Many of my users have local admin rights to their computers which includes access to the registry. I am concerned that they are getting around my GPO restrictions by hacking the registry. Is there a simple way to prevent them from doing so?
It is true that local admins can skirt your group policy settings by deleting designated registry keys. You can shore up your choosing the GPO settings located in Administrative Templates which is Process even if the Group Policy Objects have not changed
The GPanswers.com forum is closed now (thanks, spammers!)
But we encourage you to join us at LinkedIn in the “GPO Stuff” group.
Jeremy is regular there, and there is a reasonable system to prevent junk posts.
In all, we think it’s the right place to go for Group Policy-specific questions.
It’s a private group, but just JOIN it, and the owner should approve your request.
See you there !
-Jeremy Moskowitz, Group Policy MVP