HOW TO Apply Local Policies to All Users Except Administrators on Windows Server 2008 in a Workgroup Setting(not a domain)

-

HOW TO Apply Local Policies to All Users Except Administrators on Windows Server 2008 in a Workgroup Setting(not a domain)




when you use server 2008 based computer in workgroup setting(not a domain),you may have to implement local policies on that computer that can apply to all users of that computer.

Apply Local Policies to All Users Except Administrators

To implement local policies to all users except administrators, follow these steps: 
  1. Log on to the computer as an administrator.
  2. Open your local security policy. To do this, do one of the following:

    • Click Start, click Run, type gpedit.msc, and then press ENTER.
  3. Expand the User Configuration object, and then expand the Administrative Templates object.
  4. Enable whatever policies that you want (for example, Desktop for "Hide My Network Places" or "Hide Internet Explorer Icon on Desktop").
  5. Close the Gpedit.msc Group Policy snap-in. Or, if you use MMC, save the console as an icon to make it accessible later, and then log off the computer.
  6. Log on to the computer as an administrator.

    You can verify in this logon session the policy changes that were made earlier, because, by default, the local policies apply to all users, which includes administrators.
  7. Log off the computer, and then log on to the computer as all of the other users for this computer for whom you want these policies to apply. The policies are implemented for all of these users and the administrator.

    NOTE: Any user account that is not logged on to the computer at this step cannot have the policies implemented for that account.
  8. Log on to the computer as an administrator.
  9. Click Start, point to Control Panel, and then click Folder Options. Click the View tab, click Show Hidden Files and Folders, and then click OK so that you can view the Group Policy hidden folder. Or, open Windows Explorer, click Tools, and then click Folder Options to view these settings.
  10. Copy the Registry.pol file that is located in the %Systemroot%\System32\GroupPolicy\User folder to a backup location (for example, to a different hard disk, floppy disk, or folder).
  11. Open your local policy again by using either the Gpedit.msc Group Policy snap-in or your MMC icon, and then enable the exact features that were disabled in the original policy that was created for that computer.


    NOTE: When you do this, Policy Editor creates a new Registry.pol file.
  12. Close your policy editor, and then copy the backup Registry.pol file that you created in step 10 back into the %Systemroot%\System32\GroupPolicy\User folder. When you are prompted to replace the existing file, click Yes.
  13. Log off the computer, and then log on as an administrator.

    You can verify that the changes that were originally made are not implemented for you because you have logged on to the computer as an administrator.
  14. Log off the computer, and then log on as another user (or users).

    You can verify that the changes that were originally made are implemented for you because you have logged on to the computer as a user (not an administrator) to that computer .
  15. Log on to the computer as an administrator to verify that the local policy does not affect you as the local administrator to that computer.

Popular posts from this blog

How to Reset Terminal license on Windows 2008, 2008 R2 and 2012

-
The RD Licensing grace period has expired and the service has not registered with a license server with installed licenses. A RD Licensing server is required for continuous operation. A Remote Desktop Session Host server can operate without a license server for 120 days after initial start up. The official solution is to Activate the RDS/TS CAL License server and point the Server to License server with User/Device License and will be resolve the problem, but if you want to reset the timer and again avail the 120 days grace time here is the solution: Solution: 1) First open the registry editor with "regedit" command in command prompt. 2)open the registry key from below path HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Terminal Server \ RCM \ GracePeriod 3)From GracePeriod delete the key " REG_BINARY".don't delete default registry. 4)then Restart the computer and check the grace period with "tlsbln" command from command
Read more

How to remove a static IP configuration for an absent network adapter or uninstall hidden network adapter

-
Image
In a scenario where you have physically removed hardware from a machine you can no longer see it in device manager.  This does not mean that it is gone.  Evidence of that is, if for example you had a network card that had a Static IP address set and you remove the card and add a new one then try to set the IP address to the same as the old NIC you will get an error message. The error might look something like “The IP address 192.168.30.100 you have entered for this network adapter is already assigned to another adapter (Microsoft Virtual machine Bus Network Adapter #3) which is no longer present in the computer.  If the same address is assigned to both adapters and they both become active, only one of them will use this address.  This may result in incorrect system configuration”.  In Windows Server 2008 R2 and Windows 7 it actually gives you an opportunity to “remove the static IP configuration for the absent adapter”. If you say Yes, this will eliminate the IP conflict problem but
Read more