GPO to lock down computers in a computer Lab

I would like to know in detail if possible which gpo policys i need to change to lock down a pc.
Here is a list of things i would like to do. I would like this to be applied mainly for the "Student" user account.
IF you think i should add more please add them to the list
1.  Icons on the desktop cant be deleted.
2. When they click on start button they can only reboot.
3. IE, Chrome and Firefox, Office and Adobe Reader are allowed.
4. Task manager is disabled.
5. No Right Clicking on desktop so that cant modify background or create shortcuts.
5. Student account cant save any files to desktop and removable usb drives and optical are disabled.

thanks
noclavAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
No MoreConnect With a Mentor Commented:
Remove Task manager - This policy setting prevents users from starting Task Manager.
USER Conf. /admin templates - System-ctrl-alt-delete - remove task manager

Removable storage access - If you enable this policy setting, no access is allowed to any removable storage class.
User Conf. /admin templates - System - Removable storage access  - All Removable storage classes: deny all access

User Conf. / admin templates -Desktop - Desktop Prohibit changes,  - More options here choose

User conf. / Admin Templates - Start menu and Taskbar = you will find a lot of policy options for your needs
0
 
No MoreCommented:
1, Well are those computers use by different users than just Students?

2, Depending on point one to choose combination of user and computer GPO

3, For desktop icons, you could create share folder with icons they only need and redirect it using folder redirection and with not allow change in policy and only read and execute permission for share folder to specific group/users

4, Use Applocker policy to while list those apps, also if you remove Local Administrator rights from students they won't be able to install program anyway

5, Removable devices and task manager is the easy part

Let me know how these computers will be used  and how tight security you want to apply
0
 
noclavAuthor Commented:
thanks for the reply only one user account is used on this computer named "Student" This is a small school with out 3 computers in the lab. I would like to lock this down as much as possible as i am a part time IT guy for them. Less headaches for me the better. They only use the computers mainly for testing. so there is software that i installed for state testing.
0
 
No MoreCommented:
And also User Conf. / control panel - Personalization -  Prevent changing ( multiple options)


Are you deploying that software through group policy ?


Group policy has a lot of options
0
 
noclavAuthor Commented:
at the moment im not pushing software from GPO i would like to but need to test that. For now i just install it.
0
All Courses

From novice to tech pro — start learning today.