Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Windows Vista Home Basic/Premium Has no Group Policy Administration???

63 views
Skip to first unread message

jesse...@gmail.com

unread,
Mar 4, 2009, 2:26:05 PM3/4/09
to
Hello,
It seems that Windows Vista Home Basic or Premium editions do not have
the same level of Group Policy management that higher version of Vista
or Server 2008 have. There is no gpedit.msc or "Group Policy Object"
snap in for mmc. Furthermore, it seems they removed those features
entirely and there aren't any options for managing group policy the
traditional way.

I am trying to set up a machine that is not networked (not on a
domain) with a new user and configure that user's privledges on the
machine. This user will run a Kiosk style application so lockdown is
the main goal. I have been able to set this up just fine on high
versions of Vista by creating a new user, setting up a Local Group
Policy Object for this user and the job is done. But I haven't found
the similar way to do this for Vista Home editions. I thought of
editting the registry directly, but I could not figure out how to
simulate a "Local Group Policy" that effects only my Kiosk user.

If anyone has experience with Local Group Policy on Windows Vista Home
editions as a stand alone PC (not using a Domain) please let me know
what options there are.

Thanks, Jesse

Florian Frommherz [MVP]

unread,
Mar 5, 2009, 2:33:41 AM3/5/09
to
Howdie!

<jesse...@gmail.com> wrote:
> Hello,
> It seems that Windows Vista Home Basic or Premium editions do not have
> the same level of Group Policy management that higher version of Vista
> or Server 2008 have. There is no gpedit.msc or "Group Policy Object"
> snap in for mmc. Furthermore, it seems they removed those features
> entirely and there aren't any options for managing group policy the
> traditional way.

That's "by design". The Home versions don't support that network management
stuff - so gpedit isn't shipped with those versions of Windows. There may be
tricks and hacks to install it afterwards -- but that would render your
installation "unsupported". Windows XP Home Edition by the way, doesn't have
gpedit, too.

As a workaround, have a look at Microsoft SteadyState:
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx

That allows you to pretty much lock the system down.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

jesse...@gmail.com

unread,
Mar 5, 2009, 12:59:32 PM3/5/09
to
Hi Florian,
Thanks for you reply. It does seem like the SteadyState product would
be a great product, but I need to apply the lock down settings in an
automated fashion. With versions of Vista that support Local Group
Policy I was able to build a Windows Installer which would create a
new user and drop in a preconfigured Registry.pol file into their C:
\Windows\System32\GroupPolicyUsers\<SID>\Users folder. When that user
logged on their policy was applied and their account was locked down.
This worked well because the policy only applied to that user and did
not effect the other accounts on the machine. Ideally, I'd like to do
something equivalent for Vista Home editions. As you've stated and
I'm now aware of, Vista Home editions will not apply the Registry.pol
file that I copy to their C:\Windows\System32\GroupPolicyUsers\<SID>
\Users folder.

Is there any equivalent mechanism which applies policy for Vista Home
editions which I could leverage to get the lock down settings?

I see that all the same Registry keys are available and if I could
somehow set these keys I'd have the settings I need. But, as you
know, the /HKEY_USERS/<SID>/ registry nodes are created dynamically
when the user logs on so there is no way to configure them directly.

Is there a way to manipulate the file from which those /HKEY_USERS/
<SID>/ registry nodes are built?

If you have any other ideas I'd love to hear them!

Thanks!

-Jesse

Florian Frommherz [MVP]

unread,
Mar 6, 2009, 2:14:02 AM3/6/09
to
Howdie!

Howdie!

<jesse...@gmail.com> wrote:
> Is there any equivalent mechanism which applies policy for Vista Home
> editions which I could leverage to get the lock down settings?

That's why it's a home edition product. You'd have to get the Enterprise
versions... GP is not possible with the home editions... that was the same
thing with Windows XP.

> I see that all the same Registry keys are available and if I could
> somehow set these keys I'd have the settings I need. But, as you
> know, the /HKEY_USERS/<SID>/ registry nodes are created dynamically
> when the user logs on so there is no way to configure them directly.

You could do that with a script. Put the registry changes into a .reg file
and apply it through a script at user logon (regedit /s myimport.reg - that
could go into HKEY_CURRENT_USER) or using a start script to put the changes
into HKEY_USERS\SID.

0 new messages