mikescorpio81
Posts: 292 +0
Hi all,
I am currently locking down a PC for a client of mine. PC is used as a DMZ, used by the public only to access the internet. PC runs Windows XP Pro SP2.
While configuring the Local Group Policy through gpedit.msc (or through mmc - add/remove snap-in ...) I realised that while applying policies at the "User" level, the administrator account also inherits these policies. Sames goes if applied at the "Computer" level, but that goes without saying.
Luckily I was not applying them directly to the PC in question, rather applying local policies through a VMware session on my laptop, just in case something like this happened.
My question is how can I apply strong Local Group Policies on a PC WITHOUT the administrator account inheriting them?
I tried setting "Deny" permissions on the C:\WINDOWS\System32\GroupPolicy folder, but to make changes to GPO's you need access to this folder. I did work though!
I should also say that this PC is not joined to the Domain and is on a separate subnet to all other PC's.
Any help would be apreciated.
Cheers
I am currently locking down a PC for a client of mine. PC is used as a DMZ, used by the public only to access the internet. PC runs Windows XP Pro SP2.
While configuring the Local Group Policy through gpedit.msc (or through mmc - add/remove snap-in ...) I realised that while applying policies at the "User" level, the administrator account also inherits these policies. Sames goes if applied at the "Computer" level, but that goes without saying.
Luckily I was not applying them directly to the PC in question, rather applying local policies through a VMware session on my laptop, just in case something like this happened.
My question is how can I apply strong Local Group Policies on a PC WITHOUT the administrator account inheriting them?
I tried setting "Deny" permissions on the C:\WINDOWS\System32\GroupPolicy folder, but to make changes to GPO's you need access to this folder. I did work though!
I should also say that this PC is not joined to the Domain and is on a separate subnet to all other PC's.
Any help would be apreciated.
Cheers