Here’s an interesting new feature of Windows Vista that will be a help to shared computing environments such as public libraries or those still inflicted with Windows NT 4.0 domains - Multiple Local Group Policy.
In environments where Windows is installed and not connected to a domain, locking down the user interface with Group Policy has been a challenge because local Group Policy applies to all users including Administrators. Windows Vista and Longhorn Server now allow the administrator to create multiple local Group Policy objects that can be applied to specific users or groups. It’s a simple process:
- Open the Microsoft Management Console by running MMC.EXE
- In the Console1 window, click File, and then click Add/Remove Snap-in.
- In the Add/Remove Snap-in dialog box, in the Available snap-ins list, click Group Policy Object Editor, and then click Add.
- In the Select Group Policy Object dialog box, ensure Local computer appears under Group Policy Object. Click Finish. This will add a standard local Group Policy object that will apply to the computer and all local users.
- To add a second local GPO to apply to non-Administrators, click Group Policy Object Editor under the Available standalone snap-ins list and then click Add.
- In the Select Group Policy Object dialog box, click Browse. Click the Users tab. Click the Non-Administrators group. Click OK. Click Finish.
It’s a simple as that. Now you can apply policies to non-Administrators without affecting administrator accounts on the machine. For a full step by step guide and discussion on this feature check out the following document from Microsoft:
Step-by-Step Guide to Managing Multiple Local Group Policy