Q

Using gpedit.msc without affecting admin rights

Site expert Kevin Beaver explains how you can use local and Active Directory policies to lock down laptops on a WLAN without affecting administrator privileges.

I am creating a "Gold" image for a group of laptops to be used in a large WLAN. I am interested in locking down certain and various functions. I want to use Policy Editor on the local machine to accomplish this. I know that many or most of the changes using gpedit.msc will affect administrators.

How much of this can I prevent or mitigate and how do I do it?

The simplest way I can think of would be to create your local policies as needed and then set domain or organizational unit (OU) policies in Active Directory (if you have it) to grant these "rights" back to administrators. In this case, where there's a conflict, local policies will be assigned a lower priority than your AD policies and thus will be overridden.

EDITOR'S NOTE: Here are some links to help you lock down your Windows laptops:

  • Learning Center: Securing Windows laptops
  • Tip: Physical security for laptops
  • Step-by-Step Guide: Locking down laptops that connect to hotspots
  • Tip: Don't let laptops infect your network
  • Tip: Physically secure all systems
  • This was first published in September 2005

    Dig deeper on User passwords and network permissions

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchVirtualDesktop

    SearchWindowsServer

    SearchExchange

    Close