XP Pro clients using a Win 2k Server 1

[crankcaller]

Hi.

I work in a public library where we are currently installing new pc's for public use (across all the branches). The client PC's use Win XP Pro and the server uses Win 2K.

Obviously the customers who use these will be `restricted users` so they cannot install software and change the settings this stops. my question is this:

We wish to lock down the pc's more than this i.e. stop saving to the hard disk other than a designated folder(My Documents), Stop the homepage url changing (as they tend to become

http://www.porn.com

- gotta love those teenagers...).

Is this possible using system policies/profiles - which i'm aware of but don't know much about - or would we have to use a third party piece of software like deepfreeze.

Our IT Dept would obviously set this up - but I'd like to know what i'm talking about when I ask them.

We have a booking system that logs each user on as pc1 etc so we won't be using roaming profiles.

thanks very much,

Martin

 

[SuperJon]

Hey Martin, these restrictions can be put in place using group policy.

Do you have an active directory Domain ?

 

[crankcaller]

*hmmmm* dunno.

(just had a look on MSDN library to see what that is!)

possibly. all the pc's have a name eg branch2-pc1. These names never change - just the ip's. the PC's log onto the one server using a specific domain.

 

[SuperJon]

What I am getting at my friend is how you enforce these restrictions.

If you do have a active directory domain then the restrictions can be enforced thoughout the entire domain with a group policy (less work ). If there is no active directory then each computer with have to have its local policy set to restrict the relevant users.

 

[crankcaller]

pretty sure it's an active directory domain - asked someone who *should* know.

so how do you go about it ? can you specify in the group policy that users can only write to 1 folder ? and will the group policy also allow you to lock the url in the homepage ?

you're making my week here superJon if this is the case.
As it stands on our old pc's I have to go round clearing stuff of em every couple of days - which is very time consuming. We were told we'd need 3rd party software if we wanted to do this.

 

[SuperJon]

What you want to do is entiry feasable.

With active directory in place you can roll out a policy that will do everything you want to do here.

Active directory is a large chunk of domain administration and it would be hard for me to cover it fully.

What I would suggest is that you or the techinical person looking into this does ..is to gain a understanding of how to use active directory.

It will take a few hours to get the undersatnding of how AD works but I think it would be wise to do this now as it will help u alot in the future.

 

[SuperJon]

Just so u get a clearer idea.

I am assuming the computer you are on now is either XP or Win2000. ( doesnt have to be the server )

Click Start/ Run / gpedit.msc

That will bring up the Local Group policy Editor.

Click USER CONFIG then ADMIN TEMPLATES / WINDOWS COMPONENTS

have a look in there and that will give u some idea of the amount of configuration option you can apply to things in your domain.

 

[crankcaller]

had a look at that
(on my own pc in the house running 2k)

lots to see...

I saw the field to stop the homepage being changed,
do you know off hand the one that would stop writing to any folder apart from `My Documents`

thanks *very* much.

 

[j3w3ll]

If you dont want writing to the HDD why not set up NTFS permissions and disable the write permission on the C:\