Darren Thanks for your help. Let me ask you one more thing: Can I create a custom pol file, put it in an different location (system32, for instance) and apply it to a specific local windows xp user? Is that possible? I know a program made by a developer that creates a local user and applies to the user a restricted desktop. I think it is by GPO, but no other users are affected. Unfortunately I do not have access to the source code. I will look for it, if I find any new information, I let you know. Thanks again. ________________________________ De: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] Em nome de Darren Mar-Elia Enviada em: quarta-feira, 15 de outubro de 2008 20:37 Para: gptalk@xxxxxxxxxxxxx Assunto: [gptalk] Re: Help With Local GPO You can hack this after a fashion, but it requires some real tweaking. Namely, depending upon what policy you want to control, you can use file permissions on the underlying GP settings storage in the local GPO to control who gets it. For example, if you want to control Admin Template policy on the local GPO, you can permission the registry.pol file within either C:\windows\system32\grouppolicy\machine or C:\windows\system32\grouppolicy\user so that it can only be read by the user account that you want to apply the policies to. It's a serious hack, but it has been done successfully in the past. Darren From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie Sent: Wednesday, October 15, 2008 11:00 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Help With Local GPO Well, only a local GPO would work but I don't think there is any way to use security filtering at the local level; therefore, your GPO is going to apply to all local users, and potentially some domain users as well. And because a local user account does not process domain-based GPOs, I think you're unfortunately out of luck. Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon Energy Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 | http://www.dvn.com <http://www.dvn.com/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Maurit Pereira Fagundes Sent: Wednesday, October 15, 2008 11:48 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Help With Local GPO Importance: High Hello everyone. I need to create a program that creates a local user in windows XP and associates it a specific GPO created by me to the user the program created only. The other local users must not be affected by the GPO. How can I do this? I am searching for a solution but nothing up to now. I´m ok with the program, my problem is how to associate a custom GPO to a specific local windows xp user without affect the others local users. Can someone help me on this? Thanks in advance. MT ________________________________ Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system.