Go Premium for a chance to win a PS4. Enter to Win


Windows 2000 Professional setup for 40 identical users on one workstation without a domain.

Posted on 2004-08-08
Medium Priority
Last Modified: 2010-04-14
I need to set up 40 identical users on a Win 2000 workstation that has no domain.  This workstation will eventually be ghosted to about 20 additional machines in a middle school environment.  Here is what I need:

(1) Users should have no priveleges to install software or make major changes to the machine. (USER / GUEST)???
(2) All users will have the same wallpaper, favorites, screensaver, desktop, home page ,etc.
(3) It is extremely important that the user has no power to change the wallpaper, favorites, screensaver, desktop, home page ,etc.
(4) I would prefer not to use "protection" software like Fortres or Foolproof unless it is absolutely necessary
(5) Every user will use "My Documents" to save their individual work, hence I believe a mandatory profile can not be used.  No solution which wipes the user Documents and Settings folder is acceptable.
(6) I'm looking a solution that doesn't require a ton of copying and pasting stuff in the Documents and Settings folder.
(7) If there are any small W2K utilities that perform this task that would be ideal.

In addition,  I am open to any software that is ideal for a middle school classroom environment where students are limited to make the changes I specified in (3), but still giving students power to "explore".  The more detailed a solution, the more likely I will be to give away the points to one unique expert.  Thank you for your help.
Question by:jschreiber69
  • 2
  • 2
  • 2
  • +2

Author Comment

ID: 11749617
Sorry privileges was misspelled. I'm not an English teacher, thank God.

Expert Comment

ID: 11750384
all you need is to create user account. as user you have privileges on My Documments older but you can not install programs, mess around control panel, or change desktop settings.
I order to fine tune all security settings you can use Security policies.

Expert Comment

ID: 11750860
you need domain environment, install win2K on any PC and make it Domain controller by Dcpromo
add PCs to new domain and create users
add domain users (or the users you created) into power users group on PCs.
and make restriction by using default domain policy. (start-programs-admin tools - default domain policy)
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Expert Comment

by:Nabeeh ElDardery
ID: 11751054
Kindly find my comments for your points

(1) when creating the user accounts, do not add them to any group, just leave them with the default group (Users) to prevent them from installing any software
(2) logon with normal account and configure all your desktop settings (wallpaper and so on) + Redirect My Documents Folder to another location using %user_name% variable
then logon with another acount to copy the first Profile under documents and settings to All Users Profile (All users will have the same desktop settings) then rename the file under C:\Documents and Settings\All Users\NTUSER.DAT to NTUSER.MAN (Mandatory Profile)
(3) Yes, the use can not change the desktop settings
(4) No protection software
(5) Everyone should has his own My Documents folder
(6) no copying of profiles
(7) Mentioned steps is the tool


Author Comment

ID: 11751885
Eldardery,  in your step (2), if I redirect My Documents Folder to another location, where can I put it so other users can not access it and keep it secure (no students from 3rd period copying 1st period work)?   If you can explain your step (2) as detailed as possible (remember I have no domain)  and it works, I will award you the points.  Thanks.

Expert Comment

ID: 11752084
if you create simple user (restricted) it will have his own My Documments folder. I don't understand why should he redirect this folder to another location.
He only needs to create user account and that should be enough. everyone will login to this account and work in it. only thing he should do is to disable shutdown/restart to that account to prevent booting with another OS (knoppix). if that is enabled for user profile nothing will prevent someone to boot from CD and take control of computer with another OS.
LVL 14

Accepted Solution

dlwyatt82 earned 2000 total points
ID: 11753193
Many of the previous comments clearly did not read jschreiber's requirements - he plans to have 40 individual user accounts (with separate My Documents folders, each secured against access by other users).

jschreiber, I would recommend the following steps:

First, modify the default permissions on your drives. On a Windows 2000 Professional PC, odds are they are set to Full Control for Everyone by default. To change this, log on as the Administrator account and perform the following steps:

1) In My Computer, Right click on your C:\ drive, select Properties.
2) Click the Security tab.
3) Click Add
4) From the list of available users or groups, select the group named "Users", click Add, and click OK.
5) This new entry should have "Read&Execute", "List Folder Contents", and "Read" permissions checked by default. Leave these settings.
6) Click Add again.
7) This time, select the Administrators group.
8) Allow Full Control for Administrators.
9) Highlight "Everyone", and click Remove.
10) Click OK.

This will secure the hard drive from tampering and prepare for the steps which follow. At this point, you should verify that each user profile in "c:\documents and settings" still has the correct permissions (The Administrators group, possibly the SYSTEM account, and each individual user should have Full Control rights to their own profile folder. The Everyone and/or Users grops should NOT be present in the Access Control List for profile directories within Documents and Settings).

Next, configure Group Policy to enforce the system settings you mentioned, as follows:

1) Select Run from the start menu, and type "gpedit.msc". This opens the Group Policy MMC snap-in.
2) Configure the policies you want to enforce - the types of policies you described (Internet Explorer options, Desktop wallpaper, etc) can be found in the Administrative Templates section under User Configuration. Experiment with these a bit to get a feel for what you would like to configure via Policies. Feel free to post more questions about Group Policy here if you would like some more info.

Now, you are ready to create the user accounts for your students. When creating these accounts, make sure they are only members of the Users group. They will automatically have a profile directory created which gives them a My Documents folder which only they (and you, as the system Administrator) have access to.
LVL 14

Expert Comment

ID: 11753252
One other area you'll want to view in the Group Policy snap-in is User Configuration -> Windows Settings -> Internet Explorer Maintenance. This is where you can configure policies to enforce Favorites, Home Page, etc (in the URLs section).

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
There can be many situations demanding the conversion of Outlook OST files to PST format and as such, there is no shortage of automated tools to perform this conversion. However, what makes Stellar OST to PST converter stand above the rest? Let us e…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question