Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Group Policy Settings

Posted on 2011-02-21
1
Medium Priority
?
337 Views
Last Modified: 2012-08-13
I need someone to step me through setting up Group Policy restrictions. I thought I had them set correctly but evidently not. The situation is this - we have a school network running Windows Server 2003 and all the clients running Windows XP Pro. The goal is to restrict the students from saving profile changes when they log out and to prevent them from installing any applications. There is an OU called School Users with a sub-group called Students and that has sub-groups by grade level. Do I need to set these restriction at the main OU level? And could someone step me through what I need to do? I must be missing somehitng because what I did did not work and students profiles are growing way beyond what we want.

Thank you!1

Robert
0
Comment
Question by:Robert Ehinger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 12

Accepted Solution

by:
Navdeep earned 2000 total points
ID: 34946685
Hi,

Normal active directory accounts would restrict users from installing any applications.
For profiles. You need to make them mandatory profiles. So that when the changes are made they won't get saved.

You can check the below mentioned article to do the same
http://support.microsoft.com/kb/307800

Also using GPO
Computer Configuration--->Policies--->Administrative Templates--->System--->User Profile--->Prevent Roaming Profile changes from being propagated to the server

It makes profiles mandatory by preventing system from updating the change to the server. This setting have the same effect with renaming NTUSER.DAT to NTUSER.MAN for a roaming profile.

The GPO would be applied to that OU in which your student accounts are present.

Hope this will help you.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question