Solved

Windows 2000 Professional setup for 40 identical users on one workstation without a domain.

Posted on 2004-08-08
8
306 Views
Last Modified: 2010-04-14
I need to set up 40 identical users on a Win 2000 workstation that has no domain.  This workstation will eventually be ghosted to about 20 additional machines in a middle school environment.  Here is what I need:

(1) Users should have no priveleges to install software or make major changes to the machine. (USER / GUEST)???
(2) All users will have the same wallpaper, favorites, screensaver, desktop, home page ,etc.
(3) It is extremely important that the user has no power to change the wallpaper, favorites, screensaver, desktop, home page ,etc.
(4) I would prefer not to use "protection" software like Fortres or Foolproof unless it is absolutely necessary
(5) Every user will use "My Documents" to save their individual work, hence I believe a mandatory profile can not be used.  No solution which wipes the user Documents and Settings folder is acceptable.
(6) I'm looking a solution that doesn't require a ton of copying and pasting stuff in the Documents and Settings folder.
(7) If there are any small W2K utilities that perform this task that would be ideal.

In addition,  I am open to any software that is ideal for a middle school classroom environment where students are limited to make the changes I specified in (3), but still giving students power to "explore".  The more detailed a solution, the more likely I will be to give away the points to one unique expert.  Thank you for your help.
0
Comment
Question by:jschreiber69
  • 2
  • 2
  • 2
  • +2
8 Comments
 

Author Comment

by:jschreiber69
ID: 11749617
Sorry privileges was misspelled. I'm not an English teacher, thank God.
0
 
LVL 2

Expert Comment

by:tztrh
ID: 11750384
all you need is to create user account. as user you have privileges on My Documments older but you can not install programs, mess around control panel, or change desktop settings.
I order to fine tune all security settings you can use Security policies.
0
 
LVL 3

Expert Comment

by:saito1
ID: 11750860
you need domain environment, install win2K on any PC and make it Domain controller by Dcpromo
add PCs to new domain and create users
add domain users (or the users you created) into power users group on PCs.
and make restriction by using default domain policy. (start-programs-admin tools - default domain policy)
0
 
LVL 2

Expert Comment

by:Nabeeh ElDardery
ID: 11751054
Kindly find my comments for your points

(1) when creating the user accounts, do not add them to any group, just leave them with the default group (Users) to prevent them from installing any software
(2) logon with normal account and configure all your desktop settings (wallpaper and so on) + Redirect My Documents Folder to another location using %user_name% variable
 http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/Folder.htm  
then logon with another acount to copy the first Profile under documents and settings to All Users Profile (All users will have the same desktop settings) then rename the file under C:\Documents and Settings\All Users\NTUSER.DAT to NTUSER.MAN (Mandatory Profile)
(3) Yes, the use can not change the desktop settings
(4) No protection software
(5) Everyone should has his own My Documents folder
(6) no copying of profiles
(7) Mentioned steps is the tool

Nabeeh
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:jschreiber69
ID: 11751885
Eldardery,  in your step (2), if I redirect My Documents Folder to another location, where can I put it so other users can not access it and keep it secure (no students from 3rd period copying 1st period work)?   If you can explain your step (2) as detailed as possible (remember I have no domain)  and it works, I will award you the points.  Thanks.
0
 
LVL 2

Expert Comment

by:tztrh
ID: 11752084
if you create simple user (restricted) it will have his own My Documments folder. I don't understand why should he redirect this folder to another location.
He only needs to create user account and that should be enough. everyone will login to this account and work in it. only thing he should do is to disable shutdown/restart to that account to prevent booting with another OS (knoppix). if that is enabled for user profile nothing will prevent someone to boot from CD and take control of computer with another OS.
0
 
LVL 14

Accepted Solution

by:
dlwyatt82 earned 500 total points
ID: 11753193
Many of the previous comments clearly did not read jschreiber's requirements - he plans to have 40 individual user accounts (with separate My Documents folders, each secured against access by other users).

jschreiber, I would recommend the following steps:

First, modify the default permissions on your drives. On a Windows 2000 Professional PC, odds are they are set to Full Control for Everyone by default. To change this, log on as the Administrator account and perform the following steps:

1) In My Computer, Right click on your C:\ drive, select Properties.
2) Click the Security tab.
3) Click Add
4) From the list of available users or groups, select the group named "Users", click Add, and click OK.
5) This new entry should have "Read&Execute", "List Folder Contents", and "Read" permissions checked by default. Leave these settings.
6) Click Add again.
7) This time, select the Administrators group.
8) Allow Full Control for Administrators.
9) Highlight "Everyone", and click Remove.
10) Click OK.

This will secure the hard drive from tampering and prepare for the steps which follow. At this point, you should verify that each user profile in "c:\documents and settings" still has the correct permissions (The Administrators group, possibly the SYSTEM account, and each individual user should have Full Control rights to their own profile folder. The Everyone and/or Users grops should NOT be present in the Access Control List for profile directories within Documents and Settings).

Next, configure Group Policy to enforce the system settings you mentioned, as follows:

1) Select Run from the start menu, and type "gpedit.msc". This opens the Group Policy MMC snap-in.
2) Configure the policies you want to enforce - the types of policies you described (Internet Explorer options, Desktop wallpaper, etc) can be found in the Administrative Templates section under User Configuration. Experiment with these a bit to get a feel for what you would like to configure via Policies. Feel free to post more questions about Group Policy here if you would like some more info.

Now, you are ready to create the user accounts for your students. When creating these accounts, make sure they are only members of the Users group. They will automatically have a profile directory created which gives them a My Documents folder which only they (and you, as the system Administrator) have access to.
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11753252
One other area you'll want to view in the Group Policy snap-in is User Configuration -> Windows Settings -> Internet Explorer Maintenance. This is where you can configure policies to enforce Favorites, Home Page, etc (in the URLs section).
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Facing problems with you memory card? Cannot access your memory card? All stored data, images, videos are lost? If these are your questions...than this small article might help you out in retrieving your lost or inaccessible data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now