Mandatory profiles assigned to computer

Discussion in 'NZ Computing' started by Matthew Strickland, Oct 15, 2003.

  1. Hi all,

    How do I go about setting a mandatory profile in a Windows 2000 GPO
    enviroment to be assigned by computer (not user). This is for a group of
    library computers which I want the same desktop for all users.
    How do I go about actually creating the 'template', do I have to create the
    desktop, apperance, icons etc on the target machines still first? - Then
    share it etc...

    Matt
    Matthew Strickland, Oct 15, 2003
    #1
    1. Advertising

  2. Matthew Strickland

    T.N.O. Guest

    "Matthew Strickland" wrote
    > This is for a group of
    > library computers which I want the same desktop for all users.


    My reply assumes a win2k AD network
    Make it not able to be logged in other than from one account, call it
    library or similar.

    Basically, lock down that account so they cannot **** with anything.
    Then make an auto logon reg file like this.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "AutoAdminLogon"="1"
    "DefaultPassword"="password"
    "DefaultUserName"="library_logon"
    "DefaultDomainName"="name_of_domain"

    > How do I go about actually creating the 'template', do I have to create

    the
    > desktop, apperance, icons etc on the target machines still first? - Then
    > share it etc...


    Same as for any other user.
    T.N.O., Oct 15, 2003
    #2
    1. Advertising

  3. Id prefer users to use their own account to save files to home drives,
    however Id like to just make a mandatory profile so it doesnt save any
    changes to their own profile, or the local machine.

    Their own logon also authenticates with the linux box for internet access
    too (if allowed)

    Matt

    "T.N.O." <> wrote in message
    news:bmkgr9$o7686$-berlin.de...
    > "Matthew Strickland" wrote
    > > This is for a group of
    > > library computers which I want the same desktop for all users.

    >
    > My reply assumes a win2k AD network
    > Make it not able to be logged in other than from one account, call it
    > library or similar.
    >
    > Basically, lock down that account so they cannot **** with anything.
    > Then make an auto logon reg file like this.
    >
    > Windows Registry Editor Version 5.00
    >
    > [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    > "AutoAdminLogon"="1"
    > "DefaultPassword"="password"
    > "DefaultUserName"="library_logon"
    > "DefaultDomainName"="name_of_domain"
    >
    > > How do I go about actually creating the 'template', do I have to create

    > the
    > > desktop, apperance, icons etc on the target machines still first? - Then
    > > share it etc...

    >
    > Same as for any other user.
    >
    >
    Matthew Strickland, Oct 15, 2003
    #3
  4. Matthew Strickland

    T.N.O. Guest

    "Matthew Strickland" <> wrote in message
    news:x5kjb.179770$...
    > Id prefer users to use their own account to save files to home drives,
    > however Id like to just make a mandatory profile so it doesnt save any
    > changes to their own profile, or the local machine.
    >
    > Their own logon also authenticates with the linux box for internet access
    > too (if allowed)


    oh ok... ummm, yeah, I'll get back to you.
    T.N.O., Oct 16, 2003
    #4
  5. Matthew Strickland

    AD. Guest

    On Thu, 16 Oct 2003 12:51:51 +1300, T.N.O. wrote:

    > "Matthew Strickland" <> wrote in message
    > news:x5kjb.179770$...
    >> Id prefer users to use their own account to save files to home drives,
    >> however Id like to just make a mandatory profile so it doesnt save any
    >> changes to their own profile, or the local machine.
    >>
    >> Their own logon also authenticates with the linux box for internet
    >> access too (if allowed)

    >
    > oh ok... ummm, yeah, I'll get back to you.


    The easiest way would probably NTLM auth on a recent Squid version. You
    would have to set up the firewall rules to stop non proxied web access too.

    You wouldn't be able to disable NTLM and go to a pure Kerberos setup
    for that though.

    If you are keener, you could try integrating Kerberos and SPNEGO
    etc.

    I've been doing some reading on this type of stuff, but haven't tried
    actually implementing it.

    Cheers
    Anton
    AD., Oct 16, 2003
    #5
  6. Matthew Strickland

    armpit Guest

    "Matthew Strickland" <> wrote in message
    news:82jjb.179721$...
    > Hi all,
    >
    > How do I go about setting a mandatory profile in a Windows 2000 GPO
    > enviroment to be assigned by computer (not user). This is for a group of
    > library computers which I want the same desktop for all users.
    > How do I go about actually creating the 'template', do I have to create

    the
    > desktop, apperance, icons etc on the target machines still first? - Then
    > share it etc...
    >
    > Matt
    >

    I thought you create an account with the settings you require.
    That sets up the user.dat registry stuff.
    From there, you put it in a directory specified by the profile, and the
    values will be picked up.
    You can decide if the settings are mandatory or not, depending on the file
    extension.

    This is from memory, but its along those lines.
    armpit, Oct 16, 2003
    #6
  7. Matthew Strickland

    Enkidu Guest

    On Thu, 16 Oct 2003 10:32:50 +1300, "Matthew Strickland"
    <> wrote:

    >Hi all,
    >
    >How do I go about setting a mandatory profile in a Windows 2000 GPO
    >enviroment to be assigned by computer (not user). This is for a group of
    >library computers which I want the same desktop for all users.
    >How do I go about actually creating the 'template', do I have to create the
    >desktop, apperance, icons etc on the target machines still first? - Then
    >share it etc...
    >

    Open Active Directory Users and Computer. Access the properties of the
    OU where the users are located, select the Group Policy Tab, and
    select a GPO to modify or create a new one. Set the settings that you
    require in the computer configuration settings. Set Loopback
    processing for the GPO, which ensures that the computer configuration
    settings are reapplied after all other processing. Block Inheritance
    may also be set..

    Cheers,

    Cliff
    --

    The complete lack of evidence is the surest sign
    that the conspiracy is working.
    Enkidu, Oct 16, 2003
    #7
  8. Matthew Strickland

    Enkidu Guest

    On Thu, 16 Oct 2003 16:07:51 +1300, "armpit" <> wrote:

    >
    >"Matthew Strickland" <> wrote in message
    >news:82jjb.179721$...
    >> Hi all,
    >>
    >> How do I go about setting a mandatory profile in a Windows 2000 GPO
    >> enviroment to be assigned by computer (not user). This is for a group of
    >> library computers which I want the same desktop for all users.
    >> How do I go about actually creating the 'template', do I have to create

    >the
    >> desktop, apperance, icons etc on the target machines still first? - Then
    >> share it etc...
    >>

    >I thought you create an account with the settings you require.
    >That sets up the user.dat registry stuff.
    >From there, you put it in a directory specified by the profile, and the
    >values will be picked up.
    >You can decide if the settings are mandatory or not, depending on the file
    >extension.
    >

    If he is using GPOs, these override the profiles, mandatory or
    otherwise.

    Cheers,

    Cliff
    --

    The complete lack of evidence is the surest sign
    that the conspiracy is working.
    Enkidu, Oct 16, 2003
    #8
  9. Matthew Strickland

    M Guest

    Cheers.....

    Ill give that a go, infact I have loopback processing mode active at the
    moment.

    Its just a pain when sometimes you want stuff to apply to the 'computer' and
    not the 'user'.

    Ive struck it a few times now.

    Thanks Cliff


    M

    "Enkidu" <> wrote in message
    news:...
    > On Thu, 16 Oct 2003 10:32:50 +1300, "Matthew Strickland"
    > <> wrote:
    >
    > >Hi all,
    > >
    > >How do I go about setting a mandatory profile in a Windows 2000 GPO
    > >enviroment to be assigned by computer (not user). This is for a group of
    > >library computers which I want the same desktop for all users.
    > >How do I go about actually creating the 'template', do I have to create

    the
    > >desktop, apperance, icons etc on the target machines still first? - Then
    > >share it etc...
    > >

    > Open Active Directory Users and Computer. Access the properties of the
    > OU where the users are located, select the Group Policy Tab, and
    > select a GPO to modify or create a new one. Set the settings that you
    > require in the computer configuration settings. Set Loopback
    > processing for the GPO, which ensures that the computer configuration
    > settings are reapplied after all other processing. Block Inheritance
    > may also be set..
    >
    > Cheers,
    >
    > Cliff
    > --
    >
    > The complete lack of evidence is the surest sign
    > that the conspiracy is working.
    M, Oct 16, 2003
    #9
  10. Matthew Strickland

    Enkidu Guest

    You're welcome. I'm currently trying to get my had arounf AD for the
    MS exam, so answering the question was useful. I only hope I got it
    right! I think it's along the right lines, anyway.

    Cheers,

    Cliff

    On Fri, 17 Oct 2003 00:02:11 +1300, "M"
    <> wrote:

    >Cheers.....
    >
    >Ill give that a go, infact I have loopback processing mode active at the
    >moment.
    >
    >Its just a pain when sometimes you want stuff to apply to the 'computer' and
    >not the 'user'.
    >
    >Ive struck it a few times now.
    >
    >Thanks Cliff
    >
    >"Enkidu" <> wrote in message
    >news:...
    >> On Thu, 16 Oct 2003 10:32:50 +1300, "Matthew Strickland"
    >> <> wrote:
    >>
    >> >Hi all,
    >> >
    >> >How do I go about setting a mandatory profile in a Windows 2000 GPO
    >> >enviroment to be assigned by computer (not user). This is for a group of
    >> >library computers which I want the same desktop for all users.
    >> >How do I go about actually creating the 'template', do I have to create

    >the
    >> >desktop, apperance, icons etc on the target machines still first? - Then
    >> >share it etc...
    >> >

    >> Open Active Directory Users and Computer. Access the properties of the
    >> OU where the users are located, select the Group Policy Tab, and
    >> select a GPO to modify or create a new one. Set the settings that you
    >> require in the computer configuration settings. Set Loopback
    >> processing for the GPO, which ensures that the computer configuration
    >> settings are reapplied after all other processing. Block Inheritance
    >> may also be set..
    >>
    >> Cheers,
    >>
    >> Cliff
    >> --
    >>
    >> The complete lack of evidence is the surest sign
    >> that the conspiracy is working.

    >


    --

    The complete lack of evidence is the surest sign
    that the conspiracy is working.
    Enkidu, Oct 17, 2003
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Splibbilla
    Replies:
    0
    Views:
    671
    Splibbilla
    Mar 21, 2005
  2. JH
    Replies:
    4
    Views:
    5,806
    Dean C
    Aug 16, 2004
  3. Test
    Replies:
    4
    Views:
    643
    T. Sean Weintz
    Feb 24, 2005
  4. Bill Havens

    Mandatory Profiles

    Bill Havens, Sep 15, 2006, in forum: MCSE
    Replies:
    0
    Views:
    546
    Bill Havens
    Sep 15, 2006
  5. Matthew Strickland

    Mandatory Profiles and GP's again...

    Matthew Strickland, Aug 30, 2004, in forum: NZ Computing
    Replies:
    0
    Views:
    320
    Matthew Strickland
    Aug 30, 2004
Loading...

Share This Page