Group Policy and AD 2003

Hello,
In AD WIndows 2003 I want to create a new container with a group policy so a user created on this container will have the following behavior:

When user open a session on a XP Client, he will have a very limited access to this PC, no control panel, to acces to C drive, no possible to store files on desktop. User will only be able to save files to "my documents". Other feature required: when user open a session, an application will be launched automatically, and all other application (in start/program files) will be hidden from user

How do I create my group policy ? Any written document with examples ?
Thank you
gadsadAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob StoneCommented:
It sounds like you want to use GPO and Mandatory Profile.

Create a new profile and lock it down how you wish with the view. Then copy this to the profile server and renam ntuser.dat to ntuser.man.  They will not be able to change the desktop or any other profile settings then.

You can also have the application set in the users startup folder for the application to launch when they log in.

You can map the user drive to their my documents if it's a network share otherwise the above method won't be any good.

For removing the control panel, browse to the following when creating the GPO:
User Config > Admin Templates > Control Panel > Prohibit access to the Control Panel.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gadsadAuthor Commented:
Very interesting but I am not sure how to do it (block the profile, rename the profile...)
Do you have a technical document which can describe in detail all this? It would be great!
Thank you
0
Rob StoneCommented:
Here is a link for the Mandatory Profiles.  Remember to have it configured how you want it for all the users who will use it and then copy the profile to a network share:

http://technet.microsoft.com/en-us/library/cc786301%28WS.10%29.aspx
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.