+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 24 of 24
Windows Server 2000/2003 Thread, What are the general group policies a primary school would apply? in Technical; We'll probably find Ofsted agreeing with Simon. After all, how are kids going to learn how to f*** things up ...
  1. #16


    Join Date
    Sep 2007
    Location
    UK
    Posts
    5,463
    Thank Post
    1,462
    Thanked 891 Times in 572 Posts
    Rep Power
    647
    We'll probably find Ofsted agreeing with Simon. After all, how are kids going to learn how to f*** things up if we don't give them the opportunities?

  2. Thanks to laserblazer from:

    SimpleSi (11th February 2010)

  3. #17
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,490
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76
    We use CC3, and our Primary (and Secondary) have the standard restrictions which go with that - no local admin rights, no command prompt, read-only access to most of the network.

    Users not having admin rights proves invaluable in the management of copyright and licensing, and also does a lot to limit virus infection, as most viruses require higher rights than our users have.

    The thought of letting people loose with admin rights scares me, and I wouldn't say I was doing my job properly if I permitted it. SLT agree, by the way.

  4. #18
    James2k's Avatar
    Join Date
    Jan 2008
    Location
    New Malden
    Posts
    59
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    14
    I remembered my secondary school introduced these cards that sit in a PCI slot that when rebooted would undo any changes to the system...

    Even though they were disliked by the deputy head who was also my head of year and my GNVQ teacher...

    A few minutes later and the cards had been removed from the computers in our classroom... as the open office version that was installed crashed left right and centre...

    The ICT Manager tried getting me done for theft... at which I laughed and said the deputy head had them and the ones I removed from the computers in the ICT room were sitting in the bottom of the cases...

    He didn't really talk to me after that...

    IIRC he got sacked after I left.... lol

  5. #19
    HullFC's Avatar
    Join Date
    Sep 2009
    Posts
    23
    Thank Post
    3
    Thanked 8 Times in 7 Posts
    Rep Power
    12
    I have a few different setups with differing options. What i find works best is to lock the stations down. As people have said it's more for protection from virus' etc.

    A few points that I think are important:

    Redirect document folders.
    Redirect favorites and desktops to a hidden folder in the users documents area.

    This makes it really easy to delete dodgy profiles without messing around with favorites etc.

    I also with server 2008 have a start menu policy which does a number of things:

    It locks down the start menu (hides run/etc)
    It prevents shortcuts in the all users folder form being listed.
    It deletes the users start menu on startup and recreates it all using group policy preferences. this is really powerful as each shortcut has a condition placed on it to check if the program exists. This means that laptops which are disconnected from the domain do not get shortcuts that don't work.

    I also use the prefs to hide the C: drive on stations and also hide drive maps that users don't need to see but applications need.

    Hope this helps and if you need me to send you some more info let me know.

    Shaun

  6. Thanks to HullFC from:

    eean (12th February 2010)

  7. #20

    Join Date
    May 2007
    Posts
    43
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks Shaun,

    There's some helpful information in there and I'll look into some of this further when I start to implement the new GPs.

    I'm also grateful for the offer of further assistence,

    Nice one,

    Steve

  8. #21
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    570
    Thank Post
    70
    Thanked 55 Times in 39 Posts
    Rep Power
    31
    Quote Originally Posted by HullFC View Post


    It deletes the users start menu on startup and recreates it all using group policy preferences. this is really powerful as each shortcut has a condition placed on it to check if the program exists. This means that laptops which are disconnected from the domain do not get shortcuts that don't work.
    Interesting! Does this slow down the logon at all? The system must have to check the presence of each file.

  9. #22
    HullFC's Avatar
    Join Date
    Sep 2009
    Posts
    23
    Thank Post
    3
    Thanked 8 Times in 7 Posts
    Rep Power
    12
    Quote Originally Posted by eean View Post
    Interesting! Does this slow down the logon at all? The system must have to check the presence of each file.
    Actually no. We thought that it would before we did testing but it doesn't seem to cause an issue at all. It is only parsing a local XML file in reality. It's really powerful as the one policy sets all shortcuts for all users and we use gp prefs to assign shortcuts by group/site/ou etc so the kids don't get stuff for staff and only system admins get admin tools. It's all neatly in one place.

    We also use gp and gp prefs to delete common startup reg keys (like adobe reader speed launch, quicktime startup etc) and disable some services (e.g. google update) which can really help startup times.

    Shaun

  10. Thanks to HullFC from:

    eean (12th February 2010)

  11. #23
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,490
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76
    CC3 does what Shaun is describing as standard, so to answer eean's question, the logon speed is still perfectly acceptable (can't comment on whether it slows it down, as I've not seen it without). The only slight issue is if you log in to one PC which doesn't have Application X on it, when you then log in to one which does, it can take it a little while to appear. People have come to know just to click away from the Start Menu and try again in a few seconds.

  12. Thanks to enjay from:

    HullFC (12th February 2010)

  13. #24
    HullFC's Avatar
    Join Date
    Sep 2009
    Posts
    23
    Thank Post
    3
    Thanked 8 Times in 7 Posts
    Rep Power
    12

    Lightbulb

    Quote Originally Posted by enjay View Post
    CC3 does what Shaun is describing as standard, so to answer eean's question, the logon speed is still perfectly acceptable (can't comment on whether it slows it down, as I've not seen it without). The only slight issue is if you log in to one PC which doesn't have Application X on it, when you then log in to one which does, it can take it a little while to appear. People have come to know just to click away from the Start Menu and try again in a few seconds.
    We have CC3 across a number of sites and were planning to write a script to do all this on our vanilla networks but GP prefs came along and solved it for us.

    We also have a branding policy which deploys BGInfo and creates the startup and logon keys for it as well. Depending on the user type (staff/student/admin) they get a different colour background so you can tell straight away if a member of staff has left a PC logged on in a room full of kids. BGinfo reads environment variables form the same policy which specify school name and support numbers etc so we can deploy the same policy across various sites and just tweak the variables.

    We have the found the environment variables particularly useful on our new admin network which is currently being rolled out across many school sites in Hull. All of the folder structures on servers, branding and localisation is done through GP prefs. For example we have a variable for the site's server hostname which is different based on ad site. This is then used in profile paths so the same policy to redirect folders works on all sites and adapts to each with little fuss.

    Shaun

  14. Thanks to HullFC from:

    gibbo_ap (12th June 2012)

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Replies: 16
    Last Post: 30th April 2013, 10:00 AM
  2. Group Policy Will Only Apply With gpupdate /force
    By FN-GM in forum Windows Server 2008
    Replies: 21
    Last Post: 2nd October 2009, 09:30 AM
  3. Group Policies
    By leco in forum Windows Server 2008
    Replies: 4
    Last Post: 29th March 2009, 09:15 PM
  4. Help with Group Policies etc.
    By chris7 in forum Windows Server 2008
    Replies: 4
    Last Post: 30th January 2009, 08:40 PM
  5. Cannot get group policy to apply
    By flexyjerkov in forum Windows
    Replies: 18
    Last Post: 8th March 2007, 03:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •