SimpleSi (11th February 2010)
We'll probably find Ofsted agreeing with Simon. After all, how are kids going to learn how to f*** things up if we don't give them the opportunities?
SimpleSi (11th February 2010)
We use CC3, and our Primary (and Secondary) have the standard restrictions which go with that - no local admin rights, no command prompt, read-only access to most of the network.
Users not having admin rights proves invaluable in the management of copyright and licensing, and also does a lot to limit virus infection, as most viruses require higher rights than our users have.
The thought of letting people loose with admin rights scares me, and I wouldn't say I was doing my job properly if I permitted it. SLT agree, by the way.
I remembered my secondary school introduced these cards that sit in a PCI slot that when rebooted would undo any changes to the system...
Even though they were disliked by the deputy head who was also my head of year and my GNVQ teacher...
A few minutes later and the cards had been removed from the computers in our classroom... as the open office version that was installed crashed left right and centre...
The ICT Manager tried getting me done for theft... at which I laughed and said the deputy head had them and the ones I removed from the computers in the ICT room were sitting in the bottom of the cases...
He didn't really talk to me after that...
IIRC he got sacked after I left.... lol
I have a few different setups with differing options. What i find works best is to lock the stations down. As people have said it's more for protection from virus' etc.
A few points that I think are important:
Redirect document folders.
Redirect favorites and desktops to a hidden folder in the users documents area.
This makes it really easy to delete dodgy profiles without messing around with favorites etc.
I also with server 2008 have a start menu policy which does a number of things:
It locks down the start menu (hides run/etc)
It prevents shortcuts in the all users folder form being listed.
It deletes the users start menu on startup and recreates it all using group policy preferences. this is really powerful as each shortcut has a condition placed on it to check if the program exists. This means that laptops which are disconnected from the domain do not get shortcuts that don't work.
I also use the prefs to hide the C: drive on stations and also hide drive maps that users don't need to see but applications need.
Hope this helps and if you need me to send you some more info let me know.
There's some helpful information in there and I'll look into some of this further when I start to implement the new GPs.
I'm also grateful for the offer of further assistence,
We also use gp and gp prefs to delete common startup reg keys (like adobe reader speed launch, quicktime startup etc) and disable some services (e.g. google update) which can really help startup times.
CC3 does what Shaun is describing as standard, so to answer eean's question, the logon speed is still perfectly acceptable (can't comment on whether it slows it down, as I've not seen it without). The only slight issue is if you log in to one PC which doesn't have Application X on it, when you then log in to one which does, it can take it a little while to appear. People have come to know just to click away from the Start Menu and try again in a few seconds.
HullFC (12th February 2010)
We also have a branding policy which deploys BGInfo and creates the startup and logon keys for it as well. Depending on the user type (staff/student/admin) they get a different colour background so you can tell straight away if a member of staff has left a PC logged on in a room full of kids. BGinfo reads environment variables form the same policy which specify school name and support numbers etc so we can deploy the same policy across various sites and just tweak the variables.
We have the found the environment variables particularly useful on our new admin network which is currently being rolled out across many school sites in Hull. All of the folder structures on servers, branding and localisation is done through GP prefs. For example we have a variable for the site's server hostname which is different based on ad site. This is then used in profile paths so the same policy to redirect folders works on all sites and adapts to each with little fuss.
gibbo_ap (12th June 2012)
There are currently 1 users browsing this thread. (0 members and 1 guests)