Profile Issues

StBenet
StBenet used Ask the Experts™
on
Hi all, not sure if any of you have came across this before, however, I will explain.
 
We run a windows XP/Windows 7 Network with Server 2008 DC and 2008 functional level for AD/GP.

We use mandatory profiles so that staff and students can roam from PC to PC and see exactly the same things. However, it has been brought to our attention by a student that when logging on to the domain as themselves, they can unplug the CAT5 cable at a certain point at which Windows will use what appears to be a combination of their own profile and the default profile which opens everything up on the desktop and in the start menu. Obviously, this is a security risk and therefore I am wondering if anyone knows if there is a way when there is a sudden loss of network connectivity, the PC simply will not continue to process the logon and returns them to the logon screen or something along those lines.
 
Thanks in advance
 
David
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Brian BEE Topic Advisor, Independant Technology Professional

Commented:
If the system cannot load the mandatory profile, it will create a default profile instead. In order to secure this, you will need to create some active directory system policies (as opposed to user) to secure the system. Once applied, these will take effect even if the system is not on the network.

Author

Commented:
Hi, thanks for that.  Do you know which policies/settings would need to be applied?  We already have "always wait for network" selected under system/logon.

Thanks

David
Brian BEE Topic Advisor, Independant Technology Professional

Commented:
I would say create a policy to control what shows on the desktop, screen saver and system lock, plus anything else you don't want people to see. You can pretty much control every aspect of windows 7 with a 2008R2 AD policy.
Commented:
Thanks TBone2K, we do that anyway, when the students log on normally, this works very well, it is when they unplug the network point 3 seconds after logging on, it loads a partial mandatory profile from the network, and also some of the default profile that is stored locally on the PC.  The main issue we were having was with a piece of software called Netsupport, because the students were messing with the system when logging on, they were able to access this software and take over other computers screens around the school which was obviously causing issues.  I have found a way around that issue by adding explicit deny permissions to the Netsupport folder within program files, and this does work.  The other thing we are looking at is lockable CAT5 connections so that the CAT5 cannot be unplugged without the use of the key.

Thanks for your help.

David

Author

Commented:
I found a way around the issue as explained in my reply

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial