About the implementation of local group policy of win 2003 system

In the system, users often ignore the application of local policy. In fact, if we master the method of application, it will be more convenient for us to use the system. Next, this article describes how to work. Apply local policies to all users except administrators on a Windows Server 2003-based computer in a group setup.

When using a Windows Server 2003-based computer in a workgroup setting instead of a domain, you might need to implement a local policy on that computer that can be applied to all users of that computer, but not to apply administrator. With this exception, administrators can retain unrestricted access and control of the computer and can also restrict who can log in to the computer.

Apply local policies to all users except administrators

To implement local policies for all users except administrators, perform the following steps:

to manage Log in to the computer as a member.

Open the local security policy. To do this, do the following:

Click Start\\Run, type gpedit.msc, and then press ENTER.

Or click Start\\Run, type mmc, press ENTER, add “Group Policy Object Editor”, then configure it for your local security policy.

If deleting a run command is one of the strategies you need, Microsoft recommends that you edit the policy through the “Microsoft Management Console (MMC) and save the result as an icon. This way, you don't need to use the run command to reopen the policy.

Expand the User Configuration object and then expand the Administrative Template object.

Enable any strategy you need (for example, “Hide ‘My Network Places’” or “Hide the Internet Explorer icon on the desktop”).

Note: Be sure to choose the right strategy, otherwise you may limit the ability of the administrator to log in to the computer (and complete the steps required to configure the computer). Microsoft recommends that you document any changes you make.

Close the “Gpedit.msc Group Policy<; snap-in, or, if you use MMC, save the console as an icon so you can access it later and then log out of your computer.

Log in to the computer as an administrator.

You can verify previous policy changes in this login session because local policies are applied to all users, including administrators, by default.

Log out of the computer and log in to the computer as all other users of the computer (you want them to apply these policies). These policies are implemented for all of these users and administrators.

Note: These policies cannot be implemented for any user account that is not logged into the computer at this step.

Log in to the computer as an administrator.

Click Start, point to Control Panel, and then click Folder Options. Select the View tab, check “ Show hidden files or folders & rdquo;, then click OK to view the “Group Policy Hide folder. Alternatively, open “Windows Explorer>, click Tools, then click Folder Options to view these settings.

Copy the Registry.pol file located in the %Systemroot%\\System32\\GroupPolicy\\User folder to the backup location (for example, to another hard disk, floppy disk, or folder).

Use the “Gpedit.msc Group Policy  snap-in or your MMC icon to open the local policy again and then enable the actual features that were disabled in the original policy created for this computer.

Note: When you do this, the "policy editor" creates a new Registry.pol file.

Close the Policy Editor and copy the created backup Registry.pol file back into the %Systemroot%\\System32\\GroupPolicy\\User folder.

When prompted to replace an existing file, click Yes.