L
LutzBuchholz
Situation
Currently, I am using the Group Policy Editor to manage "disallowed" programs (the whole set of applications).
Issue
Unfortunately, these policies are valid for any user working on that specific Win10 PC :-( So, the admin cannot run steam.exe ;-) without changing the "global" policy (that policy is "global" for that one PC, not for all the other Win10 PC in my LAN; I do not run a Win Server/AD).
Request
I would like to configure seperate policies for each user to ensure that e.g. the user "school kid" cannot start several applications in the specific account.
Via Microsoft Family I have configured specific use times for these two users:
Unfortunately, Microsoft Family does A) only work with an internet connection, and B) does not show all installed applications per children account (but only the last/most recent used applications), so that I cannot prevent the kid from starting all applications I want to (like regedit.exe)
I searched the registry after "policies" in HKEY_USERS expecting to find "user-specific policies" - unfortunately, without success.
I created two goups on this PC, "_school" and "_gamers", each of it with one user (_school: school-kid; _gamers: gaming-kid). Unfortunately, I do not see any way to use these groups for any kind of security/restrictions/etc. configurations.
So, currently it seems to be impossible to block specific applications for specific users AND allow a subgroup to be started (only "allow run" and "disallow run" are options; I will still manage the time schedular via MS Family)
Does any one has a solution for my request?
Thanks a lot.
.:. lutz
Continue reading...
- One Win 10 (pro 64bit) PC configured to be used by three users (one is the admin)
- Admin should be able to run any application without restrictions
- One user (school kid) should not be allowed to start several applications (like steam.exe, chrome.exe etc.)
- One user (gaming kid) should be allowed to start a set of applications (like steam.exe), and a set of disallowed applications (like chrome.exe, and teams.exe)
Currently, I am using the Group Policy Editor to manage "disallowed" programs (the whole set of applications).
Issue
Unfortunately, these policies are valid for any user working on that specific Win10 PC :-( So, the admin cannot run steam.exe ;-) without changing the "global" policy (that policy is "global" for that one PC, not for all the other Win10 PC in my LAN; I do not run a Win Server/AD).
Request
I would like to configure seperate policies for each user to ensure that e.g. the user "school kid" cannot start several applications in the specific account.
Via Microsoft Family I have configured specific use times for these two users:
- User "school-kid": this user allowed to use on working days (Mon-Fri) from 8AM to 4PM.
- User "gaming-kid" is allowed to use the Win 10 PC for 1.5hrs per working day (Mon-Fri) from 5PM to 8PM, and on the weekend (Son-Sat) from 11AM to 8PM
Unfortunately, Microsoft Family does A) only work with an internet connection, and B) does not show all installed applications per children account (but only the last/most recent used applications), so that I cannot prevent the kid from starting all applications I want to (like regedit.exe)
I searched the registry after "policies" in HKEY_USERS expecting to find "user-specific policies" - unfortunately, without success.
I created two goups on this PC, "_school" and "_gamers", each of it with one user (_school: school-kid; _gamers: gaming-kid). Unfortunately, I do not see any way to use these groups for any kind of security/restrictions/etc. configurations.
So, currently it seems to be impossible to block specific applications for specific users AND allow a subgroup to be started (only "allow run" and "disallow run" are options; I will still manage the time schedular via MS Family)
Does any one has a solution for my request?
Thanks a lot.
.:. lutz
Continue reading...