I would like to create a computer based policy to customize start menu and
desktop icons for Windows XP users. I know you can do this via a user-based
GPO, but the computers that I need to apply these lockdown group policy
features to are autologin pcs that log into the local worksation, but are
members of a 2003 domain so therefore I need a computer based policy. If
this can't been done via GP, are there other ways. I need to do things like
create a policy that will allow no icons on desktop and nothing on the start
menu.
Thank you.

Howdie!

gsmith@gbmc schrieb:
> I would like to create a computer based policy to customize start menu and
> desktop icons for Windows XP users. I know you can do this via a user-based
> GPO, but the computers that I need to apply these lockdown group policy
> features to are autologin pcs that log into the local worksation, but are
> members of a 2003 domain so therefore I need a computer based policy. If
> this can't been done via GP, are there other ways. I need to do things like
> create a policy that will allow no icons on desktop and nothing on the start
> menu.

You can do that with "loopback":
http://www.frickelsoft.net/blog/?p=22

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.

Thank you. I tried the Loopback policy prior to this posting but maybe I was
doing something wrong. I created an OU called test and then put one computer
in that group that I want the policy applied. I then configured a user based
GPO for the desktop settings on the test OU. I then created enabled loopback
in computer configuration in merge mode on the test OU.

When I go to the computer that is in the TEST OU and log in locally, the
desktop settings that I have created in the GPO do not apply. Am I missing a
step?
"Florian Frommherz [MVP]" wrote:

> Howdie!
>
> gsmith@gbmc schrieb:
> > I would like to create a computer based policy to customize start menu and
> > desktop icons for Windows XP users. I know you can do this via a user-based
> > GPO, but the computers that I need to apply these lockdown group policy
> > features to are autologin pcs that log into the local worksation, but are
> > members of a 2003 domain so therefore I need a computer based policy. If
> > this can't been done via GP, are there other ways. I need to do things like
> > create a policy that will allow no icons on desktop and nothing on the start
> > menu.
>
> You can do that with "loopback":
> http://www.frickelsoft.net/blog/?p=22
>
> cheers,
>
> Florian
> --
> Microsoft MVP - Windows Server - Group Policy.
> eMail: prename [at] frickelsoft [dot] net.
> blog: http://www.frickelsoft.net/blog.
>

I did that prior to the posting but maybe I missed a step. I created a Test
OU and then moved a computer account into that Test OU. I created a GPO with
specific desktop settings in user configuration and applied it to the Test
OU. I then enabled Loopback in computer configuration under the Test OU.

When I go to the pc that is in the Test OU and log on locally using an
autologin account, it does not apply the group policy. These computers
autologin locally with an account that does not exisit in AD.

"Florian Frommherz [MVP]" wrote:

> Howdie!
>
> gsmith@gbmc schrieb:
> > I would like to create a computer based policy to customize start menu and
> > desktop icons for Windows XP users. I know you can do this via a user-based
> > GPO, but the computers that I need to apply these lockdown group policy
> > features to are autologin pcs that log into the local worksation, but are
> > members of a 2003 domain so therefore I need a computer based policy. If
> > this can't been done via GP, are there other ways. I need to do things like
> > create a policy that will allow no icons on desktop and nothing on the start
> > menu.
>
> You can do that with "loopback":
> http://www.frickelsoft.net/blog/?p=22
>
> cheers,
>
> Florian
> --
> Microsoft MVP - Windows Server - Group Policy.
> eMail: prename [at] frickelsoft [dot] net.
> blog: http://www.frickelsoft.net/blog.
>

Howdie!

gsmith@gbmc schrieb:
> Thank you. I tried the Loopback policy prior to this posting but maybe I was
> doing something wrong. I created an OU called test and then put one computer
> in that group that I want the policy applied. I then configured a user based
> GPO for the desktop settings on the test OU. I then created enabled loopback
> in computer configuration in merge mode on the test OU.

When loopback is enabled, the "user configuration" settings that are
configured with the computer's OU will replace or merge with the
settings the user gets applied from his/her OUs.

You need to make those desktop settings on the test OU you created the
computer account in.

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.

Are both the user and computer sections of the GP enabled (must be)?
Did you change the security group filtering (not needed/wanted
for your scenario)?

"gsmith@gbmc" <(E-Mail Removed)> wrote in message
news:A77B9FC6-ADE9-48BE-93B9-(E-Mail Removed)...
>I did that prior to the posting but maybe I missed a step. I created a
>Test
> OU and then moved a computer account into that Test OU. I created a GPO
> with
> specific desktop settings in user configuration and applied it to the Test
> OU. I then enabled Loopback in computer configuration under the Test OU.
>
> When I go to the pc that is in the Test OU and log on locally using an
> autologin account, it does not apply the group policy. These computers
> autologin locally with an account that does not exisit in AD.
>
> "Florian Frommherz [MVP]" wrote:
>
>> Howdie!
>>
>> gsmith@gbmc schrieb:
>> > I would like to create a computer based policy to customize start menu
>> > and
>> > desktop icons for Windows XP users. I know you can do this via a
>> > user-based
>> > GPO, but the computers that I need to apply these lockdown group policy
>> > features to are autologin pcs that log into the local worksation, but
>> > are
>> > members of a 2003 domain so therefore I need a computer based policy.
>> > If
>> > this can't been done via GP, are there other ways. I need to do things
>> > like
>> > create a policy that will allow no icons on desktop and nothing on the
>> > start
>> > menu.
>>
>> You can do that with "loopback":
>> http://www.frickelsoft.net/blog/?p=22
>>
>> cheers,
>>
>> Florian
>> --
>> Microsoft MVP - Windows Server - Group Policy.
>> eMail: prename [at] frickelsoft [dot] net.
>> blog: http://www.frickelsoft.net/blog.
>>