• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Generic desktop on WinXP regardless of domain login

J

jfunk

Golden Member
Here's my scenario. We currently run Netware servers. Users log into Netware, but all use a generic id of "user" with no password for the local Windows login.

I just started playing with Server 2K3 because we are thinking of switching to Windows in the next year or so. How can I get the desktop to be the same, specific to each machine, regardless of what userid logs into the domain? I don't want roaming profiles, because I don't want the desktops to be specific to a user, I want them specific to the computer.

Thanks.

j

 
Specify a group policy for your users.

There are a ton of options for GPO's so browse around and use what options work best for your setup.
 
There's an easier way than Group Policy. Just customize the "Default User" profile that all new accounts get on the initial login...

1. Create an account (say 'New' or whatever you like), log in as it and configure that account the way you want all of the accounts to look.
2. Reboot and log in as an administrative account.
3. Right-click the My Computer icon, select Properties, choose the Advanced tab, click the Settings button under user Profiles
4. Highlight the 'New' profile, select Copy To button
5. Click the Change button and set it to Everyone
6. Click the Browse button and browse to the Default User folder (Documents and Settings\Default User)
7. Click OK and answer yes to the warning.

**Note: You must have 'Show hidden files and folders' enabled in order to see the Default User folder when browsing.
 
I dont think that's quite what he was looking for Robor; he wants the settings to be the same for everyone and not give them the option to change.

What you're looking for is Mandatory Profiles:
http://support.microsoft.com/default.aspx?scid=kb;en-us;307800

However something important to note is Mandatory Profiles still need to be assigned to a specific user account (whether it be a generic "user" or specific to each person). So basically the thing to do would be to create a Mandatory Profile on the local machine and than set the user account(s) to only use that profile.
 
Thanks for the quick replies guys, but I think these options are all going to still leave me with desktops that are the same for the users regardless of where they login, which won't work for me.

For example, classroom PCs and computer lab PCs have different software on them. While all PCs have the same IE, Groupwise, MS Office, and attendance programs on them, the computer labs have a whole bunch of other programs installed on them that all have desktop icons. Then, there are certain classrooms that have programs specific to the subject installed on them.

Thus, I need different desktops to come up on different computers. I don't want any specific desktop to follow any users around. I want "B" desktop to come up on "B" computer every time ANY user logs into it, and "C" desktop to come up on "C" computer anytime anybody logs into it.

Really, all I want the users profiles to be doing is mapping their network drives and giving them permissions.

Thanks much for the help!

j

 
How about sticking the mandatory profiles in a path that will change with the computer (i.e. "c:\userprofile")

That *should* give you the ability to make a differant profile for each computer (though I cant say I've tried it that way personally).
 
Originally posted by: jfunk
Thanks for the quick replies guys, but I think these options are all going to still leave me with desktops that are the same for the users regardless of where they login, which won't work for me.

For example, classroom PCs and computer lab PCs have different software on them. While all PCs have the same IE, Groupwise, MS Office, and attendance programs on them, the computer labs have a whole bunch of other programs installed on them that all have desktop icons. Then, there are certain classrooms that have programs specific to the subject installed on them.

Thus, I need different desktops to come up on different computers. I don't want any specific desktop to follow any users around. I want "B" desktop to come up on "B" computer every time ANY user logs into it, and "C" desktop to come up on "C" computer anytime anybody logs into it.

Really, all I want the users profiles to be doing is mapping their network drives and giving them permissions.

Thanks much for the help!

j
Click to expand...

The method I specified is for the local machine profile. If you've got roaming or manditory profiles enabled on the domain then I think they would over-ride the local one (can't remember for sure). If you're not using roaming or manditory profiles then customizing the local default user profile should do exactly what you want. But as spyordie007 said, the users will be able to modify their desktop settings assuming they have rights. The only downside is you'd have to go from machine to machine to do it. This kind of thing works best with like machines and like software - like an image.
 
Robor,

OK, I think your idea may work for me. If I just copy my current "user" profile to be the default, every user will get it created for them when they login to the machine to look just like that. I'm not concerned with them changing it on the local PC, because they are all locked down with Deep Freeze, so any changes to the C:\ drive are gone after a reboot, although that just made me think of another problem. This means that every time a person logs in, they're going to have to wait for a new profile to be created for them. Hell even if we didn't have deep freeze, the user has to wait for a new profile to be made each and every time they log into a new computer (kids don't sit at the same computer in the lab every time they go).

It seems rather strange to me that there is no standard way to do this. I don't know of any schools that have the same computers with the same software on them in every single room. Does Windows server really just assume that all PCs are identical through the entire organization? That seems like a major flaw to me. We can't afford to buy 1000 new PCs every year. The same user can get up from a 6 month old computer and walk down the hall and log into a 6 YEAR old computer. Obviously, they aren't going to have the same software installed on them. Is there no support at all for setups like this in Win Server? What I really want is just to completely shut off multiple profiles entirely. Do I obsolutely HAVE to have a unique desktop for every user? This seems really stupid. I can't think of any public school that would want this.

 
Yeah, the profile feature on Windows 2000 & XP are good in some ways and bad in others. IMO the easiest thing to do when setting up a system is customize a profile the way you like it and copy it over the Default User profile. That way any future logins - locally or domain - will get the same customized profile. IMO the default out-of-box profile for XP just plain sucks.
 
Originally posted by: jfunk
Robor,

OK, I think your idea may work for me. If I just copy my current "user" profile to be the default, every user will get it created for them when they login to the machine to look just like that. I'm not concerned with them changing it on the local PC, because they are all locked down with Deep Freeze, so any changes to the C:\ drive are gone after a reboot, although that just made me think of another problem. This means that every time a person logs in, they're going to have to wait for a new profile to be created for them. Hell even if we didn't have deep freeze, the user has to wait for a new profile to be made each and every time they log into a new computer (kids don't sit at the same computer in the lab every time they go).

It seems rather strange to me that there is no standard way to do this. I don't know of any schools that have the same computers with the same software on them in every single room. Does Windows server really just assume that all PCs are identical through the entire organization? That seems like a major flaw to me. We can't afford to buy 1000 new PCs every year. The same user can get up from a 6 month old computer and walk down the hall and log into a 6 YEAR old computer. Obviously, they aren't going to have the same software installed on them. Is there no support at all for setups like this in Win Server? What I really want is just to completely shut off multiple profiles entirely. Do I obsolutely HAVE to have a unique desktop for every user? This seems really stupid. I can't think of any public school that would want this.
Click to expand...

I've worked for two different school districts in the past few years - one network used only Windows, and another used NetWare & ZenWorks, integrated with Active Directory.

I'm of the rather strong opinion that NetWare, with ZenWorks, is the ideal solution for public education. The exact circumstance this thread is about is why some school districts use ZenWorks. Policies are centrally maintained, and Zen is able to dynamically assign which programs (icons) are available where - that is, on the desktop, in the Application Launcher, or on the Start Menu. Group Policy is also able to be centrally maintained, in much the same way Active Directory is, to lock down the desktops, rendering DeepFreeze effectively useless, IMHO. Group Policies + ZenImaging together is extremely powerful.

On the network that had only Windows, roaming profiles was disabled, and the machine created a new local profile the first time the user logged in. The default profile had been customized by the IT department (actually, it had on both networks), so that there was only the specified icons on the desktop, start menu, etc., and those icons were in the "All Users" directory.
 
Yeah, the more I learn about this, the more obvious it becomes that Windows simply isn't designed for generic desktops with individual network permissions.

I certainly see how roaming profiles and all that good stuff is cool, but I can't imagine supporting a large network of ignorant users with that stuff. I mean, you seriously cannot imagine how bad teachers are with computers. If there isn't a desktop icon for the program, they don't know it exists. Actually allowing them to change their settings would be a nightmare, I'd be doing nothing but replacing deleted icons and correcting accidental settings changes all day. Administration can't even get them to agree to check their email daily. They wanted to get rid of paper memos in every mailbox for silly daily notes and stuff, but the teachers practically had a riot, "nothing in our contract states we are required to use a computer"...dead.

The problem we're running into, however, is that the last 4 apps the district has purchased for administration have been Windows only. Luckily, so far only 1 has actually required users to have access to the server and that one is only used by a few people in the central administration office. We got around that by simply making the server a workgroup computer and giving them local Windows profiles with matching IDs and passwords for local accounts in the server. This obviously won't work when we need to give similar access to teachers or students.

Anyway, the generic default profile with roaming profiles disabled seems like it will work fine for us. It may be kinda of suck that the users need to wait for a new profile to be created each time they login to a machine, but it is only a few seconds really, so it's not that big of a deal.

Originally posted by: GeekDrew
Originally posted by: jfunk
Robor,

OK, I think your idea may work for me. If I just copy my current "user" profile to be the default, every user will get it created for them when they login to the machine to look just like that. I'm not concerned with them changing it on the local PC, because they are all locked down with Deep Freeze, so any changes to the C:\ drive are gone after a reboot, although that just made me think of another problem. This means that every time a person logs in, they're going to have to wait for a new profile to be created for them. Hell even if we didn't have deep freeze, the user has to wait for a new profile to be made each and every time they log into a new computer (kids don't sit at the same computer in the lab every time they go).

It seems rather strange to me that there is no standard way to do this. I don't know of any schools that have the same computers with the same software on them in every single room. Does Windows server really just assume that all PCs are identical through the entire organization? That seems like a major flaw to me. We can't afford to buy 1000 new PCs every year. The same user can get up from a 6 month old computer and walk down the hall and log into a 6 YEAR old computer. Obviously, they aren't going to have the same software installed on them. Is there no support at all for setups like this in Win Server? What I really want is just to completely shut off multiple profiles entirely. Do I obsolutely HAVE to have a unique desktop for every user? This seems really stupid. I can't think of any public school that would want this.
Click to expand...

I've worked for two different school districts in the past few years - one network used only Windows, and another used NetWare & ZenWorks, integrated with Active Directory.

I'm of the rather strong opinion that NetWare, with ZenWorks, is the ideal solution for public education. The exact circumstance this thread is about is why some school districts use ZenWorks. Policies are centrally maintained, and Zen is able to dynamically assign which programs (icons) are available where - that is, on the desktop, in the Application Launcher, or on the Start Menu. Group Policy is also able to be centrally maintained, in much the same way Active Directory is, to lock down the desktops, rendering DeepFreeze effectively useless, IMHO. Group Policies + ZenImaging together is extremely powerful.

On the network that had only Windows, roaming profiles was disabled, and the machine created a new local profile the first time the user logged in. The default profile had been customized by the IT department (actually, it had on both networks), so that there was only the specified icons on the desktop, start menu, etc., and those icons were in the "All Users" directory.
Click to expand...

 
Couldn't you take away the user permissions in their Desktop folder? Then they couldn't save anything to the desktop or delete it or move it either.

In a class I took, we combined mandatory profiles with restricted permissions on the Desktop and it seemed to work out okay.
 
I mean, you seriously cannot imagine how bad teachers are with computers. If there isn't a desktop icon for the program, they don't know it exists. Actually allowing them to change their settings would be a nightmare, I'd be doing nothing but replacing deleted icons and correcting accidental settings changes all day. Administration can't even get them to agree to check their email daily. They wanted to get rid of paper memos in every mailbox for silly daily notes and stuff, but the teachers practically had a riot, "nothing in our contract states we are required to use a computer"...dead.
Click to expand...
Actually I do know how that goes, It was one of the major motivating factors for why I left my "cushy" job at the university (that and pay). I feel your pain 😉

I'm still not sure I understand what the issue is with mandatory profiles. You suggest that each machine needs a differant mandatory profile but it would seem to me that it would actually be (generally) groups of users (students, faculty, staff, etc.). Between mandatory profiles and folder redirection you should be able to cover your scenarios.

If the issue is that you want application shortcuts to only appear on certain machines just create the shortcut in the "all users" profile on that machine so it wont be part of their profile. That way the shortcuts will only appear on those machine(s).
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top