Solved

Group Policy and AD 2003

Posted on 2009-06-29
3
211 Views
Last Modified: 2012-05-07
Hello,
In AD WIndows 2003 I want to create a new container with a group policy so a user created on this container will have the following behavior:

When user open a session on a XP Client, he will have a very limited access to this PC, no control panel, to acces to C drive, no possible to store files on desktop. User will only be able to save files to "my documents". Other feature required: when user open a session, an application will be launched automatically, and all other application (in start/program files) will be hidden from user

How do I create my group policy ? Any written document with examples ?
Thank you
0
Comment
Question by:gadsad
  • 2
3 Comments
 
LVL 15

Accepted Solution

by:
Rob Stone earned 500 total points
ID: 24735943
It sounds like you want to use GPO and Mandatory Profile.

Create a new profile and lock it down how you wish with the view. Then copy this to the profile server and renam ntuser.dat to ntuser.man.  They will not be able to change the desktop or any other profile settings then.

You can also have the application set in the users startup folder for the application to launch when they log in.

You can map the user drive to their my documents if it's a network share otherwise the above method won't be any good.

For removing the control panel, browse to the following when creating the GPO:
User Config > Admin Templates > Control Panel > Prohibit access to the Control Panel.
0
 

Author Comment

by:gadsad
ID: 24736154
Very interesting but I am not sure how to do it (block the profile, rename the profile...)
Do you have a technical document which can describe in detail all this? It would be great!
Thank you
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 24886833
Here is a link for the Mandatory Profiles.  Remember to have it configured how you want it for all the users who will use it and then copy the profile to a network share:

http://technet.microsoft.com/en-us/library/cc786301%28WS.10%29.aspx
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now