group policy not applying

Discussion in 'Windows 7 Help and Support' started by tunnel15, Apr 14, 2012.

  1. tunnel15

    tunnel15 New Member

    Joined:
    Apr 14, 2012
    Messages:
    8
    Likes Received:
    0
    hello everyone,
    I have a windows 7(SP1) peer-peer netwrk at my work place.
    In order to block usb write access for users i have created three accounts
    superAdmin : Administrator account with no restrictions
    localAdmin : Administrator account with removeable disk deny write access policy enabled
    user :standard account .
    now when i log in to localAdmin write access is denied to usb which is what i want
    but when i log into user account which has removeable disk deny write access policy enabled
    and try to write to usb, windows elevation prompt comes up and if i enter the local admin name and password it allows me to write to the usb which i do Not want.
    BTW my users have the password for local admin to allow software install,this is also something i do not want to change.
    Pls help....struggling with these settings for some time now.
    thanks in advance. :)
     
  2. tunnel15

    tunnel15 New Member

    Joined:
    Apr 14, 2012
    Messages:
    8
    Likes Received:
    0
    i'm surprised no answers frm u guys,let me know if i have to rephrase my question....
     
  3. Trouble

    Trouble Noob Whisperer

    Joined:
    Nov 30, 2009
    Messages:
    13,845
    Likes Received:
    833
    Hello and welcome to the forum.
    No, I think you have phrased the issues suitably enough.
    It just seems that you have yourself between a rock and a hard place. With the normal (default) behavior of the UAC and normal users have the account elevation credentials, I'm not sure you can accomplish what you are attempting.
    Try opening the local security policy editor
    secpol.msc
    Expand Local Policies and Select Security Options
    Scroll down to
    User Account Control: Behavior for the elevation prompt for standard users
    Try changing that from "Prompt for credentials" to "Automatically deny elevation requests" and see how that works.
    I am afraid that, that might have a negative impact on normal users when attempting to install software, but it might be worth a try.
    Regards
    Randy
     
  4. tunnel15

    tunnel15 New Member

    Joined:
    Apr 14, 2012
    Messages:
    8
    Likes Received:
    0
    Thank you very much Randy.. for your effort and time..
    I've been struggling with this for some time now and i'm beginning to believe that you are right about the rock and a hard place...
    anyways i'm going to pursue this some more till i find at least a middle ground and i'll then update this thread...still hoping to find answers from you guys tho coz of my limited experience in IT.:)
     

Share This Page

Loading...