Sign in with
Sign up | Sign in
Your question

Group Policy on a Standalone XP System (where can I find i..

Last response: in Windows XP
Share
April 28, 2005 12:39:07 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Can anybody point me at some useful docs about using group policy on a
standalone XP System.
Currently I cant see the wood for the forest ( AD pun intended )

I do not want to be told how wonderful and flexible it is when used with
Windows Server 2003 and Active Directory or confused by such information. I
know AD is great, but I dont have WS 2003 in my current situation. Everything
in the mmc help appears to be biased towards AD and basically says local
policy will be trashed by AD Group policy ( so I wont bother explaining it in
any detail at all ).

I want to understand how "Local Computer Policy" works without AD, what to
use it for and what it can and cannot do for me.

I would also like to understand how "Resultant Set of Policy", "Security
Configuration and Analysis" and "Security Templates" all fit together with
Local computer policy, or are they just tools for the grown-ups who have a
WS2003 and AD on the other end of the wire. Can local Policy understand all
the entries in a security template that I setup or only a subset?

What are you trying to do, I hear you cry!:

Ok, I want to set up a security template(s) for my machine, that I can
maintain as a central repository of changes, instead of making little changes
here and there to File security, Registry entries and who can do what based
on userid etc etc.
The reason is of course that every time I have to rebuild my OS it takes me
ages to set the system up as it was before rebuild, because I always forget
to log some change or other that I have made to fix something.

This turned into a bit of a rant, sorry for that. But my need is still a
real one.

Chris

PS
I found that Local Computer Policy cannot be USER specific without AD so
while I was kicking the furniture it occured to be that if I setup a Security
Configuration and Analysis database specific to each of my userids could I
write a login script to test the "USERNAME" env variable and based on that
run "secedit /configure" using the username specific database?

Is this a stupid idea or not?

It seems easier than setting up a configuration and then loging on with each
userid that it applies to inorder to get the entries to apply to that user
specifically?

Love to hear informed comment on this !

TIA
April 29, 2005 1:16:49 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hope this is enough.

Group Policy FAQs
http://www.activedir.org/gp_faq.htm

Microsoft Windows XP Professional Local Group Policy
http://www.microsoft.com/resources/documentation/window...
us/sag_spconcepts_26.mspx

Understanding Local Group Policy
http://www.windowsdevcenter.com/pub/a/windows/2005/03/2....
html

Regards.

---------------------------------------
"Chris" <Chris@discussions.microsoft.com> escribió en el mensaje
news:9066BB0D-3B46-48CB-9CDF-A30EBB3E7883@microsoft.com...
> Can anybody point me at some useful docs about using group policy on a
> standalone XP System.
> Currently I cant see the wood for the forest ( AD pun intended )
>
> I do not want to be told how wonderful and flexible it is when used with
> Windows Server 2003 and Active Directory or confused by such information.
I
> know AD is great, but I dont have WS 2003 in my current situation.
Everything
> in the mmc help appears to be biased towards AD and basically says local
> policy will be trashed by AD Group policy ( so I wont bother explaining it
in
> any detail at all ).
>
> I want to understand how "Local Computer Policy" works without AD, what to
> use it for and what it can and cannot do for me.
>
> I would also like to understand how "Resultant Set of Policy", "Security
> Configuration and Analysis" and "Security Templates" all fit together with
> Local computer policy, or are they just tools for the grown-ups who have a
> WS2003 and AD on the other end of the wire. Can local Policy understand
all
> the entries in a security template that I setup or only a subset?
>
> What are you trying to do, I hear you cry!:
>
> Ok, I want to set up a security template(s) for my machine, that I can
> maintain as a central repository of changes, instead of making little
changes
> here and there to File security, Registry entries and who can do what
based
> on userid etc etc.
> The reason is of course that every time I have to rebuild my OS it takes
me
> ages to set the system up as it was before rebuild, because I always
forget
> to log some change or other that I have made to fix something.
>
> This turned into a bit of a rant, sorry for that. But my need is still a
> real one.
>
> Chris
>
> PS
> I found that Local Computer Policy cannot be USER specific without AD so
> while I was kicking the furniture it occured to be that if I setup a
Security
> Configuration and Analysis database specific to each of my userids could I
> write a login script to test the "USERNAME" env variable and based on that
> run "secedit /configure" using the username specific database?
>
> Is this a stupid idea or not?
>
> It seems easier than setting up a configuration and then loging on with
each
> userid that it applies to inorder to get the entries to apply to that
user
> specifically?
>
> Love to hear informed comment on this !
>
> TIA
!