Link to home
Start Free TrialLog in
Avatar of StBenet
StBenet

asked on

Profile Issues

Hi all, not sure if any of you have came across this before, however, I will explain.
 
We run a windows XP/Windows 7 Network with Server 2008 DC and 2008 functional level for AD/GP.

We use mandatory profiles so that staff and students can roam from PC to PC and see exactly the same things. However, it has been brought to our attention by a student that when logging on to the domain as themselves, they can unplug the CAT5 cable at a certain point at which Windows will use what appears to be a combination of their own profile and the default profile which opens everything up on the desktop and in the start menu. Obviously, this is a security risk and therefore I am wondering if anyone knows if there is a way when there is a sudden loss of network connectivity, the PC simply will not continue to process the logon and returns them to the logon screen or something along those lines.
 
Thanks in advance
 
David
Avatar of Brian B
Brian B
Flag of Canada image

If the system cannot load the mandatory profile, it will create a default profile instead. In order to secure this, you will need to create some active directory system policies (as opposed to user) to secure the system. Once applied, these will take effect even if the system is not on the network.
Avatar of StBenet
StBenet

ASKER

Hi, thanks for that.  Do you know which policies/settings would need to be applied?  We already have "always wait for network" selected under system/logon.

Thanks

David
I would say create a policy to control what shows on the desktop, screen saver and system lock, plus anything else you don't want people to see. You can pretty much control every aspect of windows 7 with a 2008R2 AD policy.
ASKER CERTIFIED SOLUTION
Avatar of StBenet
StBenet

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of StBenet

ASKER

I found a way around the issue as explained in my reply