aahhhh......... Local Group Policy does not allow you to apply security filters or to have multiple sets of Group Policy objects, unlike Active Directory?based Group Policy objects. You can, however, set Discretionary Access Control Lists (DACLs) on the %systemroot%\System32\GroupPolicy folder so that specified groups are either affected or are not affected by the settings contained within the local Group Policy object. This option is useful if you have to control and administer computers that are used in situations such as kiosk environments, where the computer is not connected to a local area network (LAN). Unlike Group Policy administered from Active Directory, the local Group Policy object uses only the Read attribute, which makes it possible for the local Group Policy object to affect ordinary users but not local administrators. The local administrator can first set the policy settings he or she wants and then set the DACLs to the local Group Policy object directory so that administrators as a group no longer have Read access. For the administrator to make subsequent changes to the local Group Policy object, he or she must first take ownership of the directory to give him or herself Read access, make the changes, and then remove Read access.
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
