«

Hi all,

How do I go about setting a mandatory profile in a Windows 2000 GPO
enviroment to be assigned by computer (not user). This is for a group of
library computers which I want the same desktop for all users.
How do I go about actually creating the 'template', do I have to create the
desktop, apperance, icons etc on the target machines still first? - Then
share it etc...

Matt

"Matthew Strickland" wrote
> This is for a group of
> library computers which I want the same desktop for all users.

My reply assumes a win2k AD network
Make it not able to be logged in other than from one account, call it
library or similar.

Basically, lock down that account so they cannot **** with anything.
Then make an auto logon reg file like this.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoAdminLogon"="1"
"DefaultPassword"="password"
"DefaultUserName"="library_logon"
"DefaultDomainName"="name_of_domain"

> How do I go about actually creating the 'template', do I have to create
the
> desktop, apperance, icons etc on the target machines still first? - Then
> share it etc...

Same as for any other user.

Id prefer users to use their own account to save files to home drives,
however Id like to just make a mandatory profile so it doesnt save any
changes to their own profile, or the local machine.

Their own logon also authenticates with the linux box for internet access
too (if allowed)

Matt

"T.N.O." <> wrote in message
news:bmkgr9$o7686$...
> "Matthew Strickland" wrote
> > This is for a group of
> > library computers which I want the same desktop for all users.
>
> My reply assumes a win2k AD network
> Make it not able to be logged in other than from one account, call it
> library or similar.
>
> Basically, lock down that account so they cannot **** with anything.
> Then make an auto logon reg file like this.
>
> Windows Registry Editor Version 5.00
>
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
> "AutoAdminLogon"="1"
> "DefaultPassword"="password"
> "DefaultUserName"="library_logon"
> "DefaultDomainName"="name_of_domain"
>
> > How do I go about actually creating the 'template', do I have to create
> the
> > desktop, apperance, icons etc on the target machines still first? - Then
> > share it etc...
>
> Same as for any other user.
>
>

"Matthew Strickland" <> wrote in message
news5kjb.179770$...
> Id prefer users to use their own account to save files to home drives,
> however Id like to just make a mandatory profile so it doesnt save any
> changes to their own profile, or the local machine.
>
> Their own logon also authenticates with the linux box for internet access
> too (if allowed)

oh ok... ummm, yeah, I'll get back to you.

On Thu, 16 Oct 2003 12:51:51 +1300, T.N.O. wrote:

> "Matthew Strickland" <> wrote in message
> news5kjb.179770$...
>> Id prefer users to use their own account to save files to home drives,
>> however Id like to just make a mandatory profile so it doesnt save any
>> changes to their own profile, or the local machine.
>>
>> Their own logon also authenticates with the linux box for internet
>> access too (if allowed)
>
> oh ok... ummm, yeah, I'll get back to you.

The easiest way would probably NTLM auth on a recent Squid version. You
would have to set up the firewall rules to stop non proxied web access too.

You wouldn't be able to disable NTLM and go to a pure Kerberos setup
for that though.

If you are keener, you could try integrating Kerberos and SPNEGO
etc.

I've been doing some reading on this type of stuff, but haven't tried
actually implementing it.

Cheers
Anton

"Matthew Strickland" <> wrote in message
news:82jjb.179721$...
> Hi all,
>
> How do I go about setting a mandatory profile in a Windows 2000 GPO
> enviroment to be assigned by computer (not user). This is for a group of
> library computers which I want the same desktop for all users.
> How do I go about actually creating the 'template', do I have to create
the
> desktop, apperance, icons etc on the target machines still first? - Then
> share it etc...
>
> Matt
>
I thought you create an account with the settings you require.
That sets up the user.dat registry stuff.
From there, you put it in a directory specified by the profile, and the
values will be picked up.
You can decide if the settings are mandatory or not, depending on the file
extension.

This is from memory, but its along those lines.

On Thu, 16 Oct 2003 10:32:50 +1300, "Matthew Strickland"
<> wrote:

>Hi all,
>
>How do I go about setting a mandatory profile in a Windows 2000 GPO
>enviroment to be assigned by computer (not user). This is for a group of
>library computers which I want the same desktop for all users.
>How do I go about actually creating the 'template', do I have to create the
>desktop, apperance, icons etc on the target machines still first? - Then
>share it etc...
>
Open Active Directory Users and Computer. Access the properties of the
OU where the users are located, select the Group Policy Tab, and
select a GPO to modify or create a new one. Set the settings that you
require in the computer configuration settings. Set Loopback
processing for the GPO, which ensures that the computer configuration
settings are reapplied after all other processing. Block Inheritance
may also be set..

Cheers,

Cliff
--

The complete lack of evidence is the surest sign
that the conspiracy is working.

On Thu, 16 Oct 2003 16:07:51 +1300, "armpit" <> wrote:

>
>"Matthew Strickland" <> wrote in message
>news:82jjb.179721$.. .
>> Hi all,
>>
>> How do I go about setting a mandatory profile in a Windows 2000 GPO
>> enviroment to be assigned by computer (not user). This is for a group of
>> library computers which I want the same desktop for all users.
>> How do I go about actually creating the 'template', do I have to create
>the
>> desktop, apperance, icons etc on the target machines still first? - Then
>> share it etc...
>>
>I thought you create an account with the settings you require.
>That sets up the user.dat registry stuff.
>From there, you put it in a directory specified by the profile, and the
>values will be picked up.
>You can decide if the settings are mandatory or not, depending on the file
>extension.
>
If he is using GPOs, these override the profiles, mandatory or
otherwise.

Cheers,

Cliff
--

The complete lack of evidence is the surest sign
that the conspiracy is working.

Cheers.....

Ill give that a go, infact I have loopback processing mode active at the
moment.

Its just a pain when sometimes you want stuff to apply to the 'computer' and
not the 'user'.

Ive struck it a few times now.

Thanks Cliff


M

"Enkidu" <> wrote in message
news:...
> On Thu, 16 Oct 2003 10:32:50 +1300, "Matthew Strickland"
> <> wrote:
>
> >Hi all,
> >
> >How do I go about setting a mandatory profile in a Windows 2000 GPO
> >enviroment to be assigned by computer (not user). This is for a group of
> >library computers which I want the same desktop for all users.
> >How do I go about actually creating the 'template', do I have to create
the
> >desktop, apperance, icons etc on the target machines still first? - Then
> >share it etc...
> >
> Open Active Directory Users and Computer. Access the properties of the
> OU where the users are located, select the Group Policy Tab, and
> select a GPO to modify or create a new one. Set the settings that you
> require in the computer configuration settings. Set Loopback
> processing for the GPO, which ensures that the computer configuration
> settings are reapplied after all other processing. Block Inheritance
> may also be set..
>
> Cheers,
>
> Cliff
> --
>
> The complete lack of evidence is the surest sign
> that the conspiracy is working.

You're welcome. I'm currently trying to get my had arounf AD for the
MS exam, so answering the question was useful. I only hope I got it
right! I think it's along the right lines, anyway.

Cheers,

Cliff

On Fri, 17 Oct 2003 00:02:11 +1300, "M"
<> wrote:

>Cheers.....
>
>Ill give that a go, infact I have loopback processing mode active at the
>moment.
>
>Its just a pain when sometimes you want stuff to apply to the 'computer' and
>not the 'user'.
>
>Ive struck it a few times now.
>
>Thanks Cliff
>
>"Enkidu" <> wrote in message
>news:.. .
>> On Thu, 16 Oct 2003 10:32:50 +1300, "Matthew Strickland"
>> <> wrote:
>>
>> >Hi all,
>> >
>> >How do I go about setting a mandatory profile in a Windows 2000 GPO
>> >enviroment to be assigned by computer (not user). This is for a group of
>> >library computers which I want the same desktop for all users.
>> >How do I go about actually creating the 'template', do I have to create
>the
>> >desktop, apperance, icons etc on the target machines still first? - Then
>> >share it etc...
>> >
>> Open Active Directory Users and Computer. Access the properties of the
>> OU where the users are located, select the Group Policy Tab, and
>> select a GPO to modify or create a new one. Set the settings that you
>> require in the computer configuration settings. Set Loopback
>> processing for the GPO, which ensures that the computer configuration
>> settings are reapplied after all other processing. Block Inheritance
>> may also be set..
>>
>> Cheers,
>>
>> Cliff
>> --
>>
>> The complete lack of evidence is the surest sign
>> that the conspiracy is working.
>

--

The complete lack of evidence is the surest sign
that the conspiracy is working.