Controlling User profiles and Desktop

william

Distinguished
Apr 1, 2004
474
0
18,780
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have a Server 2003 Server, XP Pro Workstations, Trying to setup a secure
desktop for each user no matter which station they sign onto. I only want
them to do the Icon's that I setup for them. I don't want to give them any
way to change anything. Basically lock down the workstation. Does anyone
have a place I can get like a checklist of things and permissions to put into
practice.
 
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"William" <William@discussions.microsoft.com> wrote in message
news:C7BBDA20-C04E-453A-B2ED-31DA0DDD3A0E@microsoft.com...
> I have a Server 2003 Server, XP Pro Workstations, Trying to setup a
secure
> desktop for each user no matter which station they sign onto. I only want
> them to do the Icon's that I setup for them. I don't want to give them
any
> way to change anything. Basically lock down the workstation. Does anyone
> have a place I can get like a checklist of things and permissions to put
into
> practice.

I do this kind of work for a living and have successfully set up
multi-office networks of twenty-five to fifty people. It's pretty easy
actually, and these networks have stayed up for two years so far, without a
virus or spyware outbreak in that time.

Because I get paid to do this I'm not going to spout off a cookbook to a
newsgroup. But you can start from here:

http://www.pan-am.ca/antiwindowscatalog/?mode=rant&id=7

....and then see about using this technique in a Windows Domain environment.
Think about including Roving Profiles and you'll be on your way.

--
PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc>
Prevent problems before they happen and help others avoid bad design.
<http://www.pan-am.ca/antiwindowscatalog/>
 
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

If you haven't done so already, post this question to one of the
server newsgroups. The Windows XP part of your question is easy,
it's the server part that's tricky.

Here's a condensed version of what you have to do:

1. Create a custom user profile. Here are a few articles that you
might want to take a look at:

How to create a custom default user profile
http://support.microsoft.com/?kbid=319974

Customize the Default User Profile in Windows XP
http://windowsxp.mvps.org/customprofile.htm

2. Set up mandatory user profiles on your server. Take a look
here for more info:

http://support.microsoft.com/?kbid=307800

Mandatory profiles are by definition roaming profiles. You can
read some recommendations for working with roaming profiles here:

http://tinyurl.com/6225w

If you do nothing else with respect to roaming profiles, redirect
the My Documents folder to reduce logon time.

Good luck

--
Nepatsfan
"William" <William@discussions.microsoft.com> wrote in message
news:C7BBDA20-C04E-453A-B2ED-31DA0DDD3A0E@microsoft.com...
>I have a Server 2003 Server, XP Pro Workstations, Trying to
>setup a secure
> desktop for each user no matter which station they sign onto.
> I only want
> them to do the Icon's that I setup for them. I don't want to
> give them any
> way to change anything. Basically lock down the workstation.
> Does anyone
> have a place I can get like a checklist of things and
> permissions to put into
> practice.