How do I restrict access to local group policies?

Group PolicyThe system administrator is critical. administrators can easily modify the registry using group policies. How can they restrict access to local group policies? A detailed description is provided below.

As an advanced setting tool for the system administrator, the Group Policy includes setting policies for all aspects of the system, which not only enhances the security of the system, but also makes the system more personalized. When you set a system through a group policy, the priority level is higher than that set through the control panel. This setting is often mandatory. Due to the characteristics of the Group Policy, administrators do not want to change the system settings through the Group Policy, which involves the permission of Group Policy objects.

In Windows XP, the Group Policy objects of local computers are determined based on the user's account type, the Administrator account in the administrators group has full control permissions on the Group Policy objects. Restricted users in the users Group cannot access the local group policy. Because the XP system does not provide a policy object permission allocation mechanism for the Local Group, all accounts in the administrators group, including the system's built-in administrator users, have the same permissions on the Local Group Policy objects, each user can access the Local Group Policy and modify the system policy set by other users. This may cause confusion in system settings. Can this problem be achieved through other means that only the administrator has the permission to access and change the Local Group Policy, what if other members of the administrators group are restricted from accessing the Local Group Policy?

The Local Group Policy object is saved in the hidden folder "GroupPolicy" under \ windows \ system32. If the partition File System of the XP system is in NTFS format, with the security features of files and folders provided by the NTFS file system, you can easily restrict access to local group policies by limiting the user's access permissions to this folder.

You can set the access permission for the folder "GroupPolicy" as follows:

Step 1 log on to the system as an administrator, open "my computer", click "Folder Options" in the "Tools" menu, and click "View" option page, in the "Advanced Settings" list, select the "show all files and folders" option under "hide files and folders" and click "OK ";

Step 2 open the \ windows \ system32 folder, locate the hidden folder "GroupPolicy", right-click the folder, and select "properties ";

Step 3 click the "Security" option page and select "advanced" to cancel the selection of the "inherit permission projects from the parent project that can be applied to sub-objects, including those explicitly defined projects here" check box;

Step 4. Click "delete" in the displayed information window. The "permission project" list is cleared, as shown in 1;

Step 5 Click "add" | "advanced" | "Search now", select the "administrator" user in the list below the window, and click "OK" to return to the upper-level window, click "OK ";

Step 6: In the "GroupPolicy permission project" window, click the "full control" option in the "permission" column in the "permission" list, and then click "OK", as shown in 2;

Step 7 click "OK". Only one administrator user has full control over the folder "GroupPolicy", as shown in 3. Click "OK" to complete permission settings.

After permissions are set for the "GroupPolicy" folder, you can only log on to the system using the administrator account to access the Local Group Policy object and set and change the policy. After logging on to the system, other administrators can start the console to load the Group Policy Management Unit or run gpedit by running the mmc command. the msc launch Group Policy Editor displays the error message 4.

 

To restrict access to the local group policy using this method, pay attention to the following two points:

First, the administrator user has the highest access permission. Any policy setting on the system must be completed as the administrator account.

Secondly, the partition format of the XP system must be NTFS. Otherwise, access permissions to files and folders cannot be allocated.

It is hoped that the restricted access method to the local group policy described in this article will be helpful to the reader, and more knowledge about the Group Policy remains to be learned and mastered by the reader.