On the DC. I'm setting up for the first time (HP netserver LC2000 with W2K adv. Server). W2K pro. Workstations.
I'm getting there but not there yet !.
1... I was thinking on giving the pupils the school 'Logo' on there desktops through there default profile from AD.. OU.. but on trying using one of the windows standard desktop photo's as a test it did not go on to the workstation when I logged onto the test-user account.
2... How do I force an update of AD to go out for my test when I have made changes ?. Edit.. group policy settings .....Edit End
3... What tools do you use to for AD, (I have put the windows server tool kit on this server).
4... Do I have to make the changes for AD at the server or can you do it from a workstation ?.
5... On the pupils profile 'start' menu I have taken off the items I do not want but I can still see the remote desktop viewer 'Ultra VNC' How do I make it so they cannot get access to it on the workstations ?.
6... On AD Staff OU .. I want to let the staff install software on to the workstations. (when these were Stand alone Workstations I just had a logon account with 'Power user' that they used) How do I do it now?.
7... What tests do you do to test a pupils accounts ?.
8...Another problem is with Firefox browser I want to use on the workstations , On the default ghost image I set all the settings up but now on a pupil account it needs all the settings doing again . What do I do. ...Edit end.
1. Not entirely sure what is wrong there, I set wallpapers through group policy and active desktop
2. Again not sure what you're getting at, any AD changes such as adding users will not require any forced updates to workstations
3+4. I just use the Administration Tools pack which can run on XP and so on your workstation. It will let you connect to your AD, DNS Server etc, you can manage pretty much anything you can on your server on your desktop
5. Check the local 'All Users' desktop - the shortcut could be on there
6. You could add the domain staff users group to the local power users group. This can be done through a startup script
7. I just check they can log on, that their my documents can be accessed, and that any drives have mapped and any obvious group policy settings have applied
3. Tools for AD? I'm not sure what you mean here, but so long as you have GPMC and ADUC you should be fine until you get more experience. The Server Resource Kit Tools are pretty good too- but it depends what you want to monitor/carry out with your server. There are tools for just about everything just like there are standard tools and preferential tools- depends on the admin really!
4. You can make changes to the server from a client by using RDP (Remote Desktop). Type MSTSC at the Run box on a client and if you have enabled RDP on your server you will be able to do most things "remotely".
5. Check you "all users" profile locally. Are you redirecting start menu items?
6. I think someone answered this one..
7. Log on using a dummy (test) account and see if things are applying. Run a GPRESULT or RSOP on the local machine to see if the domain wide and other group policies are applying and that nothing is getting left out somewhere. Test, test, test and test again to make sure permissions and profiles are as good as possible before going live. Remember that with the power and scope of group policy management you can always adjust as needed- just have that test account to work with and you should be fine.
Thanks for advice. I'm still struggling and my system may not be up and running for this Wednesday when the little darlings come back !. Anyone live near South Derbyshire ?.
A..My pupil profile, the GP policy looks ok and going out to the workstations, But Things like Firefox are not being configured .eg if I click on the firefox short-cut on the desktop, all the settings for proxy settings, and how it looks etc. are not there.
Also some of the programs on the workstations are showing on the user account.!?.that I do not want them to use .
B..If I go through setting up a Mandatory Profile again do I need to delete only parts of my profile above.
Re.. The WIKI setting up mandatory profile page.
Mandatory Profile Manager Account...
1..Create a user account in Active Directory called MPM (Mandatory Profile Manager) with no entry for Profile Path. When I do the above do I leave the password blank or not ?
Creating Mandatory Profiles.
1..Check that the MPM user account has no entry in Profile Path.
2..Select a PC where MPM has no local profile..
3..Log on to the PC and make any initial settings required.
On 3 above do I log on with mpm account with /with out password.
then I have to configure just about every thing on the computer . eg setting up firefox as in Question A above with all its plug-in's and settings (because I will be on a user account how can I do that ?.)
I think I will need more than a pint of beer if I every get this going.!.
A. You need to trim down the Documents and Settings > Default User and All User > Start Menu > Programs folders on all your client PCs so that your users only get shortcuts to the programs you want them to see.
A new user will pick up the Default User start menu list. If you make changes you'll need to remove any user profiles left behind in Documents and Settings or those users won't be affected. Never delete the Administrator, Default User or All Users profiles though.
If you had XP on the clients you could make use of Software Restrictions where you can explicity state which applications and locations can and can't be run.
But since you have 2k, file system permissions will do (pretty much) just as well. You'll find it in a GPO, under Computer Configuration>Windows Settings>Security Settings>File System. Here you can specify which users/groups have which NTFS permissions to the specified files/folders. If you're not confident in configuring the policy correctly, create a new one and apply it to just one workstation for testing.