how to lock down desktop for student users
Posted on 2008-10-20
I have 6 labs in my school. I use one login for these computer. it is setup as a roaming profile.
I am currently setting up OU's for each lab. This way I can map printers, and install specific programs.
The problem I am running into is when I push out programs through GPO, because of the profile that has been made a MAN profile, the option on the start menu and desktop disappear.
What I would like is a better way to lock down the desktop, so that the users cannot uninstall any programs or delete or change any of the preferences on the desktop. Basically I just want them to be able to use it, not change anything.
I know MAN profiles is one way to do it. But this is gonna get tedious remaining profiles after new programs are installed. To go through each and update the profile. I have to use different profiles, because of different programs on each lab computer. Hopefully this makes sense to someone.
Just to summarize
1. Lock down desktop, so users cannot uninstall anything nor change any of the desktop preferences.
2. A solution that doesn't involve roaming profiles.
3. A way to map printers depending on which OU the computer is located. If possible I would like to change the name of the printer, so the students understand better.