+ Post New Thread
Results 1 to 6 of 6
Windows Thread, Microsoft Office on a Domain with Deepfreeze in Technical; I use Microsoft office for all of the computers in the computer labs at the high school I'm working for. ...
  1. #1
    link470's Avatar
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    250
    Thank Post
    85
    Thanked 8 Times in 6 Posts
    Rep Power
    15

    Microsoft Office on a Domain with Deepfreeze

    I use Microsoft office for all of the computers in the computer labs at the high school I'm working for. All the computers are frozen with deepfreeze and students login using their username and password for the windows network.

    If they want to use office, they launch office and it goes through the "Preparing to Install..." window that comes up for a few seconds before Office launches.

    Unfortunately, the previous techs that were here set all the students as local administrators on each machine. So that didn't really help me much when I found that out. They had higher priveledges than the teachers and administrative staff did. So I quickly went around to as many machines as I could and removed them from the Administrators group.

    But now students are getting an error that says an Administrator needs to install Office because it isn't ready for all the users. Is there an easy way around this? It works on some machines, and doesn't work on others. Thanks!

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,564 Times in 1,248 Posts
    Rep Power
    339

    Re: Microsoft Office on a Domain with Deepfreeze

    There is no harm setting them as local administrators, or at the very least power users. Many applications require write access to the local disk drive, which is why it makes good sense to make AD security groups or adding "domain users" as local administrators.

    What you shouldn't do is make them domain administrators which is as powerful as it gets (for obvious reasons), otherwise you could potentially jeopardise your entire network!

    The reason you're receiving that Office message "Preparing to install..." is because there's a high probability the students are using a mandatory profile. NTUSER.MAN instead of NTUSER.DAT. This of course means that any changes are forgotten which is why they always get that message. To get round this problem, you'd have to temporarily setup a temp user, rename NTUSER.MAN to .DAT, logon as this test user, run Office, logoff and then rename NTUSER back to NTUSER.MAN.

    Students should then be able to launch Office straight away which is also a lot quicker. It would annoy me if I had that message coming up everytime I ran Office for the first time!

  3. #3
    link470's Avatar
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    250
    Thank Post
    85
    Thanked 8 Times in 6 Posts
    Rep Power
    15

    Re: Microsoft Office on a Domain with Deepfreeze

    I completely understand the need for setting users as local Administrators. Makes sense. The reason I had them turned off so fast is because kids here frequently install a lot of software to play games etc. and I wanted to lock them down as much as possible. But of course even with security settings in Active Directory and setting them as just local users, users are still able to install software to a place other than program files. They can install software directly to the desktop with no problem, or their network storage drive. Is there any easy way to prevent this?

  4. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,564 Times in 1,248 Posts
    Rep Power
    339

    Re: Microsoft Office on a Domain with Deepfreeze

    It is difficult to clamp down on I agree, however if you have XP clients and 2003 server, Software Restriction policies is what you need to look at.

    You could also block access to websites where they are potentially downloading MSN Messenger (for example) or games.

    How are you controlling user desktops? I use Folder Redirection in Active Directory, so I specify what shortcuts are available to users. Even if users do try to install an application, no shortcut appears on the desktop or start menu. Users quickly give up.

    I think the key to making users give up, is to prevent them running a game or MSN for example even if they manage to install it. If there's no shortcut, they cannot run the application. Simple, but it works well in my experience.

  5. #5
    link470's Avatar
    Join Date
    Nov 2007
    Location
    Canada
    Posts
    250
    Thank Post
    85
    Thanked 8 Times in 6 Posts
    Rep Power
    15

    Re: Microsoft Office on a Domain with Deepfreeze

    Ya I'm workin on creating software restriction policies. But I've never got them to work in the past. I'll keep working on it

    Ya we have some clever kids around. Finding interesting ways to do things. Even after I blocked out the registry and restricted users access via group policy and locked down the user interface a ton, even if you couldn't go Start>Run>Regedit, I had one or two users write a VB script to inject data into the registry.

    We're using ISA 2000 as our proxy server and website blocker, and it hardly works at all :P Users simply change the proxy setting to something other than the ISA server, and they're done. They can access whatever they want. It's ISA 2000 as well so the security technologies are quite old in it. But I've just ordered a new unit from Barracuda. The web filter 320.

    http://www.barracudanetworks.com/ns/...r-overview.php

    I like the fact it works directly with Active Directory so I can prevent students from certain sites, and allow teachers to others. ISA tried to do that but failed missurably.

  6. #6

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,564 Times in 1,248 Posts
    Rep Power
    339

    Re: Microsoft Office on a Domain with Deepfreeze

    Take a look here for software restriction policies: http://support.microsoft.com/kb/324036

    You can disable changing Proxy Settings using group policy.

    User Config > Admin Templates > Internet Explorer

    Enable - Disable changing proxy settings

SHARE:
+ Post New Thread

Similar Threads

  1. Microsoft Office 2003 Clipart Really SLOW!!!
    By BKGarry in forum Educational Software
    Replies: 26
    Last Post: 7th January 2008, 10:47 AM
  2. Adobe Premiere Pro with Deepfreeze on Domain
    By link470 in forum Windows
    Replies: 3
    Last Post: 29th November 2007, 07:34 PM
  3. Replies: 2
    Last Post: 26th October 2007, 07:33 PM
  4. Microsoft Office
    By krisd32 in forum Windows
    Replies: 11
    Last Post: 29th March 2006, 07:58 AM
  5. Replies: 3
    Last Post: 10th March 2006, 01:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •