HOW TO Apply Local Policies to All Users Except Administrators on Windows Server 2008 in a Workgroup Setting(not a domain)

HOW TO Apply Local Policies to All Users Except Administrators on Windows Server 2008 in a Workgroup Setting(not a domain)




when you use server 2008 based computer in workgroup setting(not a domain),you may have to implement local policies on that computer that can apply to all users of that computer.

Apply Local Policies to All Users Except Administrators

To implement local policies to all users except administrators, follow these steps: 
  1. Log on to the computer as an administrator.
  2. Open your local security policy. To do this, do one of the following:

    • Click Start, click Run, type gpedit.msc, and then press ENTER.
  3. Expand the User Configuration object, and then expand the Administrative Templates object.
  4. Enable whatever policies that you want (for example, Desktop for "Hide My Network Places" or "Hide Internet Explorer Icon on Desktop").
  5. Close the Gpedit.msc Group Policy snap-in. Or, if you use MMC, save the console as an icon to make it accessible later, and then log off the computer.
  6. Log on to the computer as an administrator.

    You can verify in this logon session the policy changes that were made earlier, because, by default, the local policies apply to all users, which includes administrators.
  7. Log off the computer, and then log on to the computer as all of the other users for this computer for whom you want these policies to apply. The policies are implemented for all of these users and the administrator.

    NOTE: Any user account that is not logged on to the computer at this step cannot have the policies implemented for that account.
  8. Log on to the computer as an administrator.
  9. Click Start, point to Control Panel, and then click Folder Options. Click the View tab, click Show Hidden Files and Folders, and then click OK so that you can view the Group Policy hidden folder. Or, open Windows Explorer, click Tools, and then click Folder Options to view these settings.
  10. Copy the Registry.pol file that is located in the %Systemroot%\System32\GroupPolicy\User folder to a backup location (for example, to a different hard disk, floppy disk, or folder).
  11. Open your local policy again by using either the Gpedit.msc Group Policy snap-in or your MMC icon, and then enable the exact features that were disabled in the original policy that was created for that computer.


    NOTE: When you do this, Policy Editor creates a new Registry.pol file.
  12. Close your policy editor, and then copy the backup Registry.pol file that you created in step 10 back into the %Systemroot%\System32\GroupPolicy\User folder. When you are prompted to replace the existing file, click Yes.
  13. Log off the computer, and then log on as an administrator.

    You can verify that the changes that were originally made are not implemented for you because you have logged on to the computer as an administrator.
  14. Log off the computer, and then log on as another user (or users).

    You can verify that the changes that were originally made are implemented for you because you have logged on to the computer as a user (not an administrator) to that computer .
  15. Log on to the computer as an administrator to verify that the local policy does not affect you as the local administrator to that computer.

Popular posts from this blog

How to Reset Terminal license on Windows 2008, 2008 R2 and 2012

How to remove a static IP configuration for an absent network adapter or uninstall hidden network adapter