Solved

Standard desktop image during reboot

Posted on 2003-10-23
28
256 Views
Last Modified: 2010-04-13
All right guys, here's what I need:

I want to have standard desktop image that comes up during a reboot.  For instance, say I have a user who loads WinZip or some other app on the desktop.  When that user logs off, I want that app to not appear the next time the same user logs on.  No matter what that use loads on the PC, I want everything to revert back to a standard image (think a school system network).  

Thanks in Advance for any help
0
Comment
Question by:neowolf219
  • 12
  • 9
  • 5
  • +2
28 Comments
 
LVL 49

Expert Comment

by:sunray_2003
ID: 9607442
Neowolf219,

I am not quite clear here .

How can opening winzip or any application for that matter change the desktop image.

opening that is nothing to do with desktop image

Sunray
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9609309
He means installing it. It sounds like what you need is terminal services.
0
 
LVL 3

Author Comment

by:neowolf219
ID: 9610407
Sorry about not being clear.  What I should have said, is that if someloads an application (say, Winzip for instance), that when they log off, the application is uninstalled and the PC is like it was during the first login.  

For practical purposes, suppose a student logs into one of the PCs at school and installs a program she/he shouldn't.  I don't want that program to be there on reboot.  I could lock down the PCs with a Group Policy, but in some instances I do need them to install programs so I have to give them rights to do so.  But is there a way when they log off for everything to be "undone".

Thanks for your help guys.
0
 
LVL 1

Accepted Solution

by:
NetwerkMerc earned 100 total points
ID: 9611369
1st....decide whether you want your users to beable to install software.  You might find that most do not.  So...once you get that down...

you have 2 choices

1.Make two template users.  One for each user class (1 with install permissions and 1 without) and log in and change the profiles how you wish for each of them.  Log on as Admin copy the profiles to a share (or local secured location).  Have a "neutered" users use a mandatory profile, which you would use one of the previousky created profiles as the template.  Do the same for the "enabled" user.  Then through policy, lock down the enviroment.  

This way only specific users CAN install, however since mandatory profiles are Read-Only, their changes will be lost.  And the ones that can't...well...they can't leave a bunch of trash on the HD.  But you will need to periodically clean the orphaned apps.  Use quotas so it doesn't bite you.

http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/lsm_profile_roaming.htm

2.Use scripts....not as pretty and neat as above.

-Eric
0
 
LVL 1

Expert Comment

by:NetwerkMerc
ID: 9611401
Continued.....
I would definitely create two user templates and make a custom profile for each of them.  One that CAN install and one that cannot.  When you are doing a lesson that involves installation rights, either ave them logged on automatically, (you can script in AutoAdminLogon reg hacks, and script them out).  Disable changing of PWs they won't ever know the passwords, providing you disable access to the registry.  This can all be done through GP at the server.  With the mandatory read-only profiles when the user logs out changes are lost and you can script in the reg patch to disable the autoadmin logon or to referacne the "neutered" account, for the next class which won't be installing anything.  In cases like this, definetly keep the profiles on a share, they will be small and even 10base shouldn't have any problems serving 30-40 stations with slimlined profiles.

-Eric  
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9611479
I still think terminal servieces is the way to go, if a user needs a program you can install it and make it acailable to him/her
0
 
LVL 1

Expert Comment

by:NetwerkMerc
ID: 9611488
Sorry....I keep on noticeing small points.
As far as uninstalling....mmmm, since user.man will be read only, HKU will not be modified.  But FYI   anything that installs via .msi  you can script uninstallations.  

to uninstall use:
msiexec.exe <%whatever%>:\whatever\whatever.msi /q /x

get to know your "IF" syntax.

As for others like install sheild, etc., I am sure they have a command for quiet unattended uninstall.

If you are doing heavy scripting consider some scripting mods.  www.kixtart.org  is a good free one.

-Eric

0
 
LVL 1

Expert Comment

by:NetwerkMerc
ID: 9611499
I disagree, adds more network and system overhead and CALs CALs CALs CALs

Through intelligent profiling and policing you can make it pretty damn rock hard.  Cheaper too.

-Eric
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9611542
All except the install and use programs I agree.... the admin overhead alone for that would be worth the CALS to me
0
 
LVL 11

Assisted Solution

by:ewtaylor
ewtaylor earned 25 total points
ID: 9611550
Of course depending on what they need to do you could go thin client and linux.
0
 
LVL 1

Expert Comment

by:NetwerkMerc
ID: 9611670
Screw linux....admin overhead.....hello.  I mean use whatever you want, but I think a little extra work on the frontend will do the job and do it right and minimize administration.  Let scripts do all the work such as uninstalls on log out, the instructer and inforce a new policy auto logging in the workstations win new rights and permissions as needed.  That could be a simplet batch on his workstation and I know to solve the program installation changes to the registry, with KiXtart you can load and unload registry hives.  The "loadhive" script subset and the delete routine to remove the installed files is all that would need to be scripted.  Basically System,dat (the equiv) is reloaded, user.dat cannot be modified and a delete or format subset to the enforced installation point is all run on logon.  If he wants to create two users with installl and one without install rights, it is quite easy and infact the script would not need to be changed, just the policy allowing installation.

Free, ability to intergrate without adding or changing the enviroment and actually reduced administration, as opposed to managing a TermSvcs solution and dealing with CALs and TSL and LLS.  See what I'm sayin?

-Eric
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9613784
lol one sentence you say something about admin overhead then you say a little frontend extra work... seem to contradict yourself. I am sorry you do not know unix. Nothing easier than terminal services, and it allows a standard desktop, it actually solves his problem nicely.
No I guess I don't see what you are saying
0
 
LVL 3

Author Comment

by:neowolf219
ID: 9613937
NetwerkMerc and ewtaylor,

I think the mandatory profiles are what I am looking at ... I'm going to simulate it today in-house to see how it goes.  Thanks a million for your help, you've both given me enough to go in the right direction.  


0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9614026
Good luck, keep us posted on how it goes.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Expert Comment

by:NetwerkMerc
ID: 9618283
Neo:
Please so keep us in the loop.  Hope it works, I am more than happy to assist should you have any questions or come across any difficulties.

-Eric

EW:
I most definitely did not mean to offend to condescend.  I am big on "choose whatever the hell you want" with the underlying theory; re-architecting an existing solution, is wasteful, especially based off of favoritism.  Assimilate....rounding off the edges so things are snug.  Sometimes, though you have to.  I didn't mean to belittle any suggestion, infact it is through these dialogues that solutions become well-defined.  

Front-end effort is closer to preparation and implementation as opposed to maintenance or back-end, to which there is no end; it defines itself linearly (i.e. there is always tomorrow, yet tomorrow never comes").  Maintenance or back-end effort is what I consider overhead, overhead is typically a liquid variable.  It is the unknown in TCO, however obtaining and maintaining CALs (in this instance) could be both front-end and back-end/overhead or just back-end overhead.  Since this is an existing environment this is what I look at and how I classify phases and requirements.
1. Existing MS (assumed 2k or 2k3) infrastructure, with at least domain organization
2. Since the build out has already been done and without knowledge of systems specs, major infrastructure changes are avoided (I consider switching an unknown number of clients to a TS solution, a major change)
3. Conceptualization to implementation/integration timeframe vs. drop-dead dates : acceptable attrition (lost person-hours, revenue generation, interruption of service, etc.)
3. Costs; software, hardware, licensing, staff
4. Expected maintenance, estimated reliability,
5. Scalability

Based on the environment, a few hours making: a clean up logon and logoff script, a mandatory profile and policies will meet the requirements.  No additional up-front costs, it is simple, reliable, scaleable (to a point, governed by environment), uninvasive and once implemented requires minimal upkeep, actually shouldn't need any.  Unless requirements change, of course.  

Semantics, semantics, semantics    : )

-Eric

Can we split points?    
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9621205
Agreed, I just like to think outside the box. I used to be down on TS until I really implemented it and started using it now I think it is great. One job I went in was a factory of the future, they had around purchasing 3000 workstations and a big Windows server with an oracle database and custom java front end. They where congratulating themselves on negotiating a deal with Microsoft to the toon of around 3 million dollars (there where some other server etc also). I looked at what they where doing on the workstations it was all web based. Moved the server over to Linux ran thin clients on the manufacturing floor. Saved them big bucks and helped increase employee productivity...got a nice bonus. I agree it will not work everywhere, and believe it or not I am a big diehard windows person. I love kixtart and the things it can do, and with the new win2k3 server it looks even nicer.
0
 
LVL 3

Author Comment

by:neowolf219
ID: 9636662
http://www.centuriontech.com/driveshield.htm

This is actually what I think my boss was looking for, but it is nice to be able to do it administrativly without spending any money on an app.  Just thought you guys would like to know about it for future reference.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9642544
Ahh in that case take a look at the deep freeze software http://www.ezhdd.com/main.htm
0
 
LVL 3

Author Comment

by:neowolf219
ID: 9643623
ewtaylor or anyone else,

Please know that I realize I'm swinging for the fences here, but do you know of any shareware that will (at the least) delete user loaded apps off their hard drive.  Setting up mandatory profiles will work, but I need a way to get rid of the installed applications.

I will reward points for this information.  

PS I wish we would just lock down the systems, but understand that isn't an option.  
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9644499
The program I pointed out will do that it installs everything to a seperate protected partition that it basically reformats at each reboot. Are you looking for something in a shareware product to do this?
0
 
LVL 1

Expert Comment

by:NetwerkMerc
ID: 9644619
The easiest way (especially if all machines are the same) is to force a common install location on the user.  Since it is a mandatory profile the HKCU will not make persistant changes to the HKU.  A logoff script delete routine for that location (directory, volume, etc.) and on logoff load the, will take care of the files, since it is mandatory profile, all user enviroments will be reset and just call registry hive loads to clear up system referances, preventing orphaned registry referances.  YOu will want to make sure that the default user profile and the all user profiles are read only as well.  

Another way, is making use of RIS.  But I do not know how flexible it is with 3rd party software.  But if you went that route all installs would be done administratively initiated by the server.  Then all users will be on the mandatory profile and you can lock everything down, via policy.  Since installs and uninstalls are handled by you server side, the user install requirement is moot.

-Eric
0
 
LVL 1

Expert Comment

by:NetwerkMerc
ID: 9644672
EW:
What about the registry changes to HKLM, those are global changes (global for the system) and that is persistant.  Deleting the files is not enough....

-Eric
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9645562
Q.         What is EZHDD?

A.         EZHDD is a security/recovery system that drastically reduces PC maintenance by preventing users from saving permanent changes to the hard drive.  Each time the PC is rebooted, all changes made by the user are reversed.  EZHDD will not prevent the user from changing the registry, deleting programs, or installing software or viruses.  It will, however, return the PC to its original condition when it is rebooted.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9645688
deep freeze will reset the registry back to clean condition on reboot
0
 
LVL 3

Author Comment

by:neowolf219
ID: 9645795
ewtaylor,

EZHDD is exactly what we need, but boss man is wanting to see if there is any shareware that will do basically the same thing (don't try explaining that the price is well worth it if you throw in administrative costs of maintaining 200-500 mandatory profiles ... got love politics).  I am going to continue to try and convince him this is good, and to give the trial version a shot, but in the mean time if you know of any shareware that we could use as a comparison, that would be excellent.  

Thanks.
0
 
LVL 1

Expert Comment

by:NetwerkMerc
ID: 9646511
Ahhh....hmm....I might have to check that out.  

Danke!

EW...you and me are on a few threads together...interesting.

Good luck Neo.

-Eric
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 9646639
Yes, and I am learning a lot from ya.... Keep up the good work!
0
 

Expert Comment

by:talon926
ID: 12108868
What id Deep Freeze?
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vCenter Server Appliance 6.5 (VCSA 6.5), with some helpful tips along the way.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now