Solved

Group Policy Settings

Posted on 2011-02-21
1
324 Views
Last Modified: 2012-08-13
I need someone to step me through setting up Group Policy restrictions. I thought I had them set correctly but evidently not. The situation is this - we have a school network running Windows Server 2003 and all the clients running Windows XP Pro. The goal is to restrict the students from saving profile changes when they log out and to prevent them from installing any applications. There is an OU called School Users with a sub-group called Students and that has sub-groups by grade level. Do I need to set these restriction at the main OU level? And could someone step me through what I need to do? I must be missing somehitng because what I did did not work and students profiles are growing way beyond what we want.

Thank you!1

Robert
0
Comment
Question by:RobertEhinger
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 12

Accepted Solution

by:
Navdeep earned 500 total points
ID: 34946685
Hi,

Normal active directory accounts would restrict users from installing any applications.
For profiles. You need to make them mandatory profiles. So that when the changes are made they won't get saved.

You can check the below mentioned article to do the same
http://support.microsoft.com/kb/307800

Also using GPO
Computer Configuration--->Policies--->Administrative Templates--->System--->User Profile--->Prevent Roaming Profile changes from being propagated to the server

It makes profiles mandatory by preventing system from updating the change to the server. This setting have the same effect with renaming NTUSER.DAT to NTUSER.MAN for a roaming profile.

The GPO would be applied to that OU in which your student accounts are present.

Hope this will help you.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NTP Servers 4 48
Local admin account 3 43
ADFS:  Step by Step to enable MFA with ADFS 16 44
Office 365: Assigning MailboxPlan to a mailbox 8 23
In-place Upgrading Dirsync to Azure AD Connect
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question