Ask the Expert

Using gpedit.msc without affecting admin rights

I am creating a "Gold" image for a group of laptops to be used in a large WLAN. I am interested in locking down certain and various functions. I want to use Policy Editor on the local machine to accomplish this. I know that many or most of the changes using gpedit.msc will affect administrators.

How much of this can I prevent or mitigate and how do I do it?

The simplest way I can think of would be to create your local policies as needed and then set domain or organizational unit (OU) policies in Active Directory (if you have it) to grant these "rights" back to administrators. In this case, where there's a conflict, local policies will be assigned a lower priority than your AD policies and thus will be overridden.

EDITOR'S NOTE: Here are some links to help you lock down your Windows laptops:

  • Learning Center: Securing Windows laptops
  • Tip: Physical security for laptops
  • Step-by-Step Guide: Locking down laptops that connect to hotspots
  • Tip: Don't let laptops infect your network
  • Tip: Physically secure all systems
  • This was first published in September 2005

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: