General discussion

Locked

Do you know of a way to change user based group policy settings in AD?

By jgreene ·
Just a example. We have locked down user with AD group policy no control panel, no run option, no c drive, etc. Now a desktop tech has to come up and work on the end users workstation as the user. We would like to see if there is a command or program they can run that will undo the user policy changes temporarily as the user. That way a desktop technician can troubleshoot the issue as the user.

I found the following and wrapped it up in a batch file, but it doesn't seem to change the user side of group policies.

secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

That resets the operating system back to original installation default security settings.

This arctile describes the full functionality:

http://support.microsoft.com/default.aspx?scid=kb;en-us;313222

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Comments

Collapse -

GPO

by p.j.hutchison In reply to Do you know of a way to c ...

GPOs will always override any local settings, temporary or not. To undo them you need to create a new GPO and only apply it to the users you wish to change back. In the GPO you can reverse the settings to what they should be w/o them.
Use the Group Management Console rather than the built in GPO features of ADU&C.

Collapse -

Temp OU

by force In reply to Do you know of a way to c ...

Wouldn't be best if you only create one OU that is not under the influence of GPO that has restriction.

If you must do something at the user workstation you just drag the user to temp OU so you have default settings at that machine at the moment. Once you are finished you just return user to his primary OU.

That way you can log and work as user but with no restriction of your GPO's

Collapse -

Kill Policy

by jgreene In reply to Temp OU

I found the following tool that seems pretty neat. It worked for what we needed it to do which was reset all of the user configurations back to default temporarily. You then have a option to reset policy after you are done with everything.
http://www.petri.co.il/killpol.htm

Back to Hardware Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums