Over 1 million tech questions and answers.

Firewall Rules defined in Local Group Policy not applied after reboot

Q: Firewall Rules defined in Local Group Policy not applied after reboot

I am working with a Windows 7 Embedded system that is in a workgroup (not on a domain). The firewall rules are specified in the Local Group Policy. Much of the system has been locked down according to DoD standards. The first time the system identifies a
local private network, all firewall rules are applied as expected. After a reboot, only firewalls specified in local settings (the MMC snapin) are applied as seen through the Advanced Firewall Monitoring in the MMC snapin. I can run "gpupdate /force"
to re-apply the rules. However the firewall reverts to local rules after the next reboot.
The local group policy is configured to not allow local rules. The behavior with this set seems to be opposite of expectations (local is merged, GPO rules are not) but changing this does not change the outcome.
I've reviewed all of the Windows event logs that I know to be applicable, and find little to go on. Any help would be appreciated.

Read other answers
Preferred Solution: Firewall Rules defined in Local Group Policy not applied after reboot

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)


I was setting up local group policies on a laptop so I could apply them to non-admin accounts. Well I goofed and accidentally applied the policies to all users including the admin. The problem is I was restricting access to all programs except a certain few like internet explorer, remote desktop, etc as users will only need to access their webmail and remote desktop to access the terminal server. Now I cannot do anything with the admin profile because the policy was applied to my account as well. What can I do??

A:Accidentally applied local group policy to all user groups

Which Administrator account did you apply this to? The default or did you enable the built-in Administrator account and apply it to that also?

If you didn't go through any steps to activate an admin account previously, you could probably enable the built-in one and change the settings for the normal Administrator account.

Built-in Administrator Account - Enable or Disable

Read other 2 answers

I want to check a particular windows user rights assignment local group policy applied or not through batch file in windows xp

the policy's are Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on through Terminal Services Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Debug programs Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Log on as a service Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Perform volume maintenance tasks Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Bypass traverse checking Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Log on as a batch job Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Add workstations to domain Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Modify firmware environment values Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Enable c... Read more

Read other answers


we have a Small Business Server 2000. I am trying to create a group policy but it doesnt seem to get applied.

First of all I thought, for testing purposes, i would do a simple one - just disable control panel.

So i created a new OU within
AD Users and Computers --> domain --> MyBusiness --> TESTOU

i placed one client computer in here and created a new group policy going through the administrative templates --> control Panel choosing to disable control panel.

Then I ran "secedit /refreshpolicy machine_policy /enforce (and also without the /enforce)

I have also restarted the client machine I placed in the TESTOU but to no avail. Is there something I am missing?? any help much appreciated

Read other answers

I use Windows Firewall with advanced rules applied (such as remote desktop & ftp server ports, etc.). I am getting daily notifications that my firewall "is in an unsafe configuration and is being managed by your system administrator", but when I open WF with Advanced Security It says it is on for all 3 profiles (domain, public, private).

I suspect that the following is my problem, but don't know how to change it: Advanced settings for all 3 profiles say "Inbound connections that do not match a rule are allowed". Same for Outbound.

How can I fix this?

Read other answers

Hi All,
I'm having trouble in an AD environment whereby group policy fails to apply if the user has saved passwords (control panel > user accounts > advanced > manage passwords) to access resources on the DC

Microsoft recommend deleting the saved passwords and running gpupdate /force, however this is far from ideal as users will simply cache their passwords and GP once again breaks. I cant be removing saved passwords from 40 pc's every time theres a change in group policy.

Event viewer logs the following:

Event ID: 1030 Source: Userenv
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

Event ID: 40961 Source: LSASRC Category: SPNEGO (Negotiator)
The Security System could not establish a secured connection with the server ldap/XXXX. No authentication protocol was available.

Does anyone know of, or can anyone think of a workaround for this problem?

Read other answers

I work in a primary school and our new Windows 8.1 machines have an issue where users (everyone has roaming profiles) that are logging onto the machine for the first time won't end up with the correct 'group policy applied' proxy settings.

The (group policy / registry preferences) proxy settings I want the different groups of users to have *are* being applied (verified using process monitor) but I can then see something else (still in the same svchost process) is then taking the ones configured
for the local system account (in HKEY_USERS\.Default) and overwriting them. Different user groups use different proxy ports for filtering reasons, so it's crucial the right groups of users get the right settings.

Whatever is overwriting them, when the user has no cached roaming profile on the machine, does not do it again if they log off and then on again. The problem being, users don't have a set machine and the cached roaming profiles are removed when the machine
shuts down using an updated version of delprof... so when the machine boots up again, it's like the users are all logging on for the first time - except they have roaming profiles so they aren't really!

Having spent far too long looking into the issue, I'm as positive as I can be that it's nothing I'm doing and we do not have any issue with the same settings / policies being applied on our Windows 7 or old XP machines. Group policy configures the user's
proxy settings and nothing else touches them.

So what ... Read more

Read other answers

Hi all
For the past 6 months we have received reports of PC's taking up to an hour to get to the login prompt.
All our PC's are running Windows 7 32/64 Bit.
The message is always "Applying Group Policy Local Users and Groups policy"
Once it gets to the login prompt they will login with no problem.
I have enabled GPO logging on 1 PC and the results show as below (sorry for the wall of text) Boot time was 15:16.
I was hoping someone else had come across this issue and maybe has some insight
Network team say "its not the network"!!
Server Team say "Its not DNS or Group Policy" !! 
So its been left with me on the desktop team to diagnose the fault
Paul Griffiths - NHS Trust in Bristol

GPSVC(534.75c) 15:17:14:459 ProcessGPOs: -----------------------
GPSVC(534.75c) 15:17:14:459 ProcessGPOs: Processing extension Group Policy Local Users and Groups
GPSVC(534.75c) 15:17:14:459 ReadStatus: Read Extension's Previous status successfully.
GPSVC(534.75c) 15:17:14:459 CompareGPOLists:  The lists are the same.
GPSVC(534.75c) 15:17:14:459 GPLockPolicySection: Sid = (null), dwTimeout = 30000, dwFlags = 0
GPSVC(534.75c) 15:17:14:459 LockPolicySection called for user <Machine>
GPSVC(534.75c) 15:17:14:459 Sync Lock Called
GPSVC(534.75c) 15:17:14:459 Writer Lock got immediately.
GPSVC(534.75c) 15:17:14:459 Lock taken successfully
GPSVC(534.75c) 15:17:14:459 ProcessGPOList: Entering for extension Group Policy ... Read more

Read other answers

Hi Team,
Please let me know what is the standard Setting for below Security Setting ( Audit Policy ), which are followed in most of the Company.

For Eg:- Should i set ' Success & Failure ' for ' Audit account logon events ' & for ' Audit account management' etc...

Thanks & Regards,

Read other answers

Will either of these allow me to restrict drive access to a single user only? I've tried to restrict drive access with Group Policy Editor but it applies the restriction globally--even to me the administrator.

Could anyone let me know if this is possible and how to do it?

Much thanks.

A:Group Policy Editor or Local Security Policy

I take it that you want to restrict access to this drive to everyone but yourself. Which drive are you referring to, is it locally connected or via a network?

Read other 6 answers

Windows 7 Enterprise 64 bit
I adjusted Group Policy so additional authentication (PIN) would be required.
I thought I would need to uncheck the first option (Allow BL w/o TPM) because I want to require TPM.
When I rebooted (and after enabling TPM - F10), I attempted to activate Bitlocker (via the Control Panel) and this error message displayed:
"The Group Policy settings for BitLocker startup options are in conflict and cannot be applied.  Contact your system administrator for more information."
After (re)checking the first option (Allow BL w/o TPM) and leaving the default settings, except for the Require PIN and TPM option...
 I redid the entire process (F10 to enable TPM and so forth), but when attempting to activate Bitlocker for the second time, this message displayed:
"The Group Policy settings for BitLocker startup options are in conflict and cannot be applied.  Contact your system administrator for more information."
I had a window of opportunity to make this happen, given the time it can take to actually encrypt the drive, and I was not able to make this happen.
I do not like not being able to make things hap... Read more

A:"The Group Policy settings for BitLocker startup options are in conflict and cannot be applied."

I just had the same issue today, so here is what doesn't work with you :
If you have a motherboard and a BIOS compatible with a TPM, you can uncheck the first option "Allow Bitlocker without a compatible TPM".
Then, Microsoft has made a mistake with the terms that are being used (in my point of view) : in fact, you have to understand you cannot "require" an option if you "allow" some others...
So you have 2 choices :
 - either you "allow" each option so you can choose which one when you set Bitlocker on,
 - or you can "require" an option and disable all the others, so you will not be able to make a choice when you set bitlocker on.
I hope that is clear enough...
 - Tibap.

Read other 3 answers

I have a large network of about 500 machines on a domain. I have set up a local account for exams, with a special local Group Policy that is for non-administrators. The group policy restricts almost everything apart from a few applications.

I need to copy this GP over to another 20-30 machines. Is there any way i can do this.

Copying %systemroot%\system32\grouppolicy didn't work.

A:How to copy local Group Policy?

Welcome to Sevenforums theslowminded!

After you copied the policy over, did you force the update?

gpupdate /force

Read other 4 answers

Hi, I have a local group policy on Vista x64 that is not running. This script runs fine on every other OS. W2K > Win7 (including x64 machines) It is a machine policy and it will not run. It is a script that runs bginfo from the Program Files folder. Any ideas? Thanks

A:Local Group Policy Not Running


What version of Vista is this? Is it Home Premium, Home Basic, Business Basic, Business Premium or Ultimate (or other)?

Go into Services, and check for the "Group Policy Client" service. You cannot (easily) stop this service, but make sure it is there and running.


Read other 8 answers

I have created three user accounts on my computer. Admin, Maint and operator...added the operator account to the group policy snap-in with very restricted policies. Problem is I have somehow associated the Admin and maint as well, how do I reset the local group policy back to default settings? I need to recover the admin capabilities to make changes to the computers.

A:local group policy editor

Hi..JOEYGE... Welcome to SF...Check this link. Hope it helps.

Local Group Policy - Reset to Default

Read other 9 answers

I've an WinXP SP2 box that I locked down using the Local Group Policy MMC but I need to know if I can selectively lock down accounts manner. I'd like to lock down all the accounts save the local admin account. Thanks in advance!

Read other answers

So In all my searching I can't really find a workaround for this. I have a domain and plenty of domain users but I have one department that remains local user accounts. All I want to do is set the default homepage for these 47 domain connected machines.
So with domain users I can use loopback policy to apply the user gpo settings to any computer in those specific OU's.  But that simply will not apply to local accounts.  Any other thoughts on how to make this work centrally?  Not super interested
in doing one by one.
thanks in advance.

Edit: I did try pushing a registry setting via the computer config but doesn't seem to be taking.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
?Start Page?=?http?

Read other answers

do u know how to configure group policy so once user logs in,he can be assigned local administrator rights.

I wants the moment user logs in a new computer in a domain,in their user configuration
they will automatically assigned local administrator rights rather than I am using contol panel to add manually.

Read other answers

Hello, I'm using window 7 home. So i dont have local group policy. I want to stop user other than "admin" myself to enter control panel. Anyone know to do it manually? I know there is a way to do it manually with regedit at user setting but not sure how. Or is there any software that does the same thing as local group policy of pro--enterprise edition of window 7?

A:Window 7 local group policy


slight cheating way around it i suppose, go to windows secrets control panel custom etc etc etc

Read other 3 answers

Hey guys, just wondering who could help me with a problem..

For some reason, my firewall has been turned off, and I cannot turn it back on (my options have been greyed out ). It also says that, at the top of the Windows Firewall control panel page, "For your security, some settings are controlled by Group Policy".

How do I change this?

Thanks, Dan

A:Windows Firewall Group Policy (Firewall is Off)

Read other 8 answers

Can anyone advise me on how to open the Local Group Policy Editor in Windows 8, because typing GPeditor.msc in the run prompt doesn't work. I've looked online for an answer but wasn't able to find anything helpful. I would like to make a change to the boot time from here, but for the life of me, can't figure out how to get into it. Please help.

A:Solved: Local Group Policy Editor

Read other 14 answers

Not long ago Soul Invictus loaded winXPpro on the PC and confronted an issue. Thats really not surprising. Issues exist using this, the latest & greatest OS in wide distribution world-wide. It was developed upon previous versions, so it really shouldn't come as a big surprise what it does & to some extent, how it does it. Yet, it still exists with functionality barely defined to the novice user, IMHO.I have XP Professional and I'm getting my bearings on the differences between this version and another XP version. I notice this one has a Windows Firewall. My problem is that I used to be able to access my employer's company intranet from home. When I go to the site and enter my login info I get the message: Access Denied (policy_denied). Your system policy has denied access to the requested URL. For assistance, contact your network support team. I'm thinking I have to modify a setting in gpedit.msc, however I can't be sure. Any thoughts of what security setting that needs to be modified? My thoughts are:Policy information in winXPpro is kinda confusing.Like many, I am the network support team in my household.My thoughts are: "What should I do when contemplating changing a setting".Any changes might best be done knowing first what the default settings are.and where to find them.and how to interpret the information available on the OS about these settings. So, I navigated to the "group policies" that typing gpedit.msc in the &q... Read more

Read other answers

When I run the Local Group Policy Editor an error box appears telling me that Resource '$(string.VerMgmtAuditModeEnable)' referenced in attribute displayName could not be found. File C:\windows\PolicyDefinitions\inetres.admx, line 1495, column 249.
This occurred after a clean install of Windows 8 then download and update to Windows 8.1. I have done two installs and updates to Windows 8.1 and still the problem persists. Any help in solving this, as it is annoying me. Thanks.

A:Local Group Policy Editor Error.

Hi harrycat310,
Please take the following steps to fix this issue:
1. Visit the following link and download the Administrative Templates (.admx) for Windows 8.1 Update and Windows Server 2012 R2 Update
2. Install the msi and replace the folder C:\Windows\PolicyDefinitions
with the folder PolicyDefinitions created by Windows8.1-Update-ADMX.msi.
3. Please backup the folder C:\Windows\PolicyDefinitions before the replacement.
Best regards,
Fangzhou CHENFangzhou CHEN
TechNet Community Support

Read other 18 answers

Hello everyone,

I am slowly working my way through Scott Muellers Comptia A+ Cert guide and currently learning about security fundmentals. I have a test rig running XP Pro service pack three.

However when I wanted to go into local group policy to hide specified drives on that computer (as an experiment) I couldn't see anything listed under windows components except media player.

I followed the same route as you would on windows 7, User config-administrative templates-windows components, but there is nothing there. By the way my test rig is not connected to any networks at all.

What did I miss?!


A:Query about local group policy settings in XP Pro

We are not here to help you with your homework. How would you learn if we told you? This thread is now closed.

Read other 1 answers

dir sirs

i have a big problem in my netword
i changed the server and i get a new one
when i log in by local administrator in cients to jion the computer to the new domain
the local administrator is logged in efficted by the a user group policy
i have windows2000 advanced server

so i cannot see the desktop and i cannot join the pc to the netword
any help plzzz

A:why local administrator efficted by group policy

From what I understand, you are trying to join client pc's to your domain using the local admin accounts on the client. Is this correct?

When changing from workgroup to domain it will bring up a window asking for a username and password. Since the client is not yet on your domain, if needs authentication to join said domain from an authorized user account (domain admin account).
Enter the domain name first, then with a "/" without quotations, then a domain admin account name in the username field. Enter the domain admin accounts pw in the password field and hit ok. After a minute or so you will receive a welcome message.

Here is a simple example:
Domain: potatochips.com
Domain Admin Username: potatochipeater
pw for that account: ilovepotatochips

So, in the box that comes up enter the above information as so.....

Username: Potatochips/potatochipeater
Password: ilovepotatochips
I hope that this info has helped you. Please reply if you have any other questions.

Read other 2 answers


I was going through some steps to lock down my Windows 10 machine and I have come across the following in Local Group Policy:
Enumerate administrator accounts on elevation - this sounds like a really good idea but when I set it to "Disabled", when I try to run (say) regedit as an elevated/admin user I get prompted to type in my username/password but no option to use PIN as an option? Is this possible?
Require trusted path for credential entry - I already have UAC turned up to the max setting and login with a SUA, is there any further benefit to enable this setting? If I enable this setting I have to click through the following two screens before I am prompted with the UAC prompt to enter my password or PIN:

3. Disable or enable software secure attention sequence - I'm tempted to enable this option and set it to "None" in the drop down box:

Is there any risk/downside to doing this?

4. Boot-start Driver initialization Policy: I'm also tempted to set this to "Enabled" and then set the option in the drop down box to "Good only":

Hopefully this doesn't brick my machine! I have UEFI and Secure Boot enabled.

Are the above good options to enable to further lock down a Windows 10 machine?

Read other answers

Hi, I have a question about the Local Group Policy Editor. I know you can either enable or disable things for all users but is there any way to enable or disable things for only a certain user group (either Standard Users in general or a customized user group created in the Local Users & Groups Editor (lusmgr.exe). For example if I want only a certain user group to be able to lock the computer, in the Local Group Policy Editor I can enable that so no-one can lock the computer but I want admins to be able too etc.

I would love it if someone could answer my question soon

Daniel Callaghan

A:Local Group Policy Editor Question

Secpol.msc / Local Policies / User Rights ? This won't stop them from logging off...
But this will: Start Menu - Enable or Disable Log off

Read other 9 answers

Here's my situation. I've got a computer that's shared by several people (in a small church library), which I'm trying to lock down in a controlled fashion.

The system is running Windows XP Professional. In addition to the administrator account, I've created one restricted account for the librarian, which is password-protected, and one restricted account with no password for everybody else. It's a stand-alone computer -- no domain, no domain controllers, no active directory.

I've successfully implemented a local group policy which prevents users from doing things like changing screen resolution, screen saver settings, etc. But I'd like to have this restriction apply only to the one "everybody" account, and not to the other accounts, and I haven't been able to figure out how to do this. Is it possible? What are the steps involved?


A:Local group policy -- how to select users?

Hello, Tom, and welcome to TSF. If the "open to everyone" account is used by really numerous individuals, of varying levels of IT competence, then I would strongly suggest you take some time and have a look at a utility provided gratis by Microsoft, the Shared Computer Toolkit for Windows XP. Invest some time to browse all the area I've linked for you, and please post back if you really think this is what will effectively help you keep this computer under your control, your way, all the time.

Read other 3 answers

Hi to all,

when i open Local group policy but not open properly and show message fail to open Local group policy on this computer..........

how to solved this error........ Please Help me!!!

A:fail to open Local group policy

hi and welcome..

Make sure you run as administrator for permission.

Read other 9 answers

I want to disable the default reboot after Windows runs unattended updates as this often prevents my overnight backup from running.

I have tried using the gpedit.msc routine to access the Local Computer Policy Editor but apparently that does not work in Win 7 Home Premium which I have.

Is there a manual way I can disable the reboot function?

A:Can't access Local Group Policy Editor

Hello Franco, and welcome to Seven Forums.

The Windows 7 Home Premium edition doesn't include the Local Group Policy Editor. However, you can use OPTION ONE in the tutorial below to disable the automatic restart for Windows Updates instead.

Windows Update - Enable or Disable Automatic Restart

Hope this helps,

Read other 5 answers

Hey all, stuck against a bit of a wall, here. I have a bunch of vista computers and I need them to automatically map a network drive whenever the user logs in.

In the past, we've used a login script and a .bat file to create the shares. But we're getting ready to switch over to vista, but the login script doesn't work under vista.

I've heard that its better to use Group Policy for this, but I cannot figure out how to do it using LOCAL GROUP POLICY. I've found about 100 or so guides for doing it using active directory/serverside things, but we're not on active directory, so that's not an option.

I'm sure there is a policy somewhere, can anyone direct me to it?

A:Local Group Policy to map a network drive?

When you map a drive on the workstation, and put a check in the box Reconnect on Logon (sign-in) it will reconnect every time.

Read other 3 answers


In all editions of Windows 8, there is the local group policy editor? If so, how do I find it?


A:Find the local group policy editor

Open Run box & type in:


& click OK.

I know it's available in the Pro version.

Read other 4 answers

Hi all,

I am currently locking down a PC for a client of mine. PC is used as a DMZ, used by the public only to access the internet. PC runs Windows XP Pro SP2.

While configuring the Local Group Policy through gpedit.msc (or through mmc - add/remove snap-in ...) I realised that while applying policies at the "User" level, the administrator account also inherits these policies. Sames goes if applied at the "Computer" level, but that goes without saying.

Luckily I was not applying them directly to the PC in question, rather applying local policies through a VMware session on my laptop, just in case something like this happened.

My question is how can I apply strong Local Group Policies on a PC WITHOUT the administrator account inheriting them?

I tried setting "Deny" permissions on the C:\WINDOWS\System32\GroupPolicy folder, but to make changes to GPO's you need access to this folder. I did work though!

I should also say that this PC is not joined to the Domain and is on a separate subnet to all other PC's.

Any help would be apreciated.


A:Local Group Policy question (WinXP Pro)

This is a very knowledgeable site BUT, if you receive no answer here, these people are very often quite helpful with Network stuff;




Read other 6 answers

Hi !

Windows 7 group policy

I've read a lot of post on this topic but haven't been able to find a clear answer to this question.

Is it possible to create different policies on a local machine and somehow assign these policies to the groups logging in on this machine ? Seems to me that changing the group ploicy affects all users.

The machine is not on a network. It is a computer for test purposes in the field not having a domain server to handle the group policies.

Kind regards

A:Group policy on local machine not on network

Quote: Originally Posted by kahr

Hi !

Windows 7 group policy

I've read a lot of post on this topic but haven't been able to find a clear answer to this question.

Is it possible to create different policies on a local machine and somehow assign these policies to the groups logging in on this machine ? Seems to me that changing the group ploicy affects all users.

The machine is not on a network. It is a computer for test purposes in the field not having a domain server to handle the group policies.

Kind regards

Gpedit does change group policies, and all users in that group are affected. I am a little confused as to what you want to do to the users.

Read other 4 answers

I have been trying to open the Local Group Policy editor as I need to check the "Lock pages in memory" option in order for a PS2 emulator to work.

I can find the file when searching in my computer but when I open it it says it cannot create the MMC span-in. I have tried to add it to the MMC by clicking on file and Add/Remove snap-in, but when that box opens the 'Group Policy Object Editor' doesnt exist on the list of items.

I am really confused and cant work out why it doesnt seem to exist or work on my computer.

I am running Windows 7 Home Premium.

Thanks for your help

A:Can't find Local Group Policy editor

Welcome to the forum,

Group Policy editor is not available on home premium.

win7 home final - no gpedit.msc?

Read other 2 answers

I need to change the server policy to allow tight vnc.
Can you tell me click by click how to add that from the server group policy.

I have never changed a group policy before.

Read other answers

I recently locked down a PC's with LGP. It is heavily restricted for public use.

One strange problem that has cropped up is the Flash player in Firefox.

I didn't install the plug-in before I locked down the user account.
Afterwards I realized I hadn?t installed it so I logged on to the Admin account and installed the plug.
The player now works fine when logged in as Admin or as a User with full privileges but won?t play in my locked down user account, where I still get a message saying the plug-in is not installed.

Any ideas what?s going on here or what I might have done in LGP?

A:Local Group Policy and Firefox plugins (Flash)

It doesn't work because the LGP is in effect. Since you added Flash after enabling LGP it makes sense. Just like what you wanted. Say you don't want Flash on the computer for security reasons, but someone tries to install it. It won't work. You need admin account to use it. If you want Flash and LGP you need to undo the LGP, install Flash, and then re-enable LGP.

Read other 1 answers

I have set some access limits on some programs, but the user that has the limits can run the Local Group Policy Editor and change the settings. How do I prevent access by other users to the Local Group Policy Editor?

Thanks for the help.

A:How do I limit access to the Local Group Policy Editor?

Hello Runandnottire, and welcome to Seven Forums.

The only way to do so would be to change their account type from administrator to standard user.

Hope this helps,

Read other 3 answers

Hello there,

I have learnt creating policies files from this tutorial.. Now I am facing problem searching and configuring different policies.
1. I dont want 'student' to be able to create files/folder in c: drive.
2. I dont want 'student' to have access to the Internet.


A:Let us apply a simple local group policy together in Windows 7.

right click C: drive. select share with / advanced permissions / select advanced sharing and remove student from the list.

Read other 2 answers

Trying to restrict non-admin users from seeing a lot of programs under the Start Menu. Already using the GPO for non-admin users and I'm hoping there is an area I can achieve the above. So the idea is admin account sees all the programs as normal, non-admin user restricted to only seeing a few programs on the Start menu. Can I achieve this through local group policy and if so where


A:Local group policy start menu programs

If this is for a home, then it would be simpler to move the shortcuts from all users start menu* to the admin profile(s)**. However, hiding the shortcuts by moving them or via GPO (if there is a way to do that) would not stop users from starting the program via the Windows (file) Explorer.

GPO can restrict a user from running a program. In theory, this should work no matter how the user attempts to run the forbidden program. In reality, they are ways to start some programs restricted by GPO. That is why I wondered if this is for a home - then we might be talking about adults vs. children.

*C:\ProgramData\Microsoft\Windows\Start Menu\

**C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu

Read other 9 answers


Does anyone know how to exclude a user from accessing anything on
a local computer , but still be able to use a shared program from that
machine? IE. not be able to see the computer or folder through
my network places or through computer management "shares" folder
or be able to change any settings on the aformentioned machine?
Basically, I want to share a program but not have that user have the
ability to change anything on this "server". It is a peer to peer setup
with XP pro running on all machines. I have tried everything from
sharing and security - but it is my understanding that a Group Policy /
Local Policy should be setup for this machine which would prevent access?

Any help would be greatly appreciated.

graham neil

A:Local Group Policy - program excusions for users

How are they going to access it if you take away all the permissions from accessing? I see your quandary. Not sure how you are going to give them permissions to use something that you don't want them to use.

You can deny them local login access to the machine but if they need access to something over the network they have to see it to be able to use it.

Read other 3 answers


I'm not sure where to post this as it's not really a network issue due to the computers not being domained.

At the moment I am applying local group policy settings for each computer (many computers) manually on each machine (Taking about 20 minutes per machine due to the MANY settings that need checking).

Is there any way I can cut this time down by saving a set of policy options from one computer and applying that set to multiple other computers (via a usb stick etc?)

Thanks in advance,


A:Automating Local Group Policy on non-domain machines?

Hi and welcome to TSF not quite sure but you may find something here Group Policy management for IT pros

Read other 13 answers

I want to disable auto run and auto play of my disk drives for security. To do that, I need to access my Local Group Policy.

However, while logged into my regular account, I am unable to access the Local Group Policy Editor via the gpedit.msc file.

I get a "You don't have permission to access this file" error message.

I don't even have the joy of a UAC prompt. : (

I have Win 7 Pro and am the only user and owner of my computer.

Do I have to get into my admin account and change the settings from there?

A:Unable to open Local Group Policy Editor (using Win 7 Pro)

See if these tutorials help:

AutoPlay - Enable or Disable

AutoPlay - Turn On or Off

AutoPlay - Enable or Disable for Non-volume Devices

AutoPlay Shortcut - Create

Autorun.inf Files - Completely Block

Read other 1 answers

I have some Windows 7 PC which are not in a domain, I need to disable the ability for any user(Inc. Admins) to change the time of these PCs. The setting for this is:
"Computer Configuration / Windows Settings / Security Settings / Local Polices / User Rights Assignment / Change the system time"
How can I do this from the command line so I can put it into a script? If there isn't a way to control gpedit from the command line, is there a registry key I can change to get the same result?

Read other answers

A friend of mine (running XP SP2) has had issues disabling the firewall. He can't receive on Hamachi, so the easiest solution is to just disable the firewall. He is the admin on his computer, but on the Windows Firewall 'General' tab, everything is greyed out. On the top it says "For your security, some settings are controlled by group policy." He tried the gpedit.msc editing in the run command to turn it off, but it said that it is not found. Any solutions?

A:Firewall (Group Policy) Errors

...Anyone? Thanks in advance, by the way.

Read other 2 answers

I downloaded windows SP2- I received a message to turn on my firewall in control panel -windows firewall- when I tried, a message said this sytem was controlled by Group Policy-- I see what it is- Should i stay with group policy or change to windows firewall and if so How do I change it.--I am getting messages from AOL security to turn of microsoft firewall. I unchecked "No" to sharing files so I can network with my other computers- I only left one checkmark. ( there were only two to begin with)

Read other answers

After recently trying out the free beta of Windows One Care, I noticed a lag in internet connectivity and performance. I uninstalled the program. I still noticed a difference in connectiions to the internet. After reviewing some settings, I noticed that the windows Firewall was enabled and the off button was greyed out. It said the firewall was configured by group policy (which I never set up, and I am the sole user). I use Zone Alarm firewall and do not need two running. There is another post regarding group policy where the user also has One Care. I was able to resolve the firewall issue through a response to that post by changing group policy. Does anyone know what else One Care changes that does not revert after uninstall? I urge others to avoid this product. Thanks.

XP Pro SP2:

A:Group policy and Windows Firewall

hmmmm .... you could try restoring your system to a date before your installed one care

Read other 2 answers