locked
Unable to apply disk protection restrictions to Administrator RRS feed

  • Question

  • I have found that I have been unable to apply disk protection restrictions to an Administrator (i.e. a member of the administrators group, not THE administrator). To be more specific, despite the fact that I have enabled "Lock profile to prevent the user from making permanent changes" for this user, they still receive the prompt that allows them to commit changes to the hard disk on logging off. Removing the user from the administrators group and adding them to the power users group resolves this problem so it appears that the administrative access overwrites this Steady State setting. However, this user requires administrative access and the Steady State Handbook actually states that this can be configured (p45-46) but it doesn't appear to be working for me.
    Wednesday, August 29, 2007 1:24 AM

Answers

  • Hi AJ84,
     
    You may have misunderstood the usage of “Lock profile to prevent the user from making permanent changes”. When you choose this option, SteadyState will change the user type to mandatory and prevent the user profile from changing. When the locked user logs on, a temporary profile with the same user name will be created based on the locked profile. The user can customize the temporary profile, changes will be saved to the temporary profile. When the user logs off, changes under temporary profile will be removed.


    The warning that allows administrator accounts to commit changes is created by Windows Disk Protection (WDP) instead of lock profile feature. Windows Disk Protection is designed to protect the Windows operating system and program files from being permanently changed. During the course of normal activity, users can perform actions which affect the hard disk. The modification is not restricted to user profile, such as software installation, etc.


    Based on the design of WDP, it will prompt administrators to choose one of the following options when logging  off (restart/shutdown):


    1. Continue and remove all changes
    2. Save changes and then continue
    3. Cancel and go back
     
    This feature can make sure useful changed are properly saved. We can disable this warning by selecting the following option under “Protect the Hard Disk”.


    “Do not warn the administrator about losing changes before log off, restart, or shut down.”
     
    After that, WDP will act according to its configurations without prompt.
     
    Best Regards,

    Thursday, August 30, 2007 1:43 AM