Help with Group Policy?

C

CIS

New member
Local time
9:11 PM
Messages
28
Hi everyone,

I Googled this to death, but could not find a direct or easy answer to how to do this or even if its possible.

I want to know if its possible, on one local machine, to apply Group Policy restrictions to just one user account, or at least to prevent the restrictions from being applied to the administrator account? When I apply the Group Policy restrictions they do work, but they're automatically applied to (my) admin account as well.

Is there any feasible way to figure this out? You'd think it would be possible to do.

Thank you SO much to anyone who helps out.
 

My Computer

Computer Manufacturer/Model Number
HP Pavilion Laptop dv9000 series
OS
Microsoft® Windows 7™ Ultimate
CPU
Intel® Core 2 Duo @ 1.50 GHz
Memory
2.00 GB RAM
Graphics Card(s)
NVIDIA GeForce
Monitor(s) Displays
17" Laptop monitor
Internet Speed
1.5 Mbps DSL
Hi CIS,

As the concept of group policy is derived from the Client server network model a local policy, which I would assume is the type involved here, will apply to all local accounts.

If you can give more information on the restrictions you are trying to apply there may be an alternative method of achieving this for certain user groups only
 

My Computers

System One System Two

  • Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    ChillBlast - Custom to my design
    OS
    Windows 11 Pro x64 [Latest Release and Release Preview]
    CPU
    Ryzen 9 5950X, 3.8 - 5.2 MHz
    Motherboard
    Asus Prime X570-Pro
    Memory
    64GB [2 x 32GB] DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti
    Sound Card
    On-board SPDIF to 5.1 System + HDMI [5.1 system]
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160 @60Hz
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Workstation Case [Matt Black]
    Cooling
    NZXT Kraken X63 280mm CPU Cooler +2x Quiet Case fans
    Keyboard
    Logitech Wireless MX Keys & K400 + others
    Mouse
    Logitech Wireless MX Master 3S
    Internet Speed
    920 MB Down 50 MB Up
    Antivirus
    BitDefender Total Security Pro
    Browser
    Chrome (always run latest Non-Beta)
    Other Info
    Also run ...
    Laptop - Quad 8GB - Windows 10 Pro x64
    Nexus 7 Android tablet x2
    Samsung 10.2" tablet
    Blackview TAB 8 4G Android Tablet c/w Keyboard
    Wacom Intuos Pro Medium Pen Pad
    Wacom Intuos Pro Small Pen Pad
    Wacom Expresskeys Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control
  • Computer type
    Laptop
    System Manufacturer/Model Number
    Dell XPS 17 10750H
    OS
    Windows 11 Pro x64 Latest RP
    CPU
    Intel I7 10750H 5.0GHz
    Motherboard
    Dell XPS
    Memory
    32GB [2x16GB] DDR4 2933 MHz
    Graphics Card(s)
    nVidia GTX1650Ti 4 GB GDDR6
    Sound Card
    Stock [Realtek] 4 Speaker
    Monitor(s) Displays
    17" IPS UHD+ Infinity Edge Touchscreen
    Screen Resolution
    3840 x 2400
    Hard Drives
    2TB M2 NVMe, 4TB External + various 500GB & 1TB External NVMe (also have access to spinner HDD from
    PSU
    Stock
    Case
    Stock XPS Aluminium & Carbon Fibre
    Cooling
    Stock - Active Fan Control
    Keyboard
    Backlit + Various Logitech
    Mouse
    Stock Track Pad + Logitech MX Trackball
    Internet Speed
    72 MB Down 18MB Up
    Browser
    Chrome
    Other Info
    Also run ...
    Laptop - Quad 8GB - Windows 10 Pro x64
    Nexus 7 Android tablet x2
    10.2" tablet
    Sony Z3 Android Smartphone
    Wacom Intuos Pro Medium Pen Pad
    Wacom Intuos Pro Small Pen Pad
    Wacom Expresskeys Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
    10TB NAS
Thanks muchly for your quick reply, Nigel!

Basically I want to prevent the people who use the standard user account from closing a certain progam that will run from startup... it's the OpenDNS automatic IP updater software.

I know that Group Policy can block both the task manager and the system tray, so I'd hoped to use it. I can still use GP if there are no other workarounds, I'll just have to temporarily remove the settings every time I want to use the computer... which is a minor nuisance but I figured there must be a way to avoid applying the Group Policy restrictions to the admin account altogether.

Anyway thanks for your assistance.
 

My Computer

Computer Manufacturer/Model Number
HP Pavilion Laptop dv9000 series
OS
Microsoft® Windows 7™ Ultimate
CPU
Intel® Core 2 Duo @ 1.50 GHz
Memory
2.00 GB RAM
Graphics Card(s)
NVIDIA GeForce
Monitor(s) Displays
17" Laptop monitor
Internet Speed
1.5 Mbps DSL
One way that may work is to change the user permissions on the executable for the program you wish to restrict

for the task manager this would be taskmgr.exe.

if you add specific rights for those users you wish to use it and remove all the access from the everyone group from the executable, that should stop anyone using it you do not want to.

Another way would be to add the run as administrator to taskmgr.exe. any attempted use by a std user account should cause a UAC elevation prompt.

If I recall the actual openDNS updator can be hidden so that may be enough depending on the level of your users.

The run as admin trick is more difficult with this directly as you presumably wish it to run from a std user login - this is possible by setting the run as admin and then starting the program by use of a start-up task scheduler event for each user with the run with highest rights set on.

One warning with any of this is of course make a backup of the program before you experiment in case you lock yourself out.

You may feel that the group policy method is easier of course :)
 

My Computers

System One System Two

  • Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    ChillBlast - Custom to my design
    OS
    Windows 11 Pro x64 [Latest Release and Release Preview]
    CPU
    Ryzen 9 5950X, 3.8 - 5.2 MHz
    Motherboard
    Asus Prime X570-Pro
    Memory
    64GB [2 x 32GB] DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti
    Sound Card
    On-board SPDIF to 5.1 System + HDMI [5.1 system]
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160 @60Hz
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Workstation Case [Matt Black]
    Cooling
    NZXT Kraken X63 280mm CPU Cooler +2x Quiet Case fans
    Keyboard
    Logitech Wireless MX Keys & K400 + others
    Mouse
    Logitech Wireless MX Master 3S
    Internet Speed
    920 MB Down 50 MB Up
    Antivirus
    BitDefender Total Security Pro
    Browser
    Chrome (always run latest Non-Beta)
    Other Info
    Also run ...
    Laptop - Quad 8GB - Windows 10 Pro x64
    Nexus 7 Android tablet x2
    Samsung 10.2" tablet
    Blackview TAB 8 4G Android Tablet c/w Keyboard
    Wacom Intuos Pro Medium Pen Pad
    Wacom Intuos Pro Small Pen Pad
    Wacom Expresskeys Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control
  • Computer type
    Laptop
    System Manufacturer/Model Number
    Dell XPS 17 10750H
    OS
    Windows 11 Pro x64 Latest RP
    CPU
    Intel I7 10750H 5.0GHz
    Motherboard
    Dell XPS
    Memory
    32GB [2x16GB] DDR4 2933 MHz
    Graphics Card(s)
    nVidia GTX1650Ti 4 GB GDDR6
    Sound Card
    Stock [Realtek] 4 Speaker
    Monitor(s) Displays
    17" IPS UHD+ Infinity Edge Touchscreen
    Screen Resolution
    3840 x 2400
    Hard Drives
    2TB M2 NVMe, 4TB External + various 500GB & 1TB External NVMe (also have access to spinner HDD from
    PSU
    Stock
    Case
    Stock XPS Aluminium & Carbon Fibre
    Cooling
    Stock - Active Fan Control
    Keyboard
    Backlit + Various Logitech
    Mouse
    Stock Track Pad + Logitech MX Trackball
    Internet Speed
    72 MB Down 18MB Up
    Browser
    Chrome
    Other Info
    Also run ...
    Laptop - Quad 8GB - Windows 10 Pro x64
    Nexus 7 Android tablet x2
    10.2" tablet
    Sony Z3 Android Smartphone
    Wacom Intuos Pro Medium Pen Pad
    Wacom Intuos Pro Small Pen Pad
    Wacom Expresskeys Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
    10TB NAS
Thanks again for your suggestions, Nigel.

I checked OpenDNS Updater and yes, it turns out there is an auto-hide option. Now all I have to do is disable the Task Manager, which I'll just do through Group Policy.

Thanks!!
 

My Computer

Computer Manufacturer/Model Number
HP Pavilion Laptop dv9000 series
OS
Microsoft® Windows 7™ Ultimate
CPU
Intel® Core 2 Duo @ 1.50 GHz
Memory
2.00 GB RAM
Graphics Card(s)
NVIDIA GeForce
Monitor(s) Displays
17" Laptop monitor
Internet Speed
1.5 Mbps DSL
You must log in or register to reply here.

Similar threads

Why Windows 7 log on was slower with solid color background explained
Replies
2
Views
8K
michael diemer
M
Old Sony Vaio with Windows 7 64 bit and Recovery Partition
Replies
9
Views
3K
SIW2
SIW2
Can't connect to shared folder if password is enabled
Replies
0
Views
3K
tttony
T
Why I Like Portable Apps
Replies
0
Views
121K
dg1261
D
Solved Need help with Group Policy Editor from IT pro
Replies
6
Views
2K
file3456
F
Back
Top