Group Policy settings for Windows XP Clients

Posted on 2007-07-26
Last Modified: 2012-08-14
I have a few settings I would like to set on our Windows XP Clients. These settings should be made by using a group policy (GPO). No manual configuration or scripting through a login script is acceptable for our customer. The most of the settings I find an already defined policy for but for the following I am unable to find this:

1. I would like to set the Windows sound scheme to "No Sounds" and block user changes to this.
2. I would like to set the default desktop wallpaper for all users to "None" and block user changes to this.
3. If this does not affect the ability to login off-line with your domain user and password, I would like to remove any cached domain and Kerberos passwords on the computer.

Any help of the policies above is much appreciated.
Question by:MikaelEriksson
    LVL 13

    Accepted Solution

    You should be able to use GPO's for #2 with no problem.  In the default user section is where you will find the settings for wallpaper and the ability to hide the different tabs in desktop settings.  (I think that desktop settings is in the user section, but I might be wrong.)

    In the computer settings you can set the number of logins to be cached.  This will remove the user's profile from the computer on logout, however the user will not be able to get into the workstation unless he is attached to the domain.  Probably not a good thing in your case.  BTW, the user's password is not cached anywhere, there is a hash that is cached, but that is not the actual password.

    I don't know about #1, however it wouldn't suprise me that "sounds" can be controlled by using GPO's.  I would look in the User Section of the GPO editor for this also.
    LVL 1

    Author Comment

    I did know that I was supposed to use GPO and configure the user settings area. I was looking for a slightly more specific answer of the exact configuration though. Thanks anyway but I found the settings for the wallpaper already.

    About the stored password hashes: after a bit more reading I have decided to leave these on the PC. If I remove the hashes the users will not be able to logon to the PC without connection to a DC but as I understand this means a security risk.

    I am still working on a solution for the No Sound policy. I have created my own .adm file and are trying to set the registry value through that file, still a bit configuration to do before I know if this works or not. Any help is much appreciated.

    A new request has showed up. My customer wants me to remove/prevent running Outlook Express from the client PC's (Windo0ws XP SP2). Is there any way to do this through a group policy?
    LVL 3

    Expert Comment

    To disable outlook express, create a software restriction policy for msimn.exe


    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Synchronize a new Active Directory domain with an existing Office 365 tenant
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now