1

I have an XP machine where I want to lock it down and prevent what users can do on it.

I have disabled the control panel (along with a bunch of other stuff) using group policy.

This way the user accounts can't touch that stuff. But how do I administrate the computer?
Say I want to uninstall an application from the add/remove programs tool, or access anything else I have disabled on the administrator account?

I should mention, the computer is not on a domain.

Here's a good example:
I used the method here to restrict what programs can be run. But on the administrator account I need to have free access of what can be run so I can do maintenance tasks.

Improve this question
8
  • Are you connected to a domain or on a workgroup?
    – argentwolf
    Commented May 5, 2013 at 22:02
  • Are you the administrator and/or do the other users have administrator privileges? You stated you wanted to add/remove items on the administrator account?
    – argentwolf
    Commented May 5, 2013 at 22:04
  • @packets Not connected to a domain, but it is on a workgroup. There is only 1 administrator account on the computer and 2 user accounts that I want to lock down very tightly.
    – Josh
    Commented May 6, 2013 at 13:15
  • @Josh - If there is an administrator account you should log into that to install applications
    – Ramhound
    Commented May 6, 2013 at 14:04
  • 1
    The uninstall won't fail till it actually attempts to perform an action that requires administrative privileges. Depending on the uninstaller it may not happen until you click a menu or two in to the uninstaller. You may get a error dialog like I got, or you may get the Run As dialog. It all depends on how the installer was written to handle a permissions failure.
    – Scott Chamberlain
    Commented May 6, 2013 at 14:41

2 Answers 2

Reset to default
3

Many group policy settings can be set up to only apply to users if there members of a group.

Create a new group and put all of the users who you want to have restricted access to be members of that group. Then in Group Policy Management change the security filtering setting for the policy so it only applies to that group instead of all Authenticated users.

enter image description here

Improve this answer
1
  • I believe this is for if the computer is connected to a domain? I should have mentioned, it's not.
    – Josh
    Commented May 6, 2013 at 13:32
2

You can RDP into the computer to administer it.

Also note, most of the MMC Admin Tools can remotely connect to a computer. Regedit, Perfmon, Disk management and Computer Management are among others. . .

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .