Group Policy without Active Directory

by Mitch Tulloch [Published on 19 Oct. 2005 / Last Updated on 19 Oct. 2005]

Can Group Policy be configured on a per-user basis without Active Directory?

A question I often get asked about Group Policy is whether you can have policy settings apply differently to different users on a standalone computer in a workgroup. The reason people ask this is because you can configure Local Group Policy on standalone computers, and this is done two ways:

  • Using Local Security Policy in Administrative Tools. This method gives you access to a small subset of policy settings for the local machine.
  • Start --> Run --> gpedit.msc --> OK. This method gives you access to all the policy settings on the local machine.

What people want to know is, can you use either of these tools to configure one set of policy settings for one local user account, and a different set of policy settings for a second local user account. Unfortunately the answer is no--local Group Policy is machine-wide in scope and can't be configured on a per-user basis. You need Active Directory to do that.

Cheers,
Mitch Tulloch
ITreader.net

See Also

Featured Links