group policy not applying

#1
hello everyone,
I have a windows 7(SP1) peer-peer netwrk at my work place.
In order to block usb write access for users i have created three accounts
superAdmin : Administrator account with no restrictions
localAdmin : Administrator account with removeable disk deny write access policy enabled
user :standard account .
now when i log in to localAdmin write access is denied to usb which is what i want
but when i log into user account which has removeable disk deny write access policy enabled
and try to write to usb, windows elevation prompt comes up and if i enter the local admin name and password it allows me to write to the usb which i do Not want.
BTW my users have the password for local admin to allow software install,this is also something i do not want to change.
Pls help....struggling with these settings for some time now.
thanks in advance. :)
 


#2
i'm surprised no answers frm u guys,let me know if i have to rephrase my question....
 


Trouble

Noob Whisperer
#3
Hello and welcome to the forum.
No, I think you have phrased the issues suitably enough.
It just seems that you have yourself between a rock and a hard place. With the normal (default) behavior of the UAC and normal users have the account elevation credentials, I'm not sure you can accomplish what you are attempting.
Try opening the local security policy editor
secpol.msc
Expand Local Policies and Select Security Options
Scroll down to
User Account Control: Behavior for the elevation prompt for standard users
Try changing that from "Prompt for credentials" to "Automatically deny elevation requests" and see how that works.
I am afraid that, that might have a negative impact on normal users when attempting to install software, but it might be worth a try.
Regards
Randy
 


#4
Thank you very much Randy.. for your effort and time..
I've been struggling with this for some time now and i'm beginning to believe that you are right about the rock and a hard place...
anyways i'm going to pursue this some more till i find at least a middle ground and i'll then update this thread...still hoping to find answers from you guys tho coz of my limited experience in IT.:)
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top