Solved

Profiles, Policies with Server 2008 for XPP and Vista Bus

Posted on 2009-04-13
2
243 Views
Last Modified: 2013-11-05
I need some advice and instruction on how best to streamline and secure a new network. I have a new 2008 Standard Server.  I have 80+ Students that move around to different classes and in some classes they have computer access and assignments to do on the computer in a variety of programs (Word, Excel, Photoshop, PowerPoint, Typing programs Web browsing, and Printing to classroom computers).  There are a total of 30 computers the students have access too during the school day. They are a mix of XP Pro and Vista Business.

I would like the students to have access to only the items that they need and not to anything else. I would like the desktops to all have the same wallpaper, the same desktop icons, the same start menu, the same programs folder list in the start menu. Students should not be able to browse to other students files. I do not want the students to be able to install any programs or make changes to the computer settings (desktop, icon names, screen sizes, etc).

I have the server and three computers (two Vista B and one XPP) in a lab to test the setup of the above requests. I have tried what I thought would be a simple policy to change the background of a OU to a picture located in a server share, but I cannot get it to consistently work (some users it appears and others it does not, and it never shows up on the XP machines). All Student users (so far just a few test student names) on the server have been assigned to the OU named Students and I applied the policy to that OU.

Here are my questions:

1. What would be best for my scenario Roaming profiles where the users application data, Documents, pictures and  copied to each machine or Redirected folders where the Documents and Pictures are redirected to the users home folder? Could you point me to a link that explains the way to do each one. (Our campus is large and have one building with 20 student computers connected to a managed switch that has a fiber back bone to the server room and another building with 10 computers that also have a managed switch that has a fiber backbone to the server room).

2. How do I create a policy (s) that allow the desktop to be locked, icons assigned, background assigned and permissions to not change or delete the icons to desktops on both Vista and XPP?

3. How do I create a policy that only shows a limited or customized Start menu? For example I would like a folder on the Programs list named PC Courses that contains links to all of the programs that they would need in that course. I would like to list other programs in te Programs list fr general programs, such as Word, PowerPoint and IE. Is there a way to only display shortcuts to programs that are installed on that PC? For example the Library PC's do not have Photoshop, but the PC Lab PC's do. Can I not have the icon for Photoshop displayed on the Library PC's?

4. I would like to limit the size of each Students profile to 1 GB or less. This is to save on storage space and help increase the load time when logging in.

5. Set a default printer to the computer based on it's location (i.e the library computers only print to the library, the classroom printer prints the the classroom printer (all printers in this case are network printers with NIC cards built in, they are not shared via a PC).

If I can provide more information to help clarify anything I will,  just be specific and cordial.

Thank you.

0
Comment
Question by:alansean
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 500 total points
ID: 24136842

>> What would be best for my scenario Roaming profiles where the users application data, Documents, pictures and  copied to each machine or Redirected folders where the Documents and Pictures are redirected to the users home folder? Could you point me to a link that explains the way to do each one.

You don't want to use Roaming Profiles for data storage, it's Folder Redirection all the way. This means data is stored and accessed directly from the server, giving very fast and efficient logon/logoff times. Folder Redirection is configured in Group Policy, and is very easy to configure.

>> How do I create a policy (s) that allow the desktop to be locked, icons assigned, background assigned and permissions to not change or delete the icons to desktops on both Vista and XPP?

Create a server share, and configure Desktop redirection to that share. Provided students do not have write privileges to that share, they will have locked down Desktops. You can drop icons into that share to appear on all student desktops, but they won't be able to add to or delete the icons.

Force assigning a background image can be particularly difficult. What I generally suggest is to make your background image as a BMP file, then enable Active Desktop through GPO and assigning that BMP from a network share as the background through that GPO.

>> How do I create a policy that only shows a limited or customized Start menu? For example I would like a folder on the Programs list named PC Courses that contains links to all of the programs that they would need in that course. I would like to list other programs in te Programs list fr general programs, such as Word, PowerPoint and IE. Is there a way to only display shortcuts to programs that are installed on that PC? For example the Library PC's do not have Photoshop, but the PC Lab PC's do. Can I not have the icon for Photoshop displayed on the Library PC's?

Folder Redirection to a "Start Menu" network share would work for the most part. That would, however, show the same shortcuts on all PCs. You could use a Folder Redirection policy for the generic shortcuts which are on all the PCs, but you'd need to use the C:\Documents and Settings\All Users\Start Menu\Programs folder on each PC with Photoshop installed if you just wanted the shortcut to that program to appear on the PCs where it is installed.

>> I would like to limit the size of each Students profile to 1 GB or less. This is to save on storage space and help increase the load time when logging in.

There's probably no need to use Roaming Profiles, so there's no need to limit the actual profile size. You can use quotas server-side (look in File Server Resource Manager, after you've installed the File Server role) to control how large users' documents folders etc. can grow to on the server.

>> Set a default printer to the computer based on it's location (i.e the library computers only print to the library, the classroom printer prints the the classroom printer (all printers in this case are network printers with NIC cards built in, they are not shared via a PC).

Group Policy Preferences would be ideal for doing that. You'd first have to install the Print Server role and map a connection from the server to each printer, then share the printers from the server. You'd need to separate all the Computer Objects into their own OUs based on physical location (an OU for Library, OU for Lab 1, OU for Lab 2 etc.). Then, create a new policy for each location, and configure Group Policy Preferences to push out the printer (\\servername\printer_share_name) for that particular location.

I hate to have to say this, but some of these topics can become very complicated. Can I suggest that if you want to discuss any in more detail, you split them up into separate questions here on the site?

-Matt
0
 

Author Comment

by:alansean
ID: 24138009
tigermatt

Thank you for the reply. I agree that it is a rather long and probably very detailed list of questions.I may still break them up into individual questions, but I first wanted to give a overall picture of what I was doing.

I will try all of your suggestions when I get back to the school and if needed I will create a new question(s).

Thank you
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question