Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 910
  • Last Modified:

Group policy desktop on computers

Hi all, I have a windows 2003 domain.  I am running group policys.  What I would like to do is this...
I have lab systems I want to force a desktop on, but I want to do it by machine not by user so if a user goes to a different lab they will have a different desktop.  Is this possible with goup policy and if so how ???
0
Ritenour
Asked:
Ritenour
  • 7
  • 6
  • 4
  • +2
1 Solution
 
and235100Commented:
I might be wrong - but this option is only available to configure on a per-user basis.

You can still alter settings in User Config.\Admin. Templates\Desktop and \Desktop\Active Desktop - and these will apply for the users in that GPO you edited... - wherever they logon.
0
 
kevin_uk05Commented:
Yes, you can use a policy called Loopback.

Firstly you must have a seperate OU with the Lab PC's in. You need to create a GPO on the OU which is applied first and enable the Loopback policy.
The policy is located under Computer Settings > Administrative Tools > System > Group Policy > User group policy loopback processing mode.

Then create another policy that applied after this policy and set the Desktop policy.

Take a look at these:
http://support.microsoft.com/kb/231287
http://support.microsoft.com/kb/260370
http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1204957,00.html
0
 
and235100Commented:
D'uh - I knew I had forgotten something - good info kevin_uk05...
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
krzywisCommented:
Then you will need to set correct mode: either Merge or Replace.

If I am getting your intentions right you will need to choose Replace.

Kris
0
 
matrixnzCommented:
Hi Routnour

You should also apply these at different OU levels for e.g. Have a Computer OU that has common GPOs set for all Computer than below the Computers OU have your Different Lab OUs set out with the particula GPO set to each one.
i.e.

COMPUTERS OU - General Computers GPO
 - LAB1 OU - LAB1 GPO
 - LAB2 OU - LAB2 GPO
 - Etc..

Cheers
0
 
RitenourAuthor Commented:
This is great info, but how do I pull the icons to the desktop like I could on old 98 systems ?
0
 
matrixnzCommented:
Hi Ritenour

I think you're actually referring to roaming profiles, or more specific not using roaming profiles, basically if you don't have a roaming profile setup than when a user logs on to that system it will be unique.  If you wish to use roaming profiles than what you do is place the shortcuts for e.g. on your lab machine into the All Users Profile that way it's only unique to the computer not to the user.

Cheers
0
 
RitenourAuthor Commented:
The problem is that some teachers need to change the desktop when they want to, that is why I am trying to pull the desktop down from the network. So no matter who logs in they get the same desktop in one lab, but can still go to another lab and get a standard student desktop.  
0
 
kevin_uk05Commented:
Rather than Roaming Profiles i would configure a loopback policy on the Lab OU and configure the User Policy (Folder Redirect) -  From here you can redirect a users desktop from the server, so which ever user logs onto any machine within that lab will receive the same Icons. But if they logon to a machine outside the lab then they get their normal policies applied.
0
 
RitenourAuthor Commented:
I cannot do it on the computer alone.  I brought the computer out of the computer group into a O.U. and applied the settings...nothing... it worded fine when I added a user to the same O.U. argggg.
0
 
kevin_uk05Commented:
The loopback policy within GPO allows for User GPOs to apply to computers. Therefore you would not have to add the individual user to the OU.

Have you followed my instructions at the top, Note #2?
0
 
RitenourAuthor Commented:
Yes I did follow #2.  When I bring in the computer to the OU and apply the settings it does not work.  It did work when I put the user in the OU.  I think I'm missing something.
0
 
matrixnzCommented:
Hi Ritenour

Can you explain exactly what you're trying to achieve?  Because Group Policy doesnt' control Desktop/Start Menu Shortcuts at all, so although the information is good, it's not going to achieve what you require, if I'm reading your posts above correctly.

From your post you want to have desktop/start menu shortcuts unique to one particular machine or group of machines, than another group of machines.  Is that correct?

If so all you need to do is copy the shortcuts to that group of machines C:\Documents and Settings\All Users\Desktop Profile, if your users only have user privleges than they can't change these shortcuts but they can still create shortcuts in their own profile i.e. C:\Documents and Settings\Username\Desktop.  The All Users Profile doesn't roam with users it's dedicated to that machine.  You could create a script to copy the shortcuts and place them into the All Users Profile from the server, you could also use Group Policy Startup Script to run the script, so that it runs with System Rights rather than the Users Rights which won't allow them to place icons into the All Users Profile.

Hope that made sense.

Cheers
0
 
krzywisCommented:
Ritenour
Try gpupdate /force from command line. Reboot is usually required when you move machine account to another OU.

Then try gpresult to make sure it picked up latest changes

Kris
0
 
RitenourAuthor Commented:
The users do not have admin rights on the systems so when I try to copy a desktop down I get access denied.  With the old windows poledit (98) this was not an issue.  I just want to be able to pull a desktop to a computer no matter who ever is logged in.  I dont want it to be usere dependent.  So it has to be applied to the computer.  This is for a school lab so you can see why I need to do this... unless someone has a better idea I would love to try it.
0
 
matrixnzCommented:
Hi Ritenour

If you run your script from Group Policy using Computer Configuration\Windows Settings\Scripts (Startup/Shutdown) assign this to your group of computers, than the script will run before the user logs in and runs as a System User.  The reason you could do this Windows 98 is because all Windows 9x Systems weren't able to run under NTFS, so they were very unsecure it would of also meant that they could make changes to the system at any time.

For your Group Policy Startup Script just use something similar to

Copy *.lnk "C:\Documents and Settings\All Users\Desktop\" /Y

When you setup the GroupPolicy just copy the .lnk files into the GroupPolicy GUID Folder so that you can use the relative link.

Cheers
0
 
RitenourAuthor Commented:
I have the links in a folder and tried the copy command, they dont show up.
0
 
kevin_uk05Commented:
Firstly check that the copy command has worked and the LNK files are now located in the All Users directory.

Secondley check the security on the LNK files in the All Users Desktop folder. Everyone should have at least read access to them, if not then you will need to add another line to your logon script.

Echo Y| cacls "C:\Documents and Settings\All Users\Desktop\*.*" /G Everyone:R
0
 
kevin_uk05Commented:
Actually, instead of

Echo Y| cacls "C:\Documents and Settings\All Users\Desktop\*.*" /G Everyone:R

use

Echo Y| cacls "C:\Documents and Settings\All Users\Desktop\*.*" /G Everyone:R Administrators:F

To ensure that Admins have full access.
0
 
kevin_uk05Commented:
Did you sort this?
0
 
RitenourAuthor Commented:
No, I had to copy links from the desktop out to a server.  I then took off what I didnt need and used a bat file to copy icons back.  I have not found a way to make it work by machine.  I will have time in the summer to see if I can work it out.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

  • 7
  • 6
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now