Win2k User Config Question - Gurus I need your help!

[vec]

I'm configuring a standalone Win2k Professional workstation. There will only be two users defined, Administrator and another user, say Bob, who will belong to the Users group.

I want to limit access to certain parts of the system for Bob, but have it available for the Administrator. I used the Group Policy Manager program, gpedit.msc, to disable certain things, but the changes apply to all users. Is there a similar program I can use on a specific user basis?

For example, I don't want Bob to have access to the Control Panel. When I use gpedit.msc to disable the Control Panel, the changes affect Bob, but the Administrator as well. I need to disable it for Bob only, but have it available for the Administrator.

If anyone has any suggestions I'd appreciate it.

Thanks in advance,

 

[zigCorsair]

it sounds like you know what you're doing... so my suggestion may be completely unneccesary, but have you tried the basic security tab? g'luck!

 

[MulLa]

There are two way to do that. Either do what zigCorsair have suggested to assign permission through the security tab. Or you can specifically deny read / apply policy permissions to the administrator account / group.

 

[StuckMojo]

to use the group policies the way you want to, you need win2k server. AFAIK

 

[Palek]

Correct me if I am wrong, but I thought that "Users" did not have access to most (if not all) Control Panel functions... I thought that only "Power Users" and "Administrators" could fiddle with the settings in there.

 

[SaigonK]

In WIndows 2k Users have just about no access to anything.

 

[vec]

Thanks for the reply guys.

I guess I overlooked the obvious. What security tab? Where is it located?

What I would like to do is not even have the control panel available in the start->settings menu nor the My Computer folder for Bob. If I can't do that maybe the security tab thing would work.

Thanks again,

 

[Saltin]

Vec: The only way to place limitations like that on the desktop and menu's is via group policy. Unfortunately on a stand-alone box, any policy you set will apply to all the accounts on the computer, including the admin account. In order to define security settings on a per user basis, you would need an Active directory domain in place.

 

[Nothinman]

We needed to get around Group Policy limitations (or rather the fact that you can't limit their effect per user) without AD at work in our Citrix boxes. To do this we created a Group Policy Admin account, with full access to the group policy files, for making changes to the group policies, denied Administrator any access to the policy files (don't remember where they are right now, I'm not the Citrix guy) so they couldn't take effect when he logged in and allowed all other users read-only access to the files so they did take effect.

It's a hack, but it works.

 

[vec]

I guess I'll work with the limitations for now. I appreciate your help.

Thanks,
Vince