Group Policy without Active Directory

by Mitch Tulloch [Published on 19 Oct. 2005 / Last Updated on 19 Oct. 2005]

Can Group Policy be configured on a per-user basis without Active Directory?

A question I often get asked about Group Policy is whether you can have policy settings apply differently to different users on a standalone computer in a workgroup. The reason people ask this is because you can configure Local Group Policy on standalone computers, and this is done two ways:

  • Using Local Security Policy in Administrative Tools. This method gives you access to a small subset of policy settings for the local machine.
  • Start --> Run --> gpedit.msc --> OK. This method gives you access to all the policy settings on the local machine.

What people want to know is, can you use either of these tools to configure one set of policy settings for one local user account, and a different set of policy settings for a second local user account. Unfortunately the answer is no--local Group Policy is machine-wide in scope and can't be configured on a per-user basis. You need Active Directory to do that.

Mitch Tulloch

See Also

The Author — Mitch Tulloch

Mitch Tulloch is a well-known expert on Windows Server administration and cloud computing technologies. He has published over a thousand articles on information technology topics and has written, contributed to or been series editor for over 50 books.

Featured Links