Manage Learn to apply best practices and optimize your operations.

Using gpedit.msc without affecting admin rights

Site expert Kevin Beaver explains how you can use local and Active Directory policies to lock down laptops on a WLAN without affecting administrator privileges.

I am creating a "Gold" image for a group of laptops to be used in a large WLAN. I am interested in locking down certain and various functions. I want to use Policy Editor on the local machine to accomplish this. I know that many or most of the changes using gpedit.msc will affect administrators.

How much of this can I prevent or mitigate and how do I do it?

The simplest way I can think of would be to create your local policies as needed and then set domain or organizational unit (OU) policies in Active Directory (if you have it) to grant these "rights" back to administrators. In this case, where there's a conflict, local policies will be assigned a lower priority than your AD policies and thus will be overridden.

EDITOR'S NOTE: Here are some links to help you lock down your Windows laptops:

  • Learning Center: Securing Windows laptops
  • Tip: Physical security for laptops
  • Step-by-Step Guide: Locking down laptops that connect to hotspots
  • Tip: Don't let laptops infect your network
  • Tip: Physically secure all systems
  • Dig Deeper on Windows legacy operating systems

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.