pawankk
asked on
(URGENT) Delete the profile of user on login and logoff
In windows 2003 Domain (GPO)Is there any policy or restirction through which the profiles( local setting temp, temp inteernet files, history of the users) can be refreshed and deleted on login automticaly if yes how, it can be applied?
Is there any policy through which we can restirct users from running setup or installing any files or spywares on the sytem or registry. If there is any policy or user restirction then kindly tell me how is it possible
ASKER
machine_shin
GPO Sysytem> User pofiles i Have tried it but there is no option as such to delete the History, Temporary internet files or Temp folders on every login can it be used though Login script can u give me complete codes and way to configure login script as I am a layman to it.
Alowed apllications i have to completly list down the softwares taht can be executed and list will go to is there any way to block msi, or setup or to lock registry so that any application files caanot be registred o installed on the PC
GPO Sysytem> User pofiles i Have tried it but there is no option as such to delete the History, Temporary internet files or Temp folders on every login can it be used though Login script can u give me complete codes and way to configure login script as I am a layman to it.
Alowed apllications i have to completly list down the softwares taht can be executed and list will go to is there any way to block msi, or setup or to lock registry so that any application files caanot be registred o installed on the PC
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you created the users in domain controller ( active directory serices with DNS server) and at client side they are loging with domian user then there is already restriction for installationapplications or to make any change the windows control panel settings .menas it needs the administarive rights....ok
how are you getting on?
ASKER
Machine
1. I have redirected the my documents and desktop folders to a different drive can i give full path of that folders in login script then default user profile path ""%userprofile%\"
2. I want to make printer default and install on every login can i give the vbscript commands in same login script.
3. i want that all the files of all users working goes in a single folder with specified user permissions can it be possible and ant to restirct all other folders and drives for user access an want to restore the PC by deleting all history, documets, desktop, temp, temporary internet files all accessed by any user ad make the pc fresh fo the new user if is posoibl how i can proceed wioth y problem.
1. I have redirected the my documents and desktop folders to a different drive can i give full path of that folders in login script then default user profile path ""%userprofile%\"
2. I want to make printer default and install on every login can i give the vbscript commands in same login script.
3. i want that all the files of all users working goes in a single folder with specified user permissions can it be possible and ant to restirct all other folders and drives for user access an want to restore the PC by deleting all history, documets, desktop, temp, temporary internet files all accessed by any user ad make the pc fresh fo the new user if is posoibl how i can proceed wioth y problem.
ASKER
Machin__Shin
thanx buddy for the login script i tried it as log off script but have a problm in it it does not delete hidden folders like Application Data, Print hood is it posible to change there attributes unhide and system and then delte these folders as i want that very time user login the profiles are created automatically
thanx buddy for the login script i tried it as log off script but have a problm in it it does not delete hidden folders like Application Data, Print hood is it posible to change there attributes unhide and system and then delte these folders as i want that very time user login the profiles are created automatically
I've got a couple more Japanese Exams to do in the next few days. I will give you more advice after that.
ASKER
machin_Shin
best of luck for ur exams buddy
waiting for ur exams to be succesfull
and then my probs will be sorted
best of luck for ur exams buddy
waiting for ur exams to be succesfull
and then my probs will be sorted
ASKER
excpet mchin no one here to rply the queries ..i think machin is stil busy in exams
You can add the attrib command into the loging script if you want. But if you are trying to remove the entire profile every Login you will probably encounter the issue where the files are still being used.
( command = attrib *.* -s -h -r /s/d)
The users shouldn't mind seeing stuff from those directories and I doubt you want to redo the entire thing from scratch everytime. Just make it a set profile that you like on the roaming profile under non-cached mode and delete or clear said directories if you want to. but easiest is to make the profiles Mandatory.
In order to do it set up your profile as you like it change the ntuser.dat extension to NTuser.man and they cannot change the background or the registry for that user file.
And for cleaning your net files and what not maybe trial out
http://www.download.com/ZeroNetHistory-2005/3000-2248_4-10540287.html?tag=lst-0-2
I only hope I did well on my exams I think I passd all but maybe the listening. (totemo hayai hanasu koto desu yo)
( command = attrib *.* -s -h -r /s/d)
The users shouldn't mind seeing stuff from those directories and I doubt you want to redo the entire thing from scratch everytime. Just make it a set profile that you like on the roaming profile under non-cached mode and delete or clear said directories if you want to. but easiest is to make the profiles Mandatory.
In order to do it set up your profile as you like it change the ntuser.dat extension to NTuser.man and they cannot change the background or the registry for that user file.
And for cleaning your net files and what not maybe trial out
http://www.download.com/ZeroNetHistory-2005/3000-2248_4-10540287.html?tag=lst-0-2
I only hope I did well on my exams I think I passd all but maybe the listening. (totemo hayai hanasu koto desu yo)
Oh and by the way I should have mentioned the user can actually change the background and what not but when they log back in everything is reset.
ASKER
Machin
thanx buddy
I have tried these attrib command before and was successful in deleting other folder through log off script except these folders Application Data, Local Setting, and files Ntuser.dat, ntuser.log, ntuser.ini.
I have told u my purpose is that i want to refresh the profile and registry of each user. Will mandatory profile will work is there any resource for mandatory and roaming profiles and what is the difference between them.
thanx buddy
I have tried these attrib command before and was successful in deleting other folder through log off script except these folders Application Data, Local Setting, and files Ntuser.dat, ntuser.log, ntuser.ini.
I have told u my purpose is that i want to refresh the profile and registry of each user. Will mandatory profile will work is there any resource for mandatory and roaming profiles and what is the difference between them.
A mandatory profile locks the User registry against change. It doesn't save it to the Profile on Lo off. And You can have Roaming Mandatory Profiles.
This should explain it and it should suit your needs.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/policy/policy/mandatory_user_profiles.asp
This should explain it and it should suit your needs.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/policy/policy/mandatory_user_profiles.asp
ASKER
Machin
i have renamed the individual
ntuser.dat located in c:\documents and settings\user1 folder to ntuser.man of each user but still the changes made to
internet explorer
home page
internet explorer toolbars are still active is there any way to disable them
secondly i want to make the registry read only so that no user changes are saved in registry of windows is there any way out.
i have renamed the individual
ntuser.dat located in c:\documents and settings\user1 folder to ntuser.man of each user but still the changes made to
internet explorer
home page
internet explorer toolbars are still active is there any way to disable them
secondly i want to make the registry read only so that no user changes are saved in registry of windows is there any way out.
try logging out then logging back in......you might notice it's all back to the same.
In regard to the additional stuff those are controllable through GPO's.
In regard to the additional stuff those are controllable through GPO's.
As for restricting users from installing things maybe in GPO, Run Only Allowed Applications from
User Configuration->administrat
Or just put them in a restricted User group.
a host file that can be replacated via WINS or just applied to the local machine from http://www.mvps.org/winhelp2002/hosts.htm
Usually stops most spyware.
Also you could try using an antispyware util from www.pctools.com or www.webroot.com. Both are among the best anti-spyware utils.