Kelvin Beaton said:
Thanks for the reply.
I check the user I was questioning and found she was part of
the local
Administrators group. I can't remember why she was setup that
way, but have
removed her and we'll see what problems that might cause.
Where can I find info on "Use Mandatory profiles that delete
on logoff"? I
have the users accounts set to store on the network. I like
this so they can
login anywhere and have their email and documents. I'm not
sure I would want
them to delete on logoff.
I'd be curious to hear your thoughts on the profile topic.
Thanks
Kelvin
> > How can restrict users from installing things like
Yahoo
> > toolbars and the
> > like?
> >
> > I'm also having trouble with them installing
screensavers.
> >
> > Any help would be appreciated.
> >
> > Thanks
> >
> > Kelvin
Hi,
I use Mandatory Profiles in my Windows 2000 Server. Basically they are
roaming profiles that a user can’t modify. The My Documents is
redirected to a Home Directory share on the server with Group Policy
so it isn’t part of the profile. I redirect the Favourites to the
server share as well using a VBScript or modifying the Mandatory
Profile in regedit.
Basically I create a profile using my directions on my website
http://www.sd61.bc.ca/windows2000/
I then allow "read" only access to the roaming profile and change
the user.dat to user.man. In Active Directory I point the users
profile to the share I created with the profile in it. I use group
policy to redirect the Users home folders. To make any additional
modifications like redirecting the Favourites I open Regedit, do a
"load hive" under HKUsers and then load the user.dat to modify. The
Fav location in in
software-microsoft-windows-currentversion-Explorer-Shell Folders and
User Shell Folders. Eg. I change to H:\
This may be too restrictive for your user though. Removing from admin
group may do the trick. To find out what registry keys and files need
’write’ access for certain programs, I use this cool program called
inctrl5
http://www.sd61.bc.ca/windows2000/downloads/inctrl5.zip to
scan the HD (logged in as admin), run the program, and scan the HD
again recording any files/keys modified.
I have gotten pretty much every program to run under Read Only Access
by simply giving write access to only one or two files or registry
keys. All my users have Read Only on the whole HD.
Cheers,
Lara