Need a little advice on mandatory profile setup

CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
So, I have been tasked with setting up a mandatory profile for non employees who use our workstations. The mandatory profile should only have Internet explorer and adobe reader in the start menu and nothing else. The profile should also exclude the desktop. For the most part the mandatory profile works but the issue i'm running into is that "all users" items from C:\documents and settings\all users\desktop and C:\documents and settings\all users\start menu are showing up in the mandatory profile. These workstations are running windows XP and I am not to use GPOs to get this done. How can I hide the all users stuff from accounts that log in with the mandatory profile. This profile is on a network share and the profile path is set in AD for these users.
Currently reading: Network Warrior, Unix Network Programming by Richard Stevens

Comments

  • TackleTackle Member Posts: 534
    Security Permissions on the All users folder maybe?
  • ClaymooreClaymoore Member Posts: 1,637
    CodeBlox wrote: »
    These workstations are running windows XP and I am not to use GPOs to get this done.

    Here's a stack of wood and a box of nails, but you can't use a hammer to build anything.

    A GPO is the tool to get this done. If you want this kiosk to be a standalone workstation and not domain joined, you can still use local group policy to configure the settings. Not only does a GPO adjust the settings, it enforces them to either prevent changes or will reapply the settings.

    You should consider running Internet Explorer in kiosk mode as the shell instead of Explorer. You will still need to lock down other settings other objects like Task Manager and the command prompt to prevent users from browsing/launching other applications. If you were running a modern operating system you could use AppLocker and restrict applications further.

    Internet Explorer Kiosk « The Lazyadmin.com
    How to use Kiosk Mode in Microsoft Internet Explorer
    AppLocker Policies Deployment Guide
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    LOL! It's not a Kiosk for just anyone to use. What I AM gonna do today is restrict the user to that one workstation and delete the all users stuff.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    Bump... Any other thoughts about hiding "all users" stuff from a single user or should I resort to prodding around in the registry for HKCU?
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
  • Repo ManRepo Man Member Posts: 300
    Can you use local GPO's?

    What about setting the folder to hidden then doing a local GPO to disable folder options?
  • drkatdrkat Banned Posts: 703
    Are the users logging into the machine the same group of people and are they sharing a common logon?
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    I don't see any issue with local GPOs, I just don't think the sys admins are gonna use GPOs in the domain (He's saying it used to work without GPO until someone messed it up). These are different people logging into different workstations. They all are in their own OU in AD.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
Sign In or Register to comment.