I'm a sys admin in a call center for a production floor of about 150 users. The network here is configured in a workgroup model due to some company policies and so no centralized administration. I use the win 98 policy editor (poledit) to create local policies for the users and restrict their accesses to resources. Lately I discovered that users are able to reach control panel and make changes even though thats restricted in their policy, when I investigated into this I found that the control panel can be accessed by going to My Documents>My Computer>Change Settings and with this a problematic user can make reasonable changes to display, regional settings etc. can control panel access be stopped completely in XP using local policy ? or can we stop access to my documents for XP prof users ? Help ! :!:
Mm.. yes with XP you can restrict access to more things than you'd ever want to. You have to use the group policy editor. Click start >> run >> and type gpedit.msc
Once it opens up it can be pretty confusing, there are millions of settings that you can change. I think you'd need to go to 'User Configuration' >> Administrative Templates >> Control Panel
You can also save the policy and load it on different machines, or even manage a machine remotely.. However you should seriously think of moving to a basic domain model, its a little random to have to handle 150 users without centralised administration. Speak to your compan and tell them that this is not the way its supposed to be done !
Thanx Sahir that was help but only for the time being
gpedit.msc applies the policy on all the users and so each time i need access to control panel i'll need to run gpedit.msc also.
I agree that we should implement a domain but the company is not willing to pay becoz they think since everything is going smooth ... (not for me thou) ... its not required. can u figure out a good reason why the company must invest ? like some potential problem or a major disaster? :twisted:
As Sahirh mentioned, administration of many users can get a bit labor intensive and would be easier to handle on a domain model.
A lot depends on how many servers you have and how much time you are spending administering each machine.
For example, if you add a new server and want to control access, in your environment, you would have add each user to the server. In a domain model, this would already be handled by the domain controller.