There is no mechanism to 'filter' Local Group Policy, as their is for GPO in Active Directory (AD).
You can fake it out, by applying NTFS deny access permissions on the Group Policy.
You can set Local Group Policy for users and deny the Administrator Read access to the
%SystemRoot%\system32\GroupPolicy\User\Registry.pol file,
effectively filtering the Local Group Policy.
NOTE: See How can I prevent Local Group Policy from taking effect until I am finished configuring it?
0 comments
Hide comments