+ Post New Thread
Results 1 to 9 of 9
Windows Thread, standalone policy in Technical; hello all, the question and queries below are for server 2003, standalone (workgroup), iis6. cannot for the life of me ...
  1. #1

    Join Date
    Jul 2007
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    standalone policy

    hello all,
    the question and queries below are for server 2003, standalone (workgroup), iis6.
    cannot for the life of me figure out how to set different policies for each separate user that logs on.
    i will be using the administrative templates under "local computer policy".
    i want to be able to set the desktop with minimal icons, remove or restrict what they can do.
    so my question is: how do i go about giving a user a policy that i set??
    I do hope it can be done.
    please explain in detail.
    thanks J

  2. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,234
    Thank Post
    894
    Thanked 1,780 Times in 1,534 Posts
    Blog Entries
    12
    Rep Power
    462

    Re: standalone policy

    run > gpedit

  3. #3
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,986
    Thank Post
    269
    Thanked 52 Times in 46 Posts
    Blog Entries
    2
    Rep Power
    47

    Re: standalone policy

    If these are standalone computers how do many people log on? Do you have several local users on each PC?

    If you don't want to go the Domain route; have user accounts and computer accounts that you can assign policies to as you'd like, I'd recommend MSs Steady State.

    With that you can lock down the machine very well, to chosen local users.

  4. #4

    Join Date
    Jul 2007
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: standalone policy

    Hello all,

    Thanks to you all for your immediate advice.

    I will answer you individually:
    Mark: what you suggested (steadystate) is something i have not heard of before. i read the information and it is exactly what i want, to be able to lock down individual user accounts dependent on their security risk. BUT it will not run for server 2003. a pity as it seemed perfect.
    the number of people accessing is about 12; one administrator which can see everything and users which i want to severely restrict what they can see and do. hence i need to be able to do this using individual or group policy. if i do this using account policies with administrative or computer policy then it effects everybody, including the administrator. thats why i want to apply separate policies (groups or users).

    FN:
    using "gpedit", this sets policies for everybody, including administrator. then i would not be able to administrate the computer.

    please keep your advice coming as i really need to crack this.
    thank you J

  5. #5
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,986
    Thank Post
    269
    Thanked 52 Times in 46 Posts
    Blog Entries
    2
    Rep Power
    47

    Re: standalone policy

    Well Steady State is for workstations only - you asked for a standalone lockdown solution - ie not connected to a 2003 domain - and that's it.

    In Active directory to create seperate policies to apply to different configurations. According to Microsoft you set up your AD structure to mirror your staffing structure.

    What you get is exactly what you see in Steady State - just not so pwetty

    To use Active Directory your PCs have to be on the domain, and not part of a workgroup - I think is the fundamental problem. Go ask for training on 2003 Domain administration.

  6. #6

    Join Date
    Jul 2007
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: standalone policy

    Hello Mark,

    To explain, maybe the way i explained the setup you miss understood.
    the computer is a standalone, meaning, is not in a domain, not a domain controller, is just a computer running server 2003.
    users logon to this, and i want them just to see what i want them to see. as an example: if i were to empty the desktop of everyhting and just place a shortcut to a directory somewhere on the computer, which would let them see files located there, this is the only thing they could see; and could alter nothing.
    i realise i could do what i wanted using active directory, but this is not installed for various reasons, mainly as the computer has nothing to do with domains.
    you mentioned it being a workstation, well not exactly. a workstation for me, but the others connect from the network. its a server, on a network (workgroup)where users connect using terminal services. so when the user is authenticated a policy comes into place giving them the desktop view and restrictions i have set.
    hope that helps.
    i have tried messing around with registry.pol file and it will not work.
    am sure the answer is very simple.
    thanks J

  7. #7
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,986
    Thank Post
    269
    Thanked 52 Times in 46 Posts
    Blog Entries
    2
    Rep Power
    47

    Re: standalone policy

    So the machine is setup as a terminal server, and you want to lock down terminal server users, on an individual basis, without Active Directory.

    Simple shortcuts to the desktop kind of customisation is just a matter of editing the users home area under documents and settings > user name. Findthe desktop folder to customise it.

    The All user and Default user settings only apply to new users logging in.

    Seems a freakishly dangerous way to do anything. Setting up Active directory wouldn't be so hard: http://www.petri.co.il/active_direct...quirements.htm

  8. #8

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,234
    Thank Post
    894
    Thanked 1,780 Times in 1,534 Posts
    Blog Entries
    12
    Rep Power
    462

    Re: standalone policy

    system mechanic has tools to lockdown individual user accounts

    http://www.iolo.com/sm/ads/landing/i...5-F880DD92137D

    I think I have the version 6 with the licence code (not even used) about some place I will send it you if you like.

  9. #9

    Join Date
    Jul 2007
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: standalone policy

    hi all,

    thanks for your answers.

    mark
    ok. i am holding back from installing active directory.
    i appreciate that i could do what i am asking with AD installed.
    nevertheless, what you suggest is what i had in mind; a simple way to maybe achieve what i require. i shall set up a test scenario and see how it all looks.
    i looked at the web site you included about installing AD, and shall read this very closely and come to a decision whether to take the plunge or not.
    there are still issues which i cannot see how to achieve; one being how would i stop the users gaining access to the control panel? maybe this cannot be done without installing AD!!

    FN
    thanks kindly for the offer of the software. although i would rather find a solution using just server 2003.

    I appreciate the help you are all giveing me.

    thanks again J

SHARE:
+ Post New Thread

Similar Threads

  1. Standalone MP3 streamer...
    By gwendes in forum General Chat
    Replies: 6
    Last Post: 19th November 2007, 10:27 AM
  2. Running Sims standalone?
    By Outpost in forum MIS Systems
    Replies: 1
    Last Post: 11th September 2007, 09:30 AM
  3. create a standalone cd recorder
    By adamyoung in forum How do you do....it?
    Replies: 14
    Last Post: 7th May 2006, 09:41 PM
  4. Replies: 19
    Last Post: 2nd November 2005, 12:11 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •