Windows 2003 Roaming profile question

[InlineFour]

i have an AD setup in my local network. i'd like make a user account that is an internet only account. that means i would like to limit the account as much as possible, kind of like how public internet pcs are; you can't open any programs except IE, no programs installed, etc. do i have to setup a logon script, edit registry for that profile?

 

[crobusa]

Mandatory Profile allows them to never change the desktop/directory.. you can create a group policy just for that user

 

[MaxxuM]

Ditto on using profiles. Look into group policies. Once you get them down you'll be able to remove the task bar, create a unique desktop for users and disallow access to C: or other drives and if you like create times they can log in, make quotas (like for kids in the family who like to surf when you are asleep) and so on. There a probably thousands of things you can do with AD so it can be daunting to start out. Just remember, when making policies user different entries for each 'type' of change you make so it will be easier to edit them later.

 

[RebateMonger]

Create an OU containing "Internet Only" users and create a GPO to apply to that OU.
In the new GPO, in the "User Configuration" section, specify the various Administrative Template and Windows Security Settings that you want.

Make sure that they don't have a local account on any PC, or they'll be able to log in locally and be unrestricted by the Domain GPOs. Many people have, by default, Local Administrator rights on their PCs.