restrict users except admin

[jalal1100]

Hi guys . I need your help.
I have a windows XP Professional and my os has an admin user and
3 limited user(standard user) now my problem is:
I want to restrict 3 limited users with local group policy(gpedit.msc)
but (for example when I want to disable recycle bin for 3 users)it affects
to the admin users .
summary
How can I restict 3 users with group policy EXCEPT admin users
I am waiting for yaour answer

با سلام همانطور که در بالا گفتم میخوام بدونم چطور میتوانم USER limitedرا محدود کنم بدون اینکه روی ADMIN USER تاثیر بگذارد ((With Local Group Policy

---

موضوعات مشابه:

• اجازه ندادن به Admin Domain جهت مونیتور Admin دیگر ...
• Using ISA Content Groups to Restrict the Use of Non Business Related Traffic
• دور زدن admin( ساخت admin account )
• channging NTTacPlus console log in user &password (admin & admin)

---

[MCITP]

Hi guys . I need your help.
I have a windows XP Professional and my os has an admin user and
3 limited user(standard user) now my problem is:
I want to restrict 3 limited users with local group policy(gpedit.msc)
but (for example when I want to disable recycle bin for 3 users)it affects
to the admin users .
summary
How can I restict 3 users with group policy EXCEPT admin users
I am waiting for yaour answer

با سلام همانطور که در بالا گفتم میخوام بدونم چطور میتوانم USER limitedرا محدود کنم بدون اینکه روی ADMIN USER تاثیر بگذارد ((With Local Group Policy

داخل شبکه دومین فوق العاده راحت است

تمامی User رو بزار تو یه OU به Properties - Policy Tab برو از این قسمت به بعد کاملا واضح است

بعد GPupdate هم فراموش نکن از این به بعد هر کی رو داخل OU بزاری همه تمامی Policy ها رو به ارث

می برند

[jalal1100]

محمد جان سلام من اینو می دونستم
من منظورم اینه که در یک ویندوز چطور می توان این کارو کرد ؟

[mfm7]

محمد جان سلام من اینو می دونستم
من منظورم اینه که در یم ویندوز چطور می توان این کارو کرد ؟

regedit ویندوز
منم این مشکل و داشتم یک نرم افزار داشتم که حتماً باید برای استفاده ازش ادمین بودی ولی می خواستم کار برام محدود باشن
برای مثال : بستن run
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer]
"NoRun"=dword:00000001

بستن taskmgr:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"DisableTaskMgr"=hex:01,00,00,00

بستن راست کلیک :
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer]
"NoViewContextMenu"=hex:01,00,00,00

و ...

در آخرم باید ریجستری ببندی:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"DisableRegistryTools"=dword:00000001




راستی هرکی راه حل بهتری داره بگه چون منم لازم دارم

[Hakimi]

HOW TO: Apply Local Policies to All Users Except Administrators on Windows XP in a Workgroup Setting

You use the Group Policy console to apply restrictions. Before you go rushing off to lock down your users, however, keep this in mind: The changes you're going to make will initially affect the local administrator account on each computer. Don't apply any restrictions that will prevent you from later removing the restrictions from the administrator account. You might want to temporarily create an account with membership in the Administrators group to use in case you have problems and need to undo the restrictions.

1. Log on as Administrator.
2. Go to Start | Run and enter Gpedit.msc in the Open dialog box to start the Group Policy console.
3. Open the User Configuration/Administrative Templates branch and change settings as desired to enable restrictions as needed. The settings for each restriction vary.
4. Close the Group Policy console and log off; then log on again as Administrator to apply the change.
5. Log off and log on as another user to verify that the restrictions are applied. Log off and then log on as each of the other users, in turn, to whom you want to apply the restrictions.
6. Log on as Administrator and copy the file %systemroot%\System32\GroupPolicy\User\registry.po l to a backup location and name it UserReg.pol. Copy the file %systemroot%\System32\GroupPolicy\Machine\registry .pol to the same backup location and name it MachineReg.pol.
7. Open the Group Policy console and remove the restrictions applied in step four. In some cases, you might need to use the opposite setting from the one applied in step three. For example, if you selected Enable to apply a given restriction, choose Disable to remove the restriction, rather than Not Configured (which applies no change to the registry).
8. Close the Group Policy console and then copy the backup UserReg.pol file created in step six back to %systemroot%\System32\GroupPolicy\User\registry.po l, making sure to rename the file Registry.pol. Copy the backup MachineReg.pol created in step six back to %systemroot%\System32\GroupPolicy\Machine\registry .pol, making sure to rename the file Registry.pol.
9. Log off as administrator and log on as one of the restricted users to verify that the restrictions are in place. Log off and then log back on as administrator to verify that the restrictions are not applied to the administrator account. As long as you didn't use your own nonadministrator account to log on in step five, that account will not have the restrictions applied.

Source: How do I… Apply local Windows XP restrictions with the Group Policy Console