[gptalk] RES: Re: Help With Local GPO
- From: "Maurit Pereira Fagundes" <Maurit.Fagundes@xxxxxx>
- To: <gptalk@xxxxxxxxxxxxx>
- Date: Thu, 16 Oct 2008 10:39:28 -0300
Darren
Thanks for your help. Let me ask you one more thing:
Can I create a custom pol file, put it in an different location (system32, for
instance) and apply it to a specific local windows xp user?
Is that possible?
I know a program made by a developer that creates a local user and applies to
the user a restricted desktop. I think it is by GPO, but no other users are
affected. Unfortunately I do not have access to the source code. I will look
for it, if I find any new information, I let you know.
Thanks again.
________________________________
De: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] Em nome de
Darren Mar-Elia
Enviada em: quarta-feira, 15 de outubro de 2008 20:37
Para: gptalk@xxxxxxxxxxxxx
Assunto: [gptalk] Re: Help With Local GPO
You can hack this after a fashion, but it requires some real tweaking. Namely,
depending upon what policy you want to control, you can use file permissions on
the underlying GP settings storage in the local GPO to control who gets it. For
example, if you want to control Admin Template policy on the local GPO, you can
permission the registry.pol file within either
C:\windows\system32\grouppolicy\machine or C:\windows\system32\grouppolicy\user
so that it can only be read by the user account that you want to apply the
policies to. It's a serious hack, but it has been done successfully in the past.
Darren
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Nelson, Jamie
Sent: Wednesday, October 15, 2008 11:00 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Help With Local GPO
Well, only a local GPO would work but I don't think there is any way to use
security filtering at the local level; therefore, your GPO is going to apply to
all local users, and potentially some domain users as well.
And because a local user account does not process domain-based GPOs, I think
you're unfortunately out of luck.
Jamie Nelson | Operations Consultant | BI&T Infrastructure-Intel | Devon Energy
Corporation | Work: 405.552.8054 | Mobile: 405.200.8088 | http://www.dvn.com
<http://www.dvn.com/>
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Maurit Pereira Fagundes
Sent: Wednesday, October 15, 2008 11:48 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Help With Local GPO
Importance: High
Hello everyone.
I need to create a program that creates a local user in windows XP and
associates it a specific GPO created by me to the user the program created
only. The other local users must not be affected by the GPO. How can I do this?
I am searching for a solution but nothing up to now.
I´m ok with the program, my problem is how to associate a custom GPO to a
specific local windows xp user without affect the others local users.
Can someone help me on this?
Thanks in advance.
MT
________________________________
Confidentiality Warning: This message and any attachments are intended only for
the use of the intended recipient(s), are confidential, and may be privileged.
If you are not the intended recipient, you are hereby notified that any review,
retransmission, conversion to hard copy, copying, circulation or other use of
all or any portion of this message and any attachments is strictly prohibited.
If you are not the intended recipient, please notify the sender immediately by
return e-mail, and delete this message and any attachments from your system.
Other related posts:
