• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 279
  • Last Modified:

Group Policy settings for Windows XP Clients

I have a few settings I would like to set on our Windows XP Clients. These settings should be made by using a group policy (GPO). No manual configuration or scripting through a login script is acceptable for our customer. The most of the settings I find an already defined policy for but for the following I am unable to find this:

1. I would like to set the Windows sound scheme to "No Sounds" and block user changes to this.
2. I would like to set the default desktop wallpaper for all users to "None" and block user changes to this.
3. If this does not affect the ability to login off-line with your domain user and password, I would like to remove any cached domain and Kerberos passwords on the computer.

Any help of the policies above is much appreciated.
1 Solution
You should be able to use GPO's for #2 with no problem.  In the default user section is where you will find the settings for wallpaper and the ability to hide the different tabs in desktop settings.  (I think that desktop settings is in the user section, but I might be wrong.)

In the computer settings you can set the number of logins to be cached.  This will remove the user's profile from the computer on logout, however the user will not be able to get into the workstation unless he is attached to the domain.  Probably not a good thing in your case.  BTW, the user's password is not cached anywhere, there is a hash that is cached, but that is not the actual password.

I don't know about #1, however it wouldn't suprise me that "sounds" can be controlled by using GPO's.  I would look in the User Section of the GPO editor for this also.
MikaelErikssonAuthor Commented:
I did know that I was supposed to use GPO and configure the user settings area. I was looking for a slightly more specific answer of the exact configuration though. Thanks anyway but I found the settings for the wallpaper already.

About the stored password hashes: after a bit more reading I have decided to leave these on the PC. If I remove the hashes the users will not be able to logon to the PC without connection to a DC but as I understand this means a security risk.

I am still working on a solution for the No Sound policy. I have created my own .adm file and are trying to set the registry value through that file, still a bit configuration to do before I know if this works or not. Any help is much appreciated.

A new request has showed up. My customer wants me to remove/prevent running Outlook Express from the client PC's (Windo0ws XP SP2). Is there any way to do this through a group policy?
To disable outlook express, create a software restriction policy for msimn.exe

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now