Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how to lock down desktop for student users

Posted on 2008-10-20
9
Medium Priority
?
792 Views
Last Modified: 2013-11-25
I have 6 labs in my school. I use one login for these computer. it is setup as a roaming profile.

I am currently setting up OU's for each lab. This way I can map printers, and install specific programs.

The problem I am running into is when I push out programs through GPO, because of the profile that has been made a MAN profile, the option on the start menu and desktop disappear.

What I would like is a better way to lock down the desktop, so that the users cannot uninstall any programs or delete or change any of the preferences on the desktop. Basically I just want them to be able to use it, not change anything.

I know MAN profiles is one way to do it. But this is gonna get tedious remaining profiles after new programs are installed. To go through each and update the profile. I have to use different profiles, because of different programs on each lab computer. Hopefully this makes sense to someone.

Just to summarize

1. Lock down desktop, so users cannot uninstall anything nor change any of the desktop preferences.
2. A solution that doesn't involve roaming profiles.
3. A way to map printers depending on which OU the computer is located. If possible I would like to change the name of the printer, so the students understand better.

Thanks
0
Comment
Question by:Con366
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 3

Expert Comment

by:ExTxCx
ID: 22760991
All of what you described can be accomplished using Group Policy.  Since you already have the OU structure in place, create additional ous for computer accounts. domain>LAB1>computers>accounts.

This will allow you to have differing policies (or the same) for each grade/lab.  Here is a link to an article that may help.

http://articles.techrepublic.com.com/5100-10878_11-1059493.html 
0
 

Author Comment

by:Con366
ID: 22761110
So if I push a program through GPO, and I have a GPo set to not save on exit. Will it not save the new programs on the start menu?
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 22761731
MS has an option that will do this.
SteadyState or similar.

I'll check
 
I hope this helps !
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 63

Accepted Solution

by:
SysExpert earned 2000 total points
ID: 22761739
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 22761755
0
 

Author Comment

by:Con366
ID: 22763944
this will work, but there's gotta be a GPO that locks the desktop. Save on exit doesn't stop from being able to move icons, delete them, etc
0
 

Author Comment

by:Con366
ID: 22767134
Even if I use steady state, and choose the option to lock the profile to prevent changes. i am still wondering if I push apps through GPO will it save properly.

This would also require me to re image all these machines. And with no central control of steady state. It would require me to go to every machine, when i make a change to the profile.

0
 

Author Comment

by:Con366
ID: 22767415
Even if I use steady state, and choose the option to lock the profile to prevent changes. i am still wondering if I push apps through GPO will it save properly.

This would also require me to re image all these machines. And with no central control of steady state. It would require me to go to every machine, when i make a change to the profile.

0
 

Author Comment

by:Con366
ID: 22960572
Though everyone quit responding to this question. i will award the points
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question