Re: setting permissions so restricted users can't change backkground/ screen savers, or create passwords. Possible????
- From: "Nepatsfan" <nepatsfan@xxxxxxxxxxx>
- Date: Tue, 26 Apr 2005 13:34:07 -0400
"niteowl" <webmaster_sla@xxxxxxxxxxxxxxxxxx> wrote in message
news:OtPp4nnSFHA.336@xxxxxxxxxxxxxxxxxxxxxxx
> niteowl wrote:
>
>> Thank You for the detailed instructions.. I'm really a
>> webmaster who
>> has kind of been expected to take over the entire schools
>> system, so
>> I'm learning this as I go... this will be very helpful.
>>
>> This is a workgroup situation, no server acting as a domain,
>> and I
>> don't know how to set that up yet anyway, that's for another
>> time.
>>
>> All these computers are on a "workgroup" but none are shared
>> so that
>> they can be accessed that I know of... that would be handy at
>> times
>> to transfer files directly to the teachers stations. (which
>> are their
>> laptops)
>>
>> I will do this tomorrow.... the computer lab has 50 stations,
>> all
>> independently setup... and all slightly different as teachers
>> add this
>> and that to some.. it's kind of a hodge podge, summer time
>> will be
>> redoing everything and starting fresh for the fall, so I need
>> to learn
>> how to that "image" thing, what do I need for that?
>>
>> again, thanks for the info,
>>
>> niteowl
>>
>>
>> On Wed, 20 Apr 2005 17:48:56 -0400, "Nepatsfan"
>> <nepatsfan@xxxxxxxxxxx> wrote:
>>
>>
>>>These suggestions apply to a computer in a workgroup. Let us
>>>know if you have a server acting as a domain controller.
>>>
>>>Log on to the computer with the Student account.
>>>Set up the wallpaper and screensaver that you want displayed.
>>>Go to Control Panel -> User accounts and change the Student
>>>account password. You can reset it to a blank password if you
>>>want.
>>>
>>>Log off and log back on with the Teacher account.
>>>Go to Start -> Run and enter gpedit.msc in the Open box.
>>>Navigate to the following location:
>>>
>>>User Configuration\Administrative Templates\Control
>>>Panel\Display
>>>
>>>You will find two policies in the right hand pane that you
>>>might
>>>find useful.
>>>1. Prevent changing wallpaper
>>>2. Screensaver executable name
>>>Right click on each of these policies and select Enable.
>>>Click on the Explanation tab to see what effect these settings
>>>will have.
>>>
>>>As for the password issue, right click My Computer and select
>>>Manage from the drop down menu.
>>>Expand Local Users and Groups.
>>>In the Users folder, right click on the Student account and
>>>select Properties.
>>>On the General page, put a check mark in the box next to "User
>>>cannot change password".
>>>
>>>
>>>You might want to become familiar with Local Group Policy. You
>>>can use it to limit the changes that the students can make to
>>>these computers. The only downside is that the changes you
>>>make are applied to all the users, including members of the
>>>administrators group. You can get around this problem by
>>>following either of the procedures outlined in these articles:
>>>
>>>http://www.theeldergeek.com/gp07.htm
>>>
>>>http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B293655
>>
>>
>
> both of these links make reference to having a windows 2000
> server machine... which I don't have... unless WindowsXP is
> considered a windows2k machine.. ?????
>
> Will these changes work on an XP machine?
>
> thanks,
> niteowl
Yes, they will. Sorry for not pointing that out.
This one is the easiest to implement:
Group policy in a workgroup
http://www.theeldergeek.com/gp07.htm
If the policies you want to change are all in the User
configuration branch of the local group policy then you can avoid
having them apply to the administrator's group by changing the
NTFS permissions on the Windows\System32\Group Policy folder to
explicitly deny Read permissions, and only Read permissions, for
the Administrators group. Don't be tempted to deny Full Control
or you won't be able to reset the group policy. The downside
of this approach is that every time you want to run gpedit.msc
you're going to have to remove the deny Read permission on the
Group
Policy folder for the Administrators group. Keep in mind that in
order to change the permissions, you have to disable Simple File
Sharing on each machine.
Even thought the Microsoft article is written for Windows 2000 it
will work with XP. This approach is slightly more involved. The
advantage is that you would not have to disable Simple File
Sharing.
http://support.microsoft.com/default.aspx?scid=kb;en-us;293655
If you use this approach make sure that in step 10 you change
the settings to Disabled and not to the default "Not Configured".
That's a mistake I kept making when I first used this procedure.
While Group Policy is an excellent tool it is not without risks.
Make sure you understand the impact changing a policy will have
before you enable it. Click on the Explanation tab if you're not
sure. Until you get familiar with the procedure, I'd suggest only
enabling policies that affect the Widows environment. Once you
feel confident in your knowledge level you can start working with
the policies which deal with security and logon issues.
Post back if you have any questions.
Nepatsfan
.
- References:
- setting permissions so restricted users can't change backkground/ screen savers, or create passwords. Possible????
- From: niteowl
- Re: setting permissions so restricted users can't change backkground/ screen savers, or create passwords. Possible????
- From: Nepatsfan
- Re: setting permissions so restricted users can't change backkground/ screen savers, or create passwords. Possible????
- From: niteowl
- Re: setting permissions so restricted users can't change backkground/ screen savers, or create passwords. Possible????
- From: niteowl
- setting permissions so restricted users can't change backkground/ screen savers, or create passwords. Possible????
- Prev by Date: Re: removing Windows 98
- Next by Date: Re: How many svchost.exe in the process list are normal?
- Previous by thread: Re: setting permissions so restricted users can't change backkground/ screen savers, or create passwords. Possible????
- Next by thread: Re: setting permissions so restricted users can't change backkground/ screen savers, or create passwords. Possible????
- Index(es):
Relevant Pages
|
