detail at all ).
I want to understand how "Local Computer Policy" works without AD, what to
use it for and what it can and cannot do for me.
I would also like to understand how "Resultant Set of Policy", "Security
Configuration and Analysis" and "Security Templates" all fit together with
Local computer policy, or are they just tools for the grown-ups who have a
WS2003 and AD on the other end of the wire. Can local Policy understand all
the entries in a security template that I setup or only a subset?
What are you trying to do, I hear you cry!:
Ok, I want to set up a security template(s) for my machine, that I can
maintain as a central repository of changes, instead of making little changes
here and there to File security, Registry entries and who can do what based
on userid etc etc.
The reason is of course that every time I have to rebuild my OS it takes me
ages to set the system up as it was before rebuild, because I always forget
to log some change or other that I have made to fix something.
This turned into a bit of a rant, sorry for that. But my need is still a
real one.
Chris
PS
I found that Local Computer Policy cannot be USER specific without AD so
while I was kicking the furniture it occured to be that if I setup a Security
Configuration and Analysis database specific to each of my userids could I
write a login script to test the "USERNAME" env variable and based on that
run "secedit /configure" using the username specific database?
Is this a stupid idea or not?
It seems easier than setting up a configuration and then loging on with each
userid that it applies to inorder to get the entries to apply to that user
specifically?
Love to hear informed comment on this !
TIA
More about : group policy standalone system find
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)
Hope this is enough.
Group Policy FAQs
http://www.activedir.org/gp_faq.htm
Microsoft Windows XP Professional Local Group Policy
http://www.microsoft.com/resources/documentation/window...
us/sag_spconcepts_26.mspx
Understanding Local Group Policy
http://www.windowsdevcenter.com/pub/a/windows/2005/03/2....
html
Regards.
---------------------------------------
"Chris" <Chris@discussions.microsoft.com> escribió en el mensaje
news:9066BB0D-3B46-48CB-9CDF-A30EBB3E7883@microsoft.com...
> Can anybody point me at some useful docs about using group policy on a
> standalone XP System.
> Currently I cant see the wood for the forest ( AD pun intended )
>
> I do not want to be told how wonderful and flexible it is when used with
> Windows Server 2003 and Active Directory or confused by such information.
I
> know AD is great, but I dont have WS 2003 in my current situation.
Everything
> in the mmc help appears to be biased towards AD and basically says local
> policy will be trashed by AD Group policy ( so I wont bother explaining it
in
> any detail at all ).
>
> I want to understand how "Local Computer Policy" works without AD, what to
> use it for and what it can and cannot do for me.
>
> I would also like to understand how "Resultant Set of Policy", "Security
> Configuration and Analysis" and "Security Templates" all fit together with
> Local computer policy, or are they just tools for the grown-ups who have a
> WS2003 and AD on the other end of the wire. Can local Policy understand
all
> the entries in a security template that I setup or only a subset?
>
> What are you trying to do, I hear you cry!:
>
> Ok, I want to set up a security template(s) for my machine, that I can
> maintain as a central repository of changes, instead of making little
changes
> here and there to File security, Registry entries and who can do what
based
> on userid etc etc.
> The reason is of course that every time I have to rebuild my OS it takes
me
> ages to set the system up as it was before rebuild, because I always
forget
> to log some change or other that I have made to fix something.
>
> This turned into a bit of a rant, sorry for that. But my need is still a
> real one.
>
> Chris
>
> PS
> I found that Local Computer Policy cannot be USER specific without AD so
> while I was kicking the furniture it occured to be that if I setup a
Security
> Configuration and Analysis database specific to each of my userids could I
> write a login script to test the "USERNAME" env variable and based on that
> run "secedit /configure" using the username specific database?
>
> Is this a stupid idea or not?
>
> It seems easier than setting up a configuration and then loging on with
each
> userid that it applies to inorder to get the entries to apply to that
user
> specifically?
>
> Love to hear informed comment on this !
>
> TIA
Hope this is enough.
Group Policy FAQs
http://www.activedir.org/gp_faq.htm
Microsoft Windows XP Professional Local Group Policy
http://www.microsoft.com/resources/documentation/window...
us/sag_spconcepts_26.mspx
Understanding Local Group Policy
http://www.windowsdevcenter.com/pub/a/windows/2005/03/2....
html
Regards.
---------------------------------------
"Chris" <Chris@discussions.microsoft.com> escribió en el mensaje
news:9066BB0D-3B46-48CB-9CDF-A30EBB3E7883@microsoft.com...
> Can anybody point me at some useful docs about using group policy on a
> standalone XP System.
> Currently I cant see the wood for the forest ( AD pun intended )
>
> I do not want to be told how wonderful and flexible it is when used with
> Windows Server 2003 and Active Directory or confused by such information.
I
> know AD is great, but I dont have WS 2003 in my current situation.
Everything
> in the mmc help appears to be biased towards AD and basically says local
> policy will be trashed by AD Group policy ( so I wont bother explaining it
in
> any detail at all ).
>
> I want to understand how "Local Computer Policy" works without AD, what to
> use it for and what it can and cannot do for me.
>
> I would also like to understand how "Resultant Set of Policy", "Security
> Configuration and Analysis" and "Security Templates" all fit together with
> Local computer policy, or are they just tools for the grown-ups who have a
> WS2003 and AD on the other end of the wire. Can local Policy understand
all
> the entries in a security template that I setup or only a subset?
>
> What are you trying to do, I hear you cry!:
>
> Ok, I want to set up a security template(s) for my machine, that I can
> maintain as a central repository of changes, instead of making little
changes
> here and there to File security, Registry entries and who can do what
based
> on userid etc etc.
> The reason is of course that every time I have to rebuild my OS it takes
me
> ages to set the system up as it was before rebuild, because I always
forget
> to log some change or other that I have made to fix something.
>
> This turned into a bit of a rant, sorry for that. But my need is still a
> real one.
>
> Chris
>
> PS
> I found that Local Computer Policy cannot be USER specific without AD so
> while I was kicking the furniture it occured to be that if I setup a
Security
> Configuration and Analysis database specific to each of my userids could I
> write a login script to test the "USERNAME" env variable and based on that
> run "secedit /configure" using the username specific database?
>
> Is this a stupid idea or not?
>
> It seems easier than setting up a configuration and then loging on with
each
> userid that it applies to inorder to get the entries to apply to that
user
> specifically?
>
> Love to hear informed comment on this !
>
> TIA
Related ressources:
- ForumGroup Policy on stand-alone Windows 2003 Server
- ForumApplied a security policy to standalone XP and strange out..
- ForumGroup policies on standalone laptops
- ForumEFS and System Cryptography Group Policy - Windows XP SP2
- ForumXP Home - Can't Audit - no Local Security Policy
- ForumGroup policy problem ( XP alone and XP with NT server)
- ForumHacks to turn Series 2 units into stand-alone DVR?
- ForumHacks to turn Series 2 units into stand-alone DVR?
- ForumHow to turn off system restore group policy for xp
- ForumWhere to find storage device policy in win xp
- ForumScript Errors Running In Group Policy Edit
- ForumGroup Policy
- ForumUsing Group Policy to give install permission
- ForumGroup Policy
- ForumGroup policy
- ForumLocal group policy options missing
- ForumLogon script not running for group policy
- ForumGroup Policy applies to some users, but not others
- ForumPCMCIA slots need more power??? HELP!
- ForumBurned mainbord - how to recover system data from working ..
- More resources
Read discussions in other Windows XP categories
!
