Win2k and Windows Server 2003 - Registry

zain · 16 May 2006 at 14:09

I am Admin on a win2k OS computer and I want to add a user but restrict them so they cannot change the password, install/uninstall programs (especially porn dial ups and viruses) and various other restricted settings. If you attend an educational institute you will know the restrictions I am talking about. Every Registry edit I do though, does it to me only lol...

Also, I have windows server 2003 but its a long complex thing, every book I get is filled with 99% rubbish and tonight I will have another go at gathering info off the web.

I just have a few questions:

1) When editing the registry it only edits myself ~ how do I edit it for an assigned user

2) Do you have any advice/links relating to useful websites for win2k registry editing and restricting users. As well as Windows Server 2003 sites, with relevant useful info. I know to Google it, which I am/will be doing.

3) Anyone with experience in windows server 2003 ~ can you make the same profile for every user on every computer from just the server?

4) Lastly...any advice or experiences you wish to share!

All help is always appreciated.

Thank you!

Andyt_uk · 16 May 2006 at 14:39

try researching into Group policies and mandatory profiles. You can create a profile, store it on a shared drive, then edit the users to use that profile.

Its possible to setup group policies to totally restrict what the users are able to do, we did this in the school i previously worked at. There shouldn't be any need to go editing the registry for users, although if its necessary for a piece of software then you can make the changes in a login script that runs when they login. There are only certain bits of the registry you can edit for users, although the name totally escapes me at the moment. :/

Raumarik · 16 May 2006 at 14:50

Oddly I'm in a similar situation at the moment, just been upgraded to windows 2003 unfortunately I have every client you can imagine from windows 95 to xp on the network so I'm trying to set them up a little at a time

Restriction wise on windows 2000 and XP all I've used so far is have separate groups for staff and students, the kids group policy is more restrictive although I still have to lock it down a LOT more. Staff I'm being fairly generous with they don't actually cause many problems although I am thinking about forcing the computer to log out if staff leave it unattended for 20mins + (not even sure if it's possible though).

Let me know how you get on, personally I'm trying to keep things contained in active directory and as simple as possible, so many OS types (even macs! lol) on the network means if I tweak one thing it can have a nasty effect on something else (logon scripts are a good example).

If I get a chance i'll possibly look at mandatory profiles over the summer holidays but only for students at the school.

zain · 16 May 2006 at 19:27

http://www.softheap.com

Quite an amazing site I found, works really well. I am trying the 1st Security Agent, going to see if I can do it for all computers from just one (as its networked) if not I guess its only about 10 -20 hours extra but at least the headache is done.

I think this has saved me about 2 months worth of reading + research, see how you find it and use a mock pc before doing it on a proper one, also do not forget to password protect/make it (the software) unable to be used by any other user lol

zain · 16 May 2006 at 19:31

Oh, I was also sceptical about the software + reliability and these review sites seem happy:

http://www.download.com/1st-Security-Agent/3000-2092_4-10072758.html

and

http://fileforum.betanews.com/detail/1st_Security_Agent/1012242526/1

Do a Google search if you want more