how can I limit ts local user on a stand alone server?

I have a 2003 srv stand alone (not domain), I need to limit some teminal
server user, for exmple not shut down, remove items from start menu and
other things that are easy to do with gpo and domain.
I've tryed to modify the local policy, section user, but the the policy are
applyed to ALL users, included administrator.
How can I make a local policy and have it appied only to some users?
Thank you
Alex

Hello Alex,

You can edit for some security settings the "Local security policy", Local
policies, User rights assignment:
"Shut down the system"

Additional have a look at this article:
http://support.microsoft.com/kb/325351

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I have a 2003 srv stand alone (not domain), I need to limit some
> teminal
> server user, for exmple not shut down, remove items from start menu
> and
> other things that are easy to do with gpo and domain.
> I've tryed to modify the local policy, section user, but the the
> policy are
> applyed to ALL users, included administrator.
> How can I make a local policy and have it appied only to some users?
> Thank you
> Alex

yes but then the policy apply to all users, included administrator!!

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel messaggio
news: .com...
> Hello Alex,
>
> You can edit for some security settings the "Local security policy", Local
> policies, User rights assignment:
> "Shut down the system"
>
> Additional have a look at this article:
> http://support.microsoft.com/kb/325351
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I have a 2003 srv stand alone (not domain), I need to limit some
>> teminal
>> server user, for exmple not shut down, remove items from start menu
>> and
>> other things that are easy to do with gpo and domain.
>> I've tryed to modify the local policy, section user, but the the
>> policy are
>> applyed to ALL users, included administrator.
>> How can I make a local policy and have it appied only to some users?
>> Thank you
>> Alex
>
>

sorry, I've read just now the article... Thank you!
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel messaggio
news: .com...
> Hello Alex,
>
> You can edit for some security settings the "Local security policy", Local
> policies, User rights assignment:
> "Shut down the system"
>
> Additional have a look at this article:
> http://support.microsoft.com/kb/325351
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I have a 2003 srv stand alone (not domain), I need to limit some
>> teminal
>> server user, for exmple not shut down, remove items from start menu
>> and
>> other things that are easy to do with gpo and domain.
>> I've tryed to modify the local policy, section user, but the the
>> policy are
>> applyed to ALL users, included administrator.
>> How can I make a local policy and have it appied only to some users?
>> Thank you
>> Alex
>
>

Hello Alex,

For the "shut down the system" setting you add the groups that are allowed
to do it. So you can only use the administrators group. For the rest you
have the article as you saw.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> yes but then the policy apply to all users, included administrator!!
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel
> messaggio news: .com...
>
>> Hello Alex,
>>
>> You can edit for some security settings the "Local security policy",
>> Local
>> policies, User rights assignment:
>> "Shut down the system"
>> Additional have a look at this article:
>> http://support.microsoft.com/kb/325351
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I have a 2003 srv stand alone (not domain), I need to limit some
>>> teminal
>>> server user, for exmple not shut down, remove items from start menu
>>> and
>>> other things that are easy to do with gpo and domain.
>>> I've tryed to modify the local policy, section user, but the the
>>> policy are
>>> applyed to ALL users, included administrator.
>>> How can I make a local policy and have it appied only to some users?
>>> Thank you
>>> Alex

I've tryed with the article, but if administrator run gpupdate / force the
policy are reapplyed also to administrator.

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel messaggio
news: .com...
> Hello Alex,
>
> For the "shut down the system" setting you add the groups that are allowed
> to do it. So you can only use the administrators group. For the rest you
> have the article as you saw.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> yes but then the policy apply to all users, included administrator!!
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel
>> messaggio news: .com...
>>
>>> Hello Alex,
>>>
>>> You can edit for some security settings the "Local security policy",
>>> Local
>>> policies, User rights assignment:
>>> "Shut down the system"
>>> Additional have a look at this article:
>>> http://support.microsoft.com/kb/325351
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> I have a 2003 srv stand alone (not domain), I need to limit some
>>>> teminal
>>>> server user, for exmple not shut down, remove items from start menu
>>>> and
>>>> other things that are easy to do with gpo and domain.
>>>> I've tryed to modify the local policy, section user, but the the
>>>> policy are
>>>> applyed to ALL users, included administrator.
>>>> How can I make a local policy and have it appied only to some users?
>>>> Thank you
>>>> Alex
>
>

Hello Alex,

If you follow the steps in the article there is no need to run gpupdate command.
The machine is a workgroup machine and not only disconnected from a domain?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I've tryed with the article, but if administrator run gpupdate / force
> the policy are reapplyed also to administrator.
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel
> messaggio news: .com...
>
>> Hello Alex,
>>
>> For the "shut down the system" setting you add the groups that are
>> allowed to do it. So you can only use the administrators group. For
>> the rest you have the article as you saw.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> yes but then the policy apply to all users, included administrator!!
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel
>>> messaggio news: .com...
>>>
>>>> Hello Alex,
>>>>
>>>> You can edit for some security settings the "Local security
>>>> policy",
>>>> Local
>>>> policies, User rights assignment:
>>>> "Shut down the system"
>>>> Additional have a look at this article:
>>>> http://support.microsoft.com/kb/325351
>>>> Best regards
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> I have a 2003 srv stand alone (not domain), I need to limit some
>>>>> teminal
>>>>> server user, for exmple not shut down, remove items from start
>>>>> menu
>>>>> and
>>>>> other things that are easy to do with gpo and domain.
>>>>> I've tryed to modify the local policy, section user, but the the
>>>>> policy are
>>>>> applyed to ALL users, included administrator.
>>>>> How can I make a local policy and have it appied only to some
>>>>> users?
>>>>> Thank you
>>>>> Alex

it's a workgroup server. I follow the article and it works fine, but if
somebody runs gpupdate the stict policy is reapplyed to administrator. In
this case administrator will loose his role...
Maybe I can try to deny administrator read permission on registry.pol ...

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel messaggio
news: .com...
> Hello Alex,
>
> If you follow the steps in the article there is no need to run gpupdate
> command. The machine is a workgroup machine and not only disconnected from
> a domain?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I've tryed with the article, but if administrator run gpupdate / force
>> the policy are reapplyed also to administrator.
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel
>> messaggio news: .com...
>>
>>> Hello Alex,
>>>
>>> For the "shut down the system" setting you add the groups that are
>>> allowed to do it. So you can only use the administrators group. For
>>> the rest you have the article as you saw.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> yes but then the policy apply to all users, included administrator!!
>>>>
>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel
>>>> messaggio news: .com...
>>>>
>>>>> Hello Alex,
>>>>>
>>>>> You can edit for some security settings the "Local security
>>>>> policy",
>>>>> Local
>>>>> policies, User rights assignment:
>>>>> "Shut down the system"
>>>>> Additional have a look at this article:
>>>>> http://support.microsoft.com/kb/325351
>>>>> Best regards
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> I have a 2003 srv stand alone (not domain), I need to limit some
>>>>>> teminal
>>>>>> server user, for exmple not shut down, remove items from start
>>>>>> menu
>>>>>> and
>>>>>> other things that are easy to do with gpo and domain.
>>>>>> I've tryed to modify the local policy, section user, but the the
>>>>>> policy are
>>>>>> applyed to ALL users, included administrator.
>>>>>> How can I make a local policy and have it appied only to some
>>>>>> users?
>>>>>> Thank you
>>>>>> Alex
>
>

Hello Alex,

Reconfigure gpupdate.exe permissions for administrators only. I can not test
it in the moment. Maybe i will find later on some time.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> it's a workgroup server. I follow the article and it works fine, but
> if
> somebody runs gpupdate the stict policy is reapplyed to administrator.
> In
> this case administrator will loose his role...
> Maybe I can try to deny administrator read permission on registry.pol
> ...
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel
> messaggio news: .com...
>
>> Hello Alex,
>>
>> If you follow the steps in the article there is no need to run
>> gpupdate command. The machine is a workgroup machine and not only
>> disconnected from a domain?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I've tryed with the article, but if administrator run gpupdate /
>>> force the policy are reapplyed also to administrator.
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel
>>> messaggio news: .com...
>>>
>>>> Hello Alex,
>>>>
>>>> For the "shut down the system" setting you add the groups that are
>>>> allowed to do it. So you can only use the administrators group. For
>>>> the rest you have the article as you saw.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> yes but then the policy apply to all users, included
>>>>> administrator!!
>>>>>
>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> ha scritto nel
>>>>> messaggio
>>>>> news: .com...
>>>>>
>>>>>> Hello Alex,
>>>>>>
>>>>>> You can edit for some security settings the "Local security
>>>>>> policy",
>>>>>> Local
>>>>>> policies, User rights assignment:
>>>>>> "Shut down the system"
>>>>>> Additional have a look at this article:
>>>>>> http://support.microsoft.com/kb/325351
>>>>>> Best regards
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>>> confers no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> I have a 2003 srv stand alone (not domain), I need to limit some
>>>>>>> teminal
>>>>>>> server user, for exmple not shut down, remove items from start
>>>>>>> menu
>>>>>>> and
>>>>>>> other things that are easy to do with gpo and domain.
>>>>>>> I've tryed to modify the local policy, section user, but the the
>>>>>>> policy are
>>>>>>> applyed to ALL users, included administrator.
>>>>>>> How can I make a local policy and have it appied only to some
>>>>>>> users?
>>>>>>> Thank you
>>>>>>> Alex