- Click Start;
- Click Run;
- Type 'mmc';
- Open File Menu on the 'Console1' screen;
- Choose 'Add/Remove Snap-in...';
- Click the 'Add' button;
- Scroll down to 'Group Policy Object Editor';
- Select it then click 'Add';
- Click 'OK' on the other screen;
- Under the consol1 main screen open the TreeView as indicated below:
========================
General Control Panel Settings:
----------
Consol Root -> Local Computer Policy -> User Configuration -> Administrative Templates -> Control Panel
Internet Explorer Control Panel Settings:
----------
Consol Root -> Local Computer Policy -> Administrative Tools -> Windows Components -> Internet Explorer -> Internet Control Panel
========================
- Choose the item you want to configure, double-click on it, and enable/disable it...
PS: As far as I could remember, this will restrict the access of Control Panel for all users, as this is a Workgroup machine not a domain machine...
To apply this on a domain, its from:
'Active Directory Users and Computers'
When applying this on a domain, you can restrict specific users, computers, or even both together...
Also, in domains, its easier to configure as you can place all users who will be granted 'Access Denied' in an 'OU' and set the 'Access Denied' permission to the OU. To unrestrict a user, simply move that user from the OU itself and place him/her in another with the new permissions...
Hope this answers your question...