I'm wondering if it's possible to have default profiles for individual groups. For example, I want the teachers group to get a default profile, students to get a different default profile, etc. I'm aware that you can create a default profile for all users by "\NETLOGON\Default User" but am wondering if I could do something like "\NETLOGON\Teachers". Any input? Thanks!
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Can I force default profiles for certain groups?
- Thread starter EM64T
- Start date
- Thread starter
- #2
Ohoooooh yeah!
I come from the Engineering industry High Tech dedicated trusted boffins mostly with fuill admin rights..... now working in a call centre and Group Policy:
User Configuration (Enabled)
Folder Redirectionhide
Desktophide
Setting: Basic (Redirect everyone's folder to the same location)hide
Path: \\SERVER.DOMAIN.net\SHAREDLOCATION$\TEACHERS\Desktop
This controls what appears on the desktop, IE, Word, short cuts to mapped drives etc. Lock this down via NTFS permissions ie read only.
Start Menuhide
Setting: Basic (Redirect everyone's folder to the same location)hide
Path: \\SERVER001.DOMAIN.net\pc_config$\TEACERS\Start_Menu
Optionshide
This controls what appears on the Start Menu, IE, Word etc. Lock this down via NTFS permissions ie read only.
This complimented with the lock down i.e no access tio browse the PC / run commands etc this will give you a robust system.
The use your AD goups to link these GPO's to.
But test test test before deploying something like this.
Hope this gives you as start point.
Iain
I come from the Engineering industry High Tech dedicated trusted boffins mostly with fuill admin rights..... now working in a call centre and Group Policy:
User Configuration (Enabled)
Folder Redirectionhide
Desktophide
Setting: Basic (Redirect everyone's folder to the same location)hide
Path: \\SERVER.DOMAIN.net\SHAREDLOCATION$\TEACHERS\Desktop
This controls what appears on the desktop, IE, Word, short cuts to mapped drives etc. Lock this down via NTFS permissions ie read only.
Start Menuhide
Setting: Basic (Redirect everyone's folder to the same location)hide
Path: \\SERVER001.DOMAIN.net\pc_config$\TEACERS\Start_Menu
Optionshide
This controls what appears on the Start Menu, IE, Word etc. Lock this down via NTFS permissions ie read only.
This complimented with the lock down i.e no access tio browse the PC / run commands etc this will give you a robust system.
The use your AD goups to link these GPO's to.
But test test test before deploying something like this.
Hope this gives you as start point.
Iain
porkchopexpress
IS-IT--Management
I'll second Spirits suggestion. Think of the default profile as a way of providing basic application configs e.g office profiles or the odd setting that can't be achieved with a GPO, then provide the desktop and start menu look with group policy folder redirection.
- Status
Similar threads
- Locked
- Question
- Locked
- Question