I support 200 workstations on a Novell Network. Our operation runs 24/7 and every workstation is accessed by 12 or more users weekly. The workstations are set so the users all share the same user profile. I have a user (identity unknown) in one department that constantly goes in and changes the configuration to allow each user to create their own profile. Unfortunately this causes some of our shortcuts on the desktop and in the start menu to either disappear or not open the programs. This has caused several 3:00 am calls to the network administrators (at home in bed). I have tried using the Policy Editor to lock out access but after several days it is back to allowing user profiles. I have an advanced user somewhere. Is there a way to log these changes so there will be at least a time date stamp? Any Ideas will be appreciated.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Stop Users from creating their own User Profile
- Thread starter ikayak
- Start date
Have you considered the use of some programs from
(?)
(?)
TekTippy4U
Technical User
Heres a pic of using system policy editor correctly for one particular thing
from
but unless you lock out everyone's disk (floppy and cd) access, and block all usb ports,etc (external drives, etc)......well, i know I can change things...
as far as logging..it would be pretty hard to pin down when an event took place on 200 pc's.
Consider that the User has Admin password, maybe??
Consider that the way you implement the profiles is flawed..but still, one can wreak havoc if allowed any machine access BEFORE the profile is instated/loaded..
haven't looked at PAndersen's link yet, have you?...might be nice
TT4U
Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
from
but unless you lock out everyone's disk (floppy and cd) access, and block all usb ports,etc (external drives, etc)......well, i know I can change things...
as far as logging..it would be pretty hard to pin down when an event took place on 200 pc's.
Consider that the User has Admin password, maybe??
Consider that the way you implement the profiles is flawed..but still, one can wreak havoc if allowed any machine access BEFORE the profile is instated/loaded..
haven't looked at PAndersen's link yet, have you?...might be nice
TT4U
Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
mattjurado
MIS
Posum.com has utilities that lock users out of the desktop completely, but again you can get around this by a safe mode bootup. And this isn't what he really wants.
This is a toughy. I can't think of a clean cut solution.
Personally, I would delete the .cpl file so they cannot access the users applet in the control panel (test this before you do it live, it might have unexpected results).
You can also use the following registry hack to force a logon, but you might have to have an NT server, so again, test first. I've never used this.
[HKEY_LOCAL_MACHINE\Network\Logon]
"MustBeValidated"=dword:00000001
They might be able to copy the .cpl file off another pc, but they might take a hint that the problem is being monitored and leave it alone.
Matt J.
P.S. Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.
This is a toughy. I can't think of a clean cut solution.
Personally, I would delete the .cpl file so they cannot access the users applet in the control panel (test this before you do it live, it might have unexpected results).
You can also use the following registry hack to force a logon, but you might have to have an NT server, so again, test first. I've never used this.
[HKEY_LOCAL_MACHINE\Network\Logon]
"MustBeValidated"=dword:00000001
They might be able to copy the .cpl file off another pc, but they might take a hint that the problem is being monitored and leave it alone.
Matt J.
P.S. Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.
mattjurado
MIS
Actually, upon reviewing PAnderson's post, Posum has something I wasn't aware of...
You might email them and see if the software has a function that will be helpful in your case.
Matt J.
P.S. Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.
You might email them and see if the software has a function that will be helpful in your case.
Matt J.
P.S. Please always take the time to backup any and all data before performing any actions suggested for ANY problem, regardless of how minor a change it might seem. Also test the backup to make sure it is intact.
- Status