Solved

Windows 2000 Professional setup for 40 identical users on one workstation without a domain.

Posted on 2004-08-08
8
303 Views
Last Modified: 2010-04-14
I need to set up 40 identical users on a Win 2000 workstation that has no domain.  This workstation will eventually be ghosted to about 20 additional machines in a middle school environment.  Here is what I need:

(1) Users should have no priveleges to install software or make major changes to the machine. (USER / GUEST)???
(2) All users will have the same wallpaper, favorites, screensaver, desktop, home page ,etc.
(3) It is extremely important that the user has no power to change the wallpaper, favorites, screensaver, desktop, home page ,etc.
(4) I would prefer not to use "protection" software like Fortres or Foolproof unless it is absolutely necessary
(5) Every user will use "My Documents" to save their individual work, hence I believe a mandatory profile can not be used.  No solution which wipes the user Documents and Settings folder is acceptable.
(6) I'm looking a solution that doesn't require a ton of copying and pasting stuff in the Documents and Settings folder.
(7) If there are any small W2K utilities that perform this task that would be ideal.

In addition,  I am open to any software that is ideal for a middle school classroom environment where students are limited to make the changes I specified in (3), but still giving students power to "explore".  The more detailed a solution, the more likely I will be to give away the points to one unique expert.  Thank you for your help.
0
Comment
Question by:jschreiber69
  • 2
  • 2
  • 2
  • +2
8 Comments
 

Author Comment

by:jschreiber69
Comment Utility
Sorry privileges was misspelled. I'm not an English teacher, thank God.
0
 
LVL 2

Expert Comment

by:tztrh
Comment Utility
all you need is to create user account. as user you have privileges on My Documments older but you can not install programs, mess around control panel, or change desktop settings.
I order to fine tune all security settings you can use Security policies.
0
 
LVL 3

Expert Comment

by:saito1
Comment Utility
you need domain environment, install win2K on any PC and make it Domain controller by Dcpromo
add PCs to new domain and create users
add domain users (or the users you created) into power users group on PCs.
and make restriction by using default domain policy. (start-programs-admin tools - default domain policy)
0
 
LVL 2

Expert Comment

by:Nabeeh ElDardery
Comment Utility
Kindly find my comments for your points

(1) when creating the user accounts, do not add them to any group, just leave them with the default group (Users) to prevent them from installing any software
(2) logon with normal account and configure all your desktop settings (wallpaper and so on) + Redirect My Documents Folder to another location using %user_name% variable
 http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/Folder.htm  
then logon with another acount to copy the first Profile under documents and settings to All Users Profile (All users will have the same desktop settings) then rename the file under C:\Documents and Settings\All Users\NTUSER.DAT to NTUSER.MAN (Mandatory Profile)
(3) Yes, the use can not change the desktop settings
(4) No protection software
(5) Everyone should has his own My Documents folder
(6) no copying of profiles
(7) Mentioned steps is the tool

Nabeeh
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:jschreiber69
Comment Utility
Eldardery,  in your step (2), if I redirect My Documents Folder to another location, where can I put it so other users can not access it and keep it secure (no students from 3rd period copying 1st period work)?   If you can explain your step (2) as detailed as possible (remember I have no domain)  and it works, I will award you the points.  Thanks.
0
 
LVL 2

Expert Comment

by:tztrh
Comment Utility
if you create simple user (restricted) it will have his own My Documments folder. I don't understand why should he redirect this folder to another location.
He only needs to create user account and that should be enough. everyone will login to this account and work in it. only thing he should do is to disable shutdown/restart to that account to prevent booting with another OS (knoppix). if that is enabled for user profile nothing will prevent someone to boot from CD and take control of computer with another OS.
0
 
LVL 14

Accepted Solution

by:
dlwyatt82 earned 500 total points
Comment Utility
Many of the previous comments clearly did not read jschreiber's requirements - he plans to have 40 individual user accounts (with separate My Documents folders, each secured against access by other users).

jschreiber, I would recommend the following steps:

First, modify the default permissions on your drives. On a Windows 2000 Professional PC, odds are they are set to Full Control for Everyone by default. To change this, log on as the Administrator account and perform the following steps:

1) In My Computer, Right click on your C:\ drive, select Properties.
2) Click the Security tab.
3) Click Add
4) From the list of available users or groups, select the group named "Users", click Add, and click OK.
5) This new entry should have "Read&Execute", "List Folder Contents", and "Read" permissions checked by default. Leave these settings.
6) Click Add again.
7) This time, select the Administrators group.
8) Allow Full Control for Administrators.
9) Highlight "Everyone", and click Remove.
10) Click OK.

This will secure the hard drive from tampering and prepare for the steps which follow. At this point, you should verify that each user profile in "c:\documents and settings" still has the correct permissions (The Administrators group, possibly the SYSTEM account, and each individual user should have Full Control rights to their own profile folder. The Everyone and/or Users grops should NOT be present in the Access Control List for profile directories within Documents and Settings).

Next, configure Group Policy to enforce the system settings you mentioned, as follows:

1) Select Run from the start menu, and type "gpedit.msc". This opens the Group Policy MMC snap-in.
2) Configure the policies you want to enforce - the types of policies you described (Internet Explorer options, Desktop wallpaper, etc) can be found in the Administrative Templates section under User Configuration. Experiment with these a bit to get a feel for what you would like to configure via Policies. Feel free to post more questions about Group Policy here if you would like some more info.

Now, you are ready to create the user accounts for your students. When creating these accounts, make sure they are only members of the Users group. They will automatically have a profile directory created which gives them a My Documents folder which only they (and you, as the system Administrator) have access to.
0
 
LVL 14

Expert Comment

by:dlwyatt82
Comment Utility
One other area you'll want to view in the Group Policy snap-in is User Configuration -> Windows Settings -> Internet Explorer Maintenance. This is where you can configure policies to enforce Favorites, Home Page, etc (in the URLs section).
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
This video discusses moving either the default database or any database to a new volume.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now