Windows 7 - Help with Group Policy?

Hi everyone,

I Googled this to death, but could not find a direct or easy answer to how to do this or even if its possible.

I want to know if its possible, on one local machine, to apply Group Policy restrictions to just one user account, or at least to prevent the restrictions from being applied to the administrator account? When I apply the Group Policy restrictions they do work, but they're automatically applied to (my) admin account as well.

Is there any feasible way to figure this out? You'd think it would be possible to do.

Thank you SO much to anyone who helps out.

Hi CIS,

As the concept of group policy is derived from the Client server network model a local policy, which I would assume is the type involved here, will apply to all local accounts.

If you can give more information on the restrictions you are trying to apply there may be an alternative method of achieving this for certain user groups only

Thanks muchly for your quick reply, Nigel!

Basically I want to prevent the people who use the standard user account from closing a certain progam that will run from startup... it's the OpenDNS automatic IP updater software.

I know that Group Policy can block both the task manager and the system tray, so I'd hoped to use it. I can still use GP if there are no other workarounds, I'll just have to temporarily remove the settings every time I want to use the computer... which is a minor nuisance but I figured there must be a way to avoid applying the Group Policy restrictions to the admin account altogether.

Anyway thanks for your assistance.

One way that may work is to change the user permissions on the executable for the program you wish to restrict

for the task manager this would be taskmgr.exe.

if you add specific rights for those users you wish to use it and remove all the access from the everyone group from the executable, that should stop anyone using it you do not want to.

Another way would be to add the run as administrator to taskmgr.exe. any attempted use by a std user account should cause a UAC elevation prompt.

If I recall the actual openDNS updator can be hidden so that may be enough depending on the level of your users.

The run as admin trick is more difficult with this directly as you presumably wish it to run from a std user login - this is possible by setting the run as admin and then starting the program by use of a start-up task scheduler event for each user with the run with highest rights set on.

One warning with any of this is of course make a backup of the program before you experiment in case you lock yourself out.

You may feel that the group policy method is easier of course

Thanks again for your suggestions, Nigel.

I checked OpenDNS Updater and yes, it turns out there is an auto-hide option. Now all I have to do is disable the Task Manager, which I'll just do through Group Policy.

Thanks!!