Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Mandatory profiles assigned to computer

Reply
Thread Tools

Mandatory profiles assigned to computer

 
 
Matthew Strickland
Guest
Posts: n/a
 
      10-15-2003
Hi all,

How do I go about setting a mandatory profile in a Windows 2000 GPO
enviroment to be assigned by computer (not user). This is for a group of
library computers which I want the same desktop for all users.
How do I go about actually creating the 'template', do I have to create the
desktop, apperance, icons etc on the target machines still first? - Then
share it etc...

Matt


 
Reply With Quote
 
 
 
 
T.N.O.
Guest
Posts: n/a
 
      10-15-2003
"Matthew Strickland" wrote
> This is for a group of
> library computers which I want the same desktop for all users.


My reply assumes a win2k AD network
Make it not able to be logged in other than from one account, call it
library or similar.

Basically, lock down that account so they cannot **** with anything.
Then make an auto logon reg file like this.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1"
"DefaultPassword"="password"
"DefaultUserName"="library_logon"
"DefaultDomainName"="name_of_domain"

> How do I go about actually creating the 'template', do I have to create

the
> desktop, apperance, icons etc on the target machines still first? - Then
> share it etc...


Same as for any other user.


 
Reply With Quote
 
 
 
 
Matthew Strickland
Guest
Posts: n/a
 
      10-15-2003
Id prefer users to use their own account to save files to home drives,
however Id like to just make a mandatory profile so it doesnt save any
changes to their own profile, or the local machine.

Their own logon also authenticates with the linux box for internet access
too (if allowed)

Matt

"T.N.O." <(E-Mail Removed)> wrote in message
news:bmkgr9$o7686$(E-Mail Removed)-berlin.de...
> "Matthew Strickland" wrote
> > This is for a group of
> > library computers which I want the same desktop for all users.

>
> My reply assumes a win2k AD network
> Make it not able to be logged in other than from one account, call it
> library or similar.
>
> Basically, lock down that account so they cannot **** with anything.
> Then make an auto logon reg file like this.
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
> "AutoAdminLogon"="1"
> "DefaultPassword"="password"
> "DefaultUserName"="library_logon"
> "DefaultDomainName"="name_of_domain"
>
> > How do I go about actually creating the 'template', do I have to create

> the
> > desktop, apperance, icons etc on the target machines still first? - Then
> > share it etc...

>
> Same as for any other user.
>
>



 
Reply With Quote
 
T.N.O.
Guest
Posts: n/a
 
      10-15-2003
"Matthew Strickland" <(E-Mail Removed)> wrote in message
news5kjb.179770$(E-Mail Removed)...
> Id prefer users to use their own account to save files to home drives,
> however Id like to just make a mandatory profile so it doesnt save any
> changes to their own profile, or the local machine.
>
> Their own logon also authenticates with the linux box for internet access
> too (if allowed)


oh ok... ummm, yeah, I'll get back to you.


 
Reply With Quote
 
AD.
Guest
Posts: n/a
 
      10-16-2003
On Thu, 16 Oct 2003 12:51:51 +1300, T.N.O. wrote:

> "Matthew Strickland" <(E-Mail Removed)> wrote in message
> news5kjb.179770$(E-Mail Removed)...
>> Id prefer users to use their own account to save files to home drives,
>> however Id like to just make a mandatory profile so it doesnt save any
>> changes to their own profile, or the local machine.
>>
>> Their own logon also authenticates with the linux box for internet
>> access too (if allowed)

>
> oh ok... ummm, yeah, I'll get back to you.


The easiest way would probably NTLM auth on a recent Squid version. You
would have to set up the firewall rules to stop non proxied web access too.

You wouldn't be able to disable NTLM and go to a pure Kerberos setup
for that though.

If you are keener, you could try integrating Kerberos and SPNEGO
etc.

I've been doing some reading on this type of stuff, but haven't tried
actually implementing it.

Cheers
Anton
 
Reply With Quote
 
armpit
Guest
Posts: n/a
 
      10-16-2003

"Matthew Strickland" <(E-Mail Removed)> wrote in message
news:82jjb.179721$(E-Mail Removed)...
> Hi all,
>
> How do I go about setting a mandatory profile in a Windows 2000 GPO
> enviroment to be assigned by computer (not user). This is for a group of
> library computers which I want the same desktop for all users.
> How do I go about actually creating the 'template', do I have to create

the
> desktop, apperance, icons etc on the target machines still first? - Then
> share it etc...
>
> Matt
>

I thought you create an account with the settings you require.
That sets up the user.dat registry stuff.
From there, you put it in a directory specified by the profile, and the
values will be picked up.
You can decide if the settings are mandatory or not, depending on the file
extension.

This is from memory, but its along those lines.




 
Reply With Quote
 
Enkidu
Guest
Posts: n/a
 
      10-16-2003
On Thu, 16 Oct 2003 10:32:50 +1300, "Matthew Strickland"
<(E-Mail Removed)> wrote:

>Hi all,
>
>How do I go about setting a mandatory profile in a Windows 2000 GPO
>enviroment to be assigned by computer (not user). This is for a group of
>library computers which I want the same desktop for all users.
>How do I go about actually creating the 'template', do I have to create the
>desktop, apperance, icons etc on the target machines still first? - Then
>share it etc...
>

Open Active Directory Users and Computer. Access the properties of the
OU where the users are located, select the Group Policy Tab, and
select a GPO to modify or create a new one. Set the settings that you
require in the computer configuration settings. Set Loopback
processing for the GPO, which ensures that the computer configuration
settings are reapplied after all other processing. Block Inheritance
may also be set..

Cheers,

Cliff
--

The complete lack of evidence is the surest sign
that the conspiracy is working.
 
Reply With Quote
 
Enkidu
Guest
Posts: n/a
 
      10-16-2003
On Thu, 16 Oct 2003 16:07:51 +1300, "armpit" <(E-Mail Removed)> wrote:

>
>"Matthew Strickland" <(E-Mail Removed)> wrote in message
>news:82jjb.179721$(E-Mail Removed).. .
>> Hi all,
>>
>> How do I go about setting a mandatory profile in a Windows 2000 GPO
>> enviroment to be assigned by computer (not user). This is for a group of
>> library computers which I want the same desktop for all users.
>> How do I go about actually creating the 'template', do I have to create

>the
>> desktop, apperance, icons etc on the target machines still first? - Then
>> share it etc...
>>

>I thought you create an account with the settings you require.
>That sets up the user.dat registry stuff.
>From there, you put it in a directory specified by the profile, and the
>values will be picked up.
>You can decide if the settings are mandatory or not, depending on the file
>extension.
>

If he is using GPOs, these override the profiles, mandatory or
otherwise.

Cheers,

Cliff
--

The complete lack of evidence is the surest sign
that the conspiracy is working.
 
Reply With Quote
 
M
Guest
Posts: n/a
 
      10-16-2003
Cheers.....

Ill give that a go, infact I have loopback processing mode active at the
moment.

Its just a pain when sometimes you want stuff to apply to the 'computer' and
not the 'user'.

Ive struck it a few times now.

Thanks Cliff


M

"Enkidu" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Thu, 16 Oct 2003 10:32:50 +1300, "Matthew Strickland"
> <(E-Mail Removed)> wrote:
>
> >Hi all,
> >
> >How do I go about setting a mandatory profile in a Windows 2000 GPO
> >enviroment to be assigned by computer (not user). This is for a group of
> >library computers which I want the same desktop for all users.
> >How do I go about actually creating the 'template', do I have to create

the
> >desktop, apperance, icons etc on the target machines still first? - Then
> >share it etc...
> >

> Open Active Directory Users and Computer. Access the properties of the
> OU where the users are located, select the Group Policy Tab, and
> select a GPO to modify or create a new one. Set the settings that you
> require in the computer configuration settings. Set Loopback
> processing for the GPO, which ensures that the computer configuration
> settings are reapplied after all other processing. Block Inheritance
> may also be set..
>
> Cheers,
>
> Cliff
> --
>
> The complete lack of evidence is the surest sign
> that the conspiracy is working.



 
Reply With Quote
 
Enkidu
Guest
Posts: n/a
 
      10-17-2003
You're welcome. I'm currently trying to get my had arounf AD for the
MS exam, so answering the question was useful. I only hope I got it
right! I think it's along the right lines, anyway.

Cheers,

Cliff

On Fri, 17 Oct 2003 00:02:11 +1300, "M"
<(E-Mail Removed)> wrote:

>Cheers.....
>
>Ill give that a go, infact I have loopback processing mode active at the
>moment.
>
>Its just a pain when sometimes you want stuff to apply to the 'computer' and
>not the 'user'.
>
>Ive struck it a few times now.
>
>Thanks Cliff
>
>"Enkidu" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed).. .
>> On Thu, 16 Oct 2003 10:32:50 +1300, "Matthew Strickland"
>> <(E-Mail Removed)> wrote:
>>
>> >Hi all,
>> >
>> >How do I go about setting a mandatory profile in a Windows 2000 GPO
>> >enviroment to be assigned by computer (not user). This is for a group of
>> >library computers which I want the same desktop for all users.
>> >How do I go about actually creating the 'template', do I have to create

>the
>> >desktop, apperance, icons etc on the target machines still first? - Then
>> >share it etc...
>> >

>> Open Active Directory Users and Computer. Access the properties of the
>> OU where the users are located, select the Group Policy Tab, and
>> select a GPO to modify or create a new one. Set the settings that you
>> require in the computer configuration settings. Set Loopback
>> processing for the GPO, which ensures that the computer configuration
>> settings are reapplied after all other processing. Block Inheritance
>> may also be set..
>>
>> Cheers,
>>
>> Cliff
>> --
>>
>> The complete lack of evidence is the surest sign
>> that the conspiracy is working.

>


--

The complete lack of evidence is the surest sign
that the conspiracy is working.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mandatory Profiles Bill Havens MCSE 0 09-15-2006 12:15 AM
mandatory output binding? valentin tihomirov VHDL 1 07-04-2005 08:26 AM
mandatory text fields Srinivas ASP .Net 1 03-22-2005 12:58 PM
Moz1.7.5. Multiple profiles, profiles lacking email accts crash. oops Splibbilla Firefox 0 03-21-2005 02:58 AM
Mandatory Profiles and GP's again... Matthew Strickland NZ Computing 0 08-30-2004 02:12 AM



Advertisments