Solved

joining XP workstations to domain, but need to keep local settings

Posted on 2004-08-19
3
315 Views
Last Modified: 2010-03-18
I have 25 workstations that I am joining to my organization's domain. While I have the ability to add machines to the domain and have local admin privileges, I do not have admin-level priveliges on the domain, nor may I config Active Dir GPOs, etc. The machines are running XP Professional, static IP, and have common software installed (MS Office 2003, Photoshop, etc). In addition, these workstations are equipped with a hard drive protection device called Centurion Guard, which reverts the workstation back to it's previous state each time is it rebooted (e.g. you initially setup the machine how you like, lock it, and after that nothing will ever be saved to disk after a shutdown or reboot.)

So here is the problem: these machines need certain windows preferences and application program configurations - everything from "displaying all hidden files" in Windows Explorer, to  using a certain desktop wallpaper, to changing the auto update feature in Adobe Reader - the full gamut, all pre-configured so a user doesn't have to. Now, with setting up the domain, users will be logging on, and all of those prior configurations and program preferences setup in the past are gone, and each user that logs in must start from scratch. And with the drive protection enabled, any preferences a user saved during a domain session won't be saved!

So, what I am asking is, is there any way I can use my old pre-domain Windows and program preferences so that users won't have to completely start from scratch each time they login via the domain? Can this be done outside of AD? I know you can drop icons and favorites in the "All Users" directory, but I need more.

Is there any solution in this scenario?
0
Comment
Question by:nicu70
  • 2
3 Comments
 
LVL 9

Expert Comment

by:Pentrix2
ID: 11850584
One is doing this through a GPO or manually accomplishing this by individual workstations.  Those are the only 2 options you got.  The first option requirements is domain admin privileges, the second option just requires local admin to the workstations but just a pain because gotta do this for each time it's formatted too.
0
 
LVL 2

Accepted Solution

by:
ihuckaby earned 125 total points
ID: 11853860
The easiest thing would be to ask the domain admins to put said workstations in their own OU, then block policy inheritance there.

I say that's easy, but I suppose that depends largely on the domain admins now, doesn't it?  It could also depend greatly on your overall AD design.

If they're really nice, you can ask them to delegate authority to you for that OU, and then it can become your problem.  You could then make your own policies for all the machines in the OU.  They could also then selectively place domain policies onto the OU, rather than them inheriting everything above them.

You could also ask them to deny "apply group policy" rights to those selected machines, but would have to do that on every policy that messes your machines up.  That can suck if there are a lot of relevant policies.

You can configure local policy, but if they don't allow domain policy to be overridden (and why would they), then you're just going to repeatedly eat domain policy.

If you have draconian sysadmins, then most likely the machines will just have to stay off the domain.
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 11853948
ihuckaby is right and like i was saying too, depending on your organization and the security policies of giving out admin privileges.  but like ihuckaby said, if they're REALLY nice.  most likely, they won't.  for you to get that kind of access even just for 1 custom OU for this situation, it has to get approval from your supervisior and depending on how your company's structure it may even go for further approvals to even get this.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now