Little-known Win2003 local policy setting tips

  

The Win2003 system has more users due to stability and security, but it is unfamiliar to the implementation of local policies. In fact, the local strategy can be applied to many aspects. Today we will explain in detail the details of the local strategy in Win2003.

1. Apply local policies to all users except administrators

To implement local policies for all users except administrators, perform the following steps: Log in as an administrator computer. Open the local security policy. To do this, do the following: Click Start Run, type gpedit.msc, and then press ENTER. Or click Start Run, type mmc, press ENTER, add “Group Policy Object Editor”, and then configure it for your local security policy. If removing the run command is one of the strategies you need, Microsoft recommends that you edit the policy through the “Microsoft Management Console (MMC) and save the result as an icon. This way, you don't need to use the run command to reopen the policy. Expand the User Configuration object and then expand the Administrative Template object.

2. Enable any strategy you need

(For example, “Hide ‘My Network Places’” or “Hide Internet Explorer Icons on the Desktop” ). Note: Be sure to choose the right strategy, otherwise you may limit the ability of an administrator to log in to the computer (and complete the steps required to configure the computer). Microsoft recommends that you document any changes you make. Turn off the "Gpedit.msc Group Policy" snap-in, or, if you use MMC, save the console as an icon so you can access it later and then log out of your computer. Log in to the computer as an administrator. You can verify previous policy changes in this login session because local policies are applied to all users, including administrators, by default. Log out of the computer and log in to the computer as all other users of the computer (you want them to apply these policies). These policies are implemented for all of these users and administrators. Note: These policies cannot be implemented for any user account that is not logged into the computer at this step. Log in to the computer as an administrator. Click Start, point to Control Panel, and then click Folder Options. Select the View tab, check “ Show hidden files or folders & rdquo;, then click OK to view the “Group Policy Hide folder. Alternatively, open “Windows Explorer>, click Tools, then click Folder Options to view these settings. Copy the Registry.pol file located in the %Systemroot%System32GroupPolicyUser folder to the backup location (for example, to another hard disk, floppy disk, or folder). Use the “Gpedit.msc Group Policy  snap-in or your MMC icon to open the local policy again and then enable the actual features that were disabled in the original policy created for this computer. Note: When you do this, the "policy editor" creates a new Registry.pol file. Close the Policy Editor and copy the created backup Registry.pol file back into the %Systemroot%System32GroupPolicyUser folder. When prompted to replace the existing file, click Yes. Log out of the computer and log in as an administrator. Since you are logged in to the computer as an administrator, you can verify that the initial changes were not implemented. Log out of the computer and log in as another user. Since you are logged in to the computer as a user (not an administrator), you can verify that the initial changes were implemented. Log in to the computer as an administrator to confirm that the local policy does not affect your ability to log in to the computer as a local administrator.

3, restore the original local policy

To revoke the process described in the "Apply local policy to all users except administrators" section, follow the steps below: Log in to the computer as an administrator. Click Start, point to Control Panel, and then click Folder Options. Click the View tab, click “Show hidden files and folders  and click OK to view the “Group Policy Hide folder. Alternatively, open “Windows Explorer>, click Tools, then click Folder Options. Move, rename, or delete the Registry.pol file from the %Systemroot%System32GroupPolicyUser folder. After you log out of your computer or restart your computer, the "Windows File Protection" system creates another default Registry.pol file. Open the local policy. To do this, click Start Run and type gpedit.msc. Alternatively, click Start Run, type mmc, and load the local security policy. Then, set all items that are set to disabled or enabled to unconfigured to undo any policy changes to the Windows Server 2003 registry implementation specified by the Registry.pol file. Log out of the computer as an administrator and log in to the computer as an administrator again. Log out of the computer and log in to the computer as all users of the local computer, so you can also undo changes to their accounts.

[#page_#] Finally, add the adan user just created to the DHCP administrator user group. With this setting, the user user of the adan user has the right to manage the DHCP server.

Copyright © Windows knowledge All Rights Reserved