mandatory profiles on one OU

T

tony

I got users with ther own desktops that I do not want use mandatory
profiles. They are their own admin of their own computer and they can do
what they want.

but I also want them to be able to log into to machine in a different OU
that I want everything locked down, not able to save to my docs, desktops
etc so I want to to mandatory profile.

What do you suggest I do? I dont want to set a mandatory path in their user
properties do i?

thanks
 
C

Colin Torretta [MSFT]

A good way to do this is using Loopback-replace. Create a GPO in the
locked-down OU that uses folder redirection or one of the other Group
Policy settings to lock down the features you wish. Then, turn on
Loopback-replace mode for that GPO.

This way, when a user from another OU logs onto a machine in the locked
down OU, his GP settings will be discarded, and the machine will
process the GPOs from the locked down OU as if they were the user's
GPOs. This will allow you to lock down all the machines in one OU, and
let the users keep their freedom in their OU.

Hope it helps,
-Colin
 
T

tony

Hi

but to use mandatory profiles, doesnt that need to be specidifed in the
profile tab? noty from gpo
 
L

lforbes

tony said:
Hi

but to use mandatory profiles, doesnt that need to be
specidifed in the
profile tab? noty from gpo
Click to expand...

Hi,

Rather than Mandatory Profiles (which do need to be per user) you can
just Secure everything down tight with Group Policy. You can even do
folder redirection for the profile on that one machine. You need to
enable Loopback (with replace) on the Machine Section of the GPO on
the OU with the Machine in it and then put all the tight settings in
the User section.

Cheers,

Lara
 
T

tony

I just dont see how a user can log and not save anything on the desktop or
their local profile. I am basically trying to avoid creating profiles on the
local machine.
 
L

lforbes

I just dont see how a user can log and not save anything on the
desktop or their local profile. I am basically trying to avoid
creating profiles on the local machine.
Click to expand...

If you don’t want to use Roaming profiles, then the local profile will
always be created regardless.

If you use Folder Redirection and redirect the desktop folder to a
"read only" folder on the Server. This will prevent them saving to
their desktops.

Cheers,

Lara
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Please help! Mandatory Profile not loading 1
Which takes precedence Group Policy or Mandatory Profiles? 3
Assigning user profiles based on OU 12
One profile for many users 2
mandatory roaming profiles 2
Outlook 2003 and Mandatory profiles 1
Define User Profile With A Group Policy 3
Desktop redirection questions 5

Top