+ Post New Thread
Results 1 to 8 of 8
Windows 7 Thread, Windows 7 lock down in Technical; Hi Please could you help. I am running a windows 2008 domain with windows xp and we are just venturing ...
  1. #1
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,477
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    53

    Windows 7 lock down

    Hi

    Please could you help. I am running a windows 2008 domain with windows xp and we are just venturing into windows 7 with our next batch of pc's.

    I am trying to lock the computers down for the students to avoid problem.

    What settings do people advice I set as a starting point.

    Thanks for all your help.

    Richard

  2. #2
    Techdw's Avatar
    Join Date
    Jan 2009
    Posts
    172
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    You need to really have a read through other post. We are getting ready to role it out and the amount of Reg Fixs I have had to do it unreal!!

    Make a new GPO go though it and lock it down, Redirection was a bit of a problem for me, now sorted now.
    I redirected the My Doc and so on to the Drive Letter of the users home drive, in my case.. H:` , not the full path,``server``share and so on. This was the only way it worked for me. Also the explore bar on the left side you will need reg fixs for that and to also remove control panel from the desktop, or just block access if you like.
    Really Test it first!!

  3. #3
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,605
    Thank Post
    544
    Thanked 301 Times in 277 Posts
    Rep Power
    85
    we have win 7 on a test machine and we are going to be testing testing and testing - its our 3 year plan to move over to AD ad Win 7 (yes i did just say 3 yeas!!)

  4. #4

    3s-gtech's Avatar
    Join Date
    Mar 2009
    Location
    Wales
    Posts
    3,103
    Thank Post
    161
    Thanked 655 Times in 588 Posts
    Rep Power
    169
    You'll need to test extensively, perhaps with a VM on your PC? It took me the best part of a month to transition everything.

    First up, I installed a 2008 R2 DC after updating the schema.
    I then created a new OU for Windows 7 PCs, with just the default domain policy applying.
    I then set up a new user with a new blank GPO for user settings. I also removed the profile settings for this user.
    I then worked through the GPs, changing settings as I found them, and testing them on the Windows 7 PC. I used GPPs rather than scripts to do most of the settings like drive maps and printers.
    I applied reg fixes for the black desktop fault and to remove Libraries.
    I tested the user extensively.
    I then tested the new GPO on a Windows XP machine, to make sure it was totally compatible between the two as we still run XP alongside.
    I built a new mandatory profile for Windows 7 logins.
    I then applied the new GPO to all students. After further testing, a modified version was applied to admin staff, then eventually teaching staff.
    I used WMI filters to seperate some policies, like themes (so 7 users get Aero, XP users get Classic with XP Start Menus).

    Lots of work, but worthwhile.

  5. Thanks to 3s-gtech from:

    stevenwba (1st April 2011)

  6. #5
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,477
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    53
    Quote Originally Posted by Techdw View Post
    You need to really have a read through other post. We are getting ready to role it out and the amount of Reg Fixs I have had to do it unreal!!

    Make a new GPO go though it and lock it down, Redirection was a bit of a problem for me, now sorted now.
    I redirected the My Doc and so on to the Drive Letter of the users home drive, in my case.. H:` , not the full path,``server``share and so on. This was the only way it worked for me. Also the explore bar on the left side you will need reg fixs for that and to also remove control panel from the desktop, or just block access if you like.
    Really Test it first!!
    HI
    We already have the basics from windows xp locked down. I am looking for the extras that have come with windows 7 like the
    Network icon in explorer
    Favorites in explorer
    Libraries in explorer
    Control panel desktop

    and how people have done these. We have found registry keys but gpo not forcing them in for Favorites and Libraries and control panel.

    I have found an adm for network in explorer
    -----------------------------------------
    ; Use this one for hiding the network icon in your explorer.

    CLASS MACHINE

    CATEGORY !!Custom

    CATEGORY !!ExplorerExtras

    POLICY !!HideNetworkInExplorer
    KEYNAME "SOFTWARE\Microsoft\Windows\CurrentVersion\Policie s\NonEnum"
    EXPLAIN !!HideNetworkInExplorer_Help
    VALUENAME "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"
    VALUEON NUMERIC 1
    VALUEOFF NUMERIC 0
    END POLICY

    END CATEGORY

    END CATEGORY

    [strings]
    Custom="Custom Policies"
    ExplorerExtras="Windows Explorer Extra's"
    HideNetworkInExplorer="Hide Network Icon in Explorer 2008/Vista"
    HideNetworkInExplorer_Help="Enable this one to hide the icon, disable or unconfigure to show it..."


    ------------------------------------

  7. #6
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,477
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    53
    HI

    We have already started putting wmi filter on gpos so they only apply to windows 7.

    We have tested the registry setting and they work but for some reason we have not managed to get the registry keys to apply through gpo.

    Richard

  8. #7
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,477
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    53
    HI

    I have found some of what I am looking for at Windows 7 Gotchas/Tips/FYI

  9. #8

    Join Date
    Feb 2011
    Posts
    94
    Thank Post
    6
    Thanked 24 Times in 15 Posts
    Rep Power
    12
    Hi
    After making a nice fluffy policy i had a few problems with certain aspects. i found this useful. Its got things like removing network and library icons and a couple of other bits. Maybe useful to you.



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 0
    Last Post: 27th December 2010, 12:02 PM
  2. Replies: 2
    Last Post: 26th October 2009, 01:52 PM
  3. Replies: 3
    Last Post: 29th September 2008, 04:09 PM
  4. Replies: 6
    Last Post: 3rd September 2008, 08:44 PM
  5. Windows 2008 Terminal Services Seamless client & Lock Down
    By benIT in forum Windows Server 2008
    Replies: 5
    Last Post: 15th April 2008, 11:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •