I need some advice and instruction on how best to streamline and secure a new network. I have a new 2008 Standard Server. I have 80+ Students that move around to different classes and in some classes they have computer access and assignments to do on the computer in a variety of programs (Word, Excel, Photoshop, PowerPoint, Typing programs Web browsing, and Printing to classroom computers). There are a total of 30 computers the students have access too during the school day. They are a mix of XP Pro and Vista Business.
I would like the students to have access to only the items that they need and not to anything else. I would like the desktops to all have the same wallpaper, the same desktop icons, the same start menu, the same programs folder list in the start menu. Students should not be able to browse to other students files. I do not want the students to be able to install any programs or make changes to the computer settings (desktop, icon names, screen sizes, etc).
I have the server and three computers (two Vista B and one XPP) in a lab to test the setup of the above requests. I have tried what I thought would be a simple policy to change the background of a OU to a picture located in a server share, but I cannot get it to consistently work (some users it appears and others it does not, and it never shows up on the XP machines). All Student users (so far just a few test student names) on the server have been assigned to the OU named Students and I applied the policy to that OU.
Here are my questions:
1. What would be best for my scenario Roaming profiles where the users application data, Documents, pictures and copied to each machine or Redirected folders where the Documents and Pictures are redirected to the users home folder? Could you point me to a link that explains the way to do each one. (Our campus is large and have one building with 20 student computers connected to a managed switch that has a fiber back bone to the server room and another building with 10 computers that also have a managed switch that has a fiber backbone to the server room).
2. How do I create a policy (s) that allow the desktop to be locked, icons assigned, background assigned and permissions to not change or delete the icons to desktops on both Vista and XPP?
3. How do I create a policy that only shows a limited or customized Start menu? For example I would like a folder on the Programs list named PC Courses that contains links to all of the programs that they would need in that course. I would like to list other programs in te Programs list fr general programs, such as Word, PowerPoint and IE. Is there a way to only display shortcuts to programs that are installed on that PC? For example the Library PC's do not have Photoshop, but the PC Lab PC's do. Can I not have the icon for Photoshop displayed on the Library PC's?
4. I would like to limit the size of each Students profile to 1 GB or less. This is to save on storage space and help increase the load time when logging in.
5. Set a default printer to the computer based on it's location (i.e the library computers only print to the library, the classroom printer prints the the classroom printer (all printers in this case are network printers with NIC cards built in, they are not shared via a PC).
If I can provide more information to help clarify anything I will, just be specific and cordial.