Archived from groups: microsoft.public.win2000.group_policy (
More info?)
"Kelvin Beaton" wrote:
> Thanks for the reply.
> I check the user I was questioning and found she was part of
> the local
> Administrators group. I can't remember why she was setup that
> way, but have
> removed her and we'll see what problems that might cause.
>
> Where can I find info on "Use Mandatory profiles that delete
> on logoff"? I
> have the users accounts set to store on the network. I like
> this so they can
> login anywhere and have their email and documents. I'm not
> sure I would want
> them to delete on logoff.
>
> I'd be curious to hear your thoughts on the profile topic.
>
> Thanks
>
> Kelvin
>
>
> "lforbes" <UseLinkToEmail@WindowsForumz.com> wrote in message
> news:41d4508a$1_2@alt.athenanews.com...
> > "Kelvin Beaton" wrote:
> > > How can restrict users from installing things like
> Yahoo
> > > toolbars and the
> > > like?
> > >
> > > I'm also having trouble with them installing
> screensavers.
> > >
> > > Any help would be appreciated.
> > >
> > > Thanks
> > >
> > > Kelvin
> >
> > Hi,
> >
> > NTFS is the only way to prevent users from installing.
> However, you
> > can run into problems if you are running specific programs.
> >
> > 1> Users need to be "Users" not administrators
> > 2> Use NTFS - Remove the "Everyone Group". Give "Users"
> Read and
> > Execute over Everything.
> > 3> Use Mandatory profiles that delete on logoff.
> >
> > Reply if you need more specific details
> >
> > Cheers,
> >
> > Lara
> >
> > --
> > http://www.WindowsForumz.com/ This article was posted by author's request
> > Articles individually checked for conformance to usenet
> standards
> > Topic URL:
> >
http://www.WindowsForumz.com/Group-Policy-restrict-users-installing-ftopict242793.html
> > Visit Topic URL to contact author (reg. req'd). Report
> abuse:
> >
http://www.WindowsForumz.com/eform.php?p=740981
Hi,
I use Mandatory Profiles in my Windows 2000 Server. Basically they are
roaming profiles that a user can’t modify. The My Documents is
redirected to a Home Directory share on the server with Group Policy
so it isn’t part of the profile. I redirect the Favourites to the
server share as well using a VBScript or modifying the Mandatory
Profile in regedit.
Basically I create a profile using my directions on my website
http://www.sd61.bc.ca/windows2000/
I then allow "read" only access to the roaming profile and change
the user.dat to user.man. In Active Directory I point the users
profile to the share I created with the profile in it. I use group
policy to redirect the Users home folders. To make any additional
modifications like redirecting the Favourites I open Regedit, do a
"load hive" under HKUsers and then load the user.dat to modify. The
Fav location in in
software-microsoft-windows-currentversion-Explorer-Shell Folders and
User Shell Folders. Eg. I change to H:\
This may be too restrictive for your user though. Removing from admin
group may do the trick. To find out what registry keys and files need
’write’ access for certain programs, I use this cool program called
inctrl5
http://www.sd61.bc.ca/windows2000/downloads/inctrl5.zip to
scan the HD (logged in as admin), run the program, and scan the HD
again recording any files/keys modified.
I have gotten pretty much every program to run under Read Only Access
by simply giving write access to only one or two files or registry
keys. All my users have Read Only on the whole HD.
Cheers,
Lara
Facebook
Twitter
Instagram