How to lockdown workstations using group policy

Hello - I have a classroom of about 40 computers that have different various users accessing the machines at various times of the day.  I have some smarty pants students that like to change wall paper, access the command prompt, remotely shutdown machines, etc.  I know that I can run gpedit.msc to change the various user options, but is there a way to do it from the server so that I only have to do it in one location, and have it affect or change the workstations?  It seems like when I do it from the server, it only affects the server. I'm probably not looking in the right place, but I value your input and ideas.
The server is a windows 2003 small business server, with active directory, and all the students log in as "Student" one username, pretty simple.  All of the workstations are windows xp sp-3.

Thanks in advance.
765techAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wmeerzaCommented:
Heres a pretty straight forward atticle to start you off.
http://articles.techrepublic.com.com/5100-10878_11-1059493.html

0
acl-puzzCommented:
when you open gpedit.msc from run or cmd its for only local pc

You need to have an active directory for this after making this all pc will join this domain and then you will apply these policies to this domain suppose xxx.com"s GPO by right clicking in active directory and users options in administrative tools and all machines who you attached to this  domain will be affected by group policies

so it wil make this process centralize to one server 2003 or 2008

dcpromo is the command to start making an AD domain

Cheers
 
 
0
Malli BoppeCommented:
Create a seperate OU for this 40 computers and move them into the new OU .Now create a group policy to restrict on what users can do.You can really tighten down on what students can do.
Also make sure that none of the users or local admins on the machines.If they are any, they can be removed by using group policy.
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html 
You can also use the steadystate  in addition to the above.
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx 
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
765techAuthor Commented:
Thanks for your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.