Re: AD GPOs, machine accounts and Desktop/Start menu icons

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi Mark,

There is a better way to achieve exactly what you need - it'll take a bit of
work to get it setup initially, but will save so much time later on.

Assuming these computers are Windows 2000 or newer, and logon to an Active
Directory based domain, create an Organisational Unit for each room and link
a new Group Policy Object to it. You will then be able to specify all
software that you want installed on that machine - put it in the machine
section for the policy to apply to the physical PC, if you want to do this on
a user basis, use the User Section of the policy.

Once this is setup, when a PC is logged in, it will automatically setup any
software needed in line with the policy.

This will also help if you need to move a PC between rooms, as when it's
Computer Account is moved within the Organisational Units within Active
Directory, the PC will automatically remove/install software based on the new
container's policy.

Let me know if you need any more assistance to set this up.

Ross Bale, MCP, MBCS
Blog: http://rossbale.wordpress.com

"Florian Frommherz [MVP]" wrote:

Howdie!

Mark B schrieb:
So, is it possible to have the redirected Start Menu and Desktop icons
folders assigned to machine accounts, which are magically viewable by the
user? I checked ABE, but that decided icon visibility based on *user*, not
machine. And even then, I have no idea how to get the machine account icon
access to translate to the user account!

I guess you'll have to put scripting magic in there. For the shortcut
creation, you could simple test for the computer name and copy a
shortcut off a share or something.

For the removal, you could go reverse and delete a link if it exists, if
the user is logged on to machineY. The %computername% variable should be
helpful there.

cheers,

Florian
--
Microsoft MVP - Windows Server - Group Policy.
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Use a newsreader! http://www.frickelsoft.net/news.html

.

Relevant Pages

  • Re: Published application - what rights does the user need
    ... I have tried to change the entire setup since the last ... I am missing something on permissions and the ... Apply Group Policy ... particular computer account and user account have Full control ...
    (microsoft.public.windows.server.active_directory)
  • Re: Rant about installer features (Re: Progeny)
    ... MD Raid is tough for a bootable setup with automated tools. ... way to setup the "Ultimate" Linux Distribution... ... Debian really works. ... Policy, Policy, Policy. ...
    (Debian-User)
  • Cannot add domain user into admin group for local computers
    ... SP1 and client computers some with Windows 2000 Pro SP4 and Windows XP ... the server by replacing a 20 GB HDD with a 80 GB HDD. ... Under group policy ... after the Win 2K3 server was setup - it was in the default mode that is ...
    (microsoft.public.win2000.group_policy)
  • Sysprep 2.0 Local Group and Local Group Policy
    ... this group doesn't give rights to the same location though. ... > Ok I have setup a group policy for the machine following article Q274478. ... > I sysprep the machine using sysprep 2.0, minisetup, pnp. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Machine Policy
    ... I believe that the GPMC (Group Policy Management Console) can help. ... When editing the GPO in the GPMC the bottom of the frame tells you who ... computers in a OU with a total of 10 machine accounts. ...
    (microsoft.public.windows.group_policy)