0

I'm using a diskless solution called ccboot (similar to vmware), the image booted consists 2 accounts. Admin and standard account.

I'm following this guide https://www.windowscentral.com/how-apply-local-group-policy-settings-specific-users-windows-10

to create a console file usign admin account consisting security related policies like disable task manager, disable regedit, to be used by the standard account. The console file is then saved in Admin account's desktop so that i can modify it easily.

But occassionaly i may want to install or change something, and it's quite troublesome to disable so many GPOs. Not to mention sometimes some of them stuck refusing to be disabled.

Now, Is there anyway to easily disable and enable local group policies inside the console file?

Or password protect the console file so that current user must enter password to change it (that way i can use single standard user without worrying about my user modifying the console file)

A function similar to what winlock does https://www.crystaloffice.com/winlock/

Bear in mind this is local mmc... domain is not an option.

I was going to use winlock but it's cpu-hogger

thanks

denywinarto
  • 1
  • Please [edit] your question to clarify these statements: 1) disable and enable local group policies applied to an mmc (do you mean applied by MMC?) 2) it's quite troublesome to disable so many GPOs (there's only one local GPO on a non-domain PC; do you mean GPO settings?) 3) some of them stuck refusing to be disabled. (Which ones?) – I say Reinstate Monica Oct 29 '17 at 12:22
  • done, i'm still new at sysadmin so pardon me if there's a wrong terms, 2) I mean the multiple security policies that can be enabled and disabled such as disabling task manager
    • – denywinarto Oct 29 '17 at 12:33
  • Group policy objects contain settings. A non-domain PC has only one group policy object. MMCs don't contain GPO settings; they're used to edit them (it's not possible to save a functioning GPO to the desktop). Here's some helpful information you should read. – I say Reinstate Monica Oct 29 '17 at 12:59
  • https://www.windowscentral.com/how-apply-local-group-policy-settings-specific-users-windows-10 thats' exactly how i did it. I want to know how to easily disable and enable the settings inside the console file.. or password protect it so that the current user can't access it. – denywinarto Oct 29 '17 at 13:05
  • https://winaero.com/blog/reset-all-local-group-policy-settings-at-once-in-windows-10/ something like this.. but for custom local policies instead of gpedit.. how would i do it? – denywinarto Oct 29 '17 at 14:57
  • Did you read the article I linked? Local group policy can not be saved to a file, MMC or otherwise. – I say Reinstate Monica Oct 29 '17 at 15:19
  • Did you even read the article i linked? https://www.windowscentral.com/how-apply-local-group-policy-settings-specific-users-windows-10 – denywinarto Oct 29 '17 at 16:01
  • yes, I did. It's describing resetting all of the GP settings. If you do that, you'll lose them. They will not be in the file you have saved to your Desktop. I'm trying to help you, not make anything difficult for you. – I say Reinstate Monica Oct 29 '17 at 17:48
  • If you read my questions completely, that's what i'm trying to do, reset the GPOs, and then once i'm done making changes i will import them again. – denywinarto Oct 30 '17 at 02:35