Hello,
What is the best way to administer a Windows 2000 workstation with group policies enables on the network in the Active Directory?
Here's the history.
I have setup a group policy's in my Active Directory to lock down the users desktop, restricting anything that I consider dangerous. I have also setup Roaming + Mandatory Profiles for all users so they can't even move an icon or add a shortcut to their desktop. When they login next time their mandatory profile is restored to the original.
The problem is when I need to add a new icon or shortcut on the users desktop I have to login from their PC as administrator. Delete the copy of the profile that's in their local hard disk, log out Administrator, unlock the desktop via the group policy, log back in as the user add the short cut, log out so their profile is copied to the server, log in as administrator delete the profile on the local hard disk so as not to have multiple copies, lock down the user in the group policy. The user will now have the icon / shortcut available the next time they log in.
There must be an easier way to mange this if you are using a combination of Roaming + Mandatory and group policy profiles?
If anyone has a better solution to control this I would most appreciate it.
Thanks,
Rob
What is the best way to administer a Windows 2000 workstation with group policies enables on the network in the Active Directory?
Here's the history.
I have setup a group policy's in my Active Directory to lock down the users desktop, restricting anything that I consider dangerous. I have also setup Roaming + Mandatory Profiles for all users so they can't even move an icon or add a shortcut to their desktop. When they login next time their mandatory profile is restored to the original.
The problem is when I need to add a new icon or shortcut on the users desktop I have to login from their PC as administrator. Delete the copy of the profile that's in their local hard disk, log out Administrator, unlock the desktop via the group policy, log back in as the user add the short cut, log out so their profile is copied to the server, log in as administrator delete the profile on the local hard disk so as not to have multiple copies, lock down the user in the group policy. The user will now have the icon / shortcut available the next time they log in.
There must be an easier way to mange this if you are using a combination of Roaming + Mandatory and group policy profiles?
If anyone has a better solution to control this I would most appreciate it.
Thanks,
Rob