group policy and roaming profiles

N

nate

OK.............heres the delima, I can make GP's work just
fine, and I can get RP's to work just fine BUT I want them
to work together as follows. We want to allow people
outside our agency to have access to several of our PC's,
but they have to be completely locked down.........AND any
of our users need to be able to come behind them and see
our normal desktop and have there normal access. I have
accomplished this by creating a local account, configuring
a group policy on that machine, and only giving that local
account permissions to the group policy directory. There
were a few more minor tweaks to make this work, but it
worked flawlessly. The problem is that when we create an
image of one of those desktops, the permissions change as
well as the policies so there is some administration left
to do on a freshly imaged machine. My boss does not like
that and wants something more easily manged. His idea is
to create a roaming profile for the users that we want
locked down (they would all share a common account). Good
idea, but I can not find a way to lock down the desktop
like I want to. any ideas?
 
R

Roger Abell

Roaming profiles. So you are in a domain ?
Why are you using local group policy instead of
the more powerful and flexible GPO from AD ?
 
G

Guest

yes I am in a domain, a VERY broad domain. I am not a
domain admin, but a delegate ou admin. The organization
will not create a seperate ou just to apply a group policy
to solve this problem. as far as other offices are
concerned they just are not providing the service that we
are trying to provide. If I could apply a group policy to
a group I would be good, but not being able to go any
lower than an ou means that i need to find an alternate
method.
 
N

nate

I have tried renaming ntuser.dat to .man as mentioned in
another post and I am coming up with MOST of my security
settings, but not all............WEIRD
 
R

Roger Abell

They will not allow a GPO to be defined that applies
to the group of vendor / outside agency accounts and
(is of higher precidence so) overrules other GPOs that
set user settings ?
I would think that
1. if your boss wants this
and
2. if you have accounts defined for outsiders
then
they would want such a GPO to tighted down the
accessiblities permitted to these outsiders.
 
C

Curtis Clay III [MSFT]

Hello Nate,
Aside from Group Policy using AD or Mandatory profiles there is no means of
meeting your goals. Also it is unsupported to image machines that are
members of a domain. The results can and will be unpredictable.

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Local Group Policy- App not running 1
Roaming Profiles 1
Local Settings folder being included to Roaming Profile 2
Group policy in windows2003 1
Group Policy blocking program function 1
Roaming Profile 1
Copy XP User Profiles - Permission Denied 1
Deploy Local Group Policy 2

Top