Policy applied after sleep to other user. Bug or feature?

[Kaur_100]

Hi,

Decided to make a sandbox for my 2 year old kid in W7 Ultimate 64bit sp1 by removing access to most of the features within Windows by gpedit. Started by creating him a standard account and then applied the restrictions via gpedit.msc. At the end, the account had no access to other programs, search and to the gpedit itself.

Feeled pretty good as no he could surf around only in Paint for drawing and Word, without imminent threat to the PC. Switched user to my admin account and after working a while put pc to sleep, as usual.

Next morning in horror I discovered that his user policy settings have been applied to my admin account. Luckily I had access to the gpedit to reverse them and also deleted his account. Horror flashbacks still remain

Any idea, what might have caused it? Anyone else with same experience? How to avoid it in future?

This seems a rather explosive bug according to my standards.

Found the article how to apply the policy settings only to non-admin accounts but have not tried it yet:

http://www.sevenforums.com/tutorials/101869-local-group-policies-apply-all-users-except-administrators.html

 

[shanky887614]

there is a parental feature in windows

http://windows.microsoft.com/en-US/windows-vista/Set-up-Parental-Controls

 

[Kaur_100]

Well, I am aware of the parental controls but they are pretty basic and allow a lot to be messed up still.

 

[Kaur_100]

Using mmc under admin account to set up specific user policies, instead of directly messing around with gpedit under specific user account works bit better, so far. Probably having no password before on admin account might have caused this bug to manifest itself.

Here is tutorial:

http://www.sevenforums.com/tutorials/101869-local-group-policies-apply-all-users-except-administrators.html

So beware of using gpedit.