policy editor in W2K

[bytemangler 0]

I'm trying to setup a policy for a user login on to win2K server using poledit. Where do I plce the new policy so it apply to the user whenever they logon?

[clutch 1]

Poledit.exe doesn't work "directly" with Windows 2000. The best way to do it would be with the "Group Policy" manager. You can add it using a blank MMC. You get a lot more functionality with this versus what the Policy Editor did for NT.

[bytemangler 0]

I've created a "test" user. Still can't seemed to make the policy stick using MMC. I just wanted to remove the "RUN" from start menu when user "test" log in. Of course administrator will have all access. Any idea??

[jaywallen 0]

How long did you wait to see if the policy was applied? Did you try forcing the GPO refresh for the workstation?

 

Do you have any errors showing in the DC's Event Viewer?

 

Regards,

Jim

[bytemangler 0]

Everything looks ok. Here's what I'm trying to accomplish. Create user1 profile to be able to run IE only when they log on to the win2k server. Everything else is not shown. I did it with NT 4.0 but don't know how in win2k. Anyone have a step by step??? thanks

[jaywallen 0]

Ooh, bytemangler, that's evil! I like it!

 

I don't know if I'll be of any help, but I want to understand the process. So, if you don't mind, I'd like to ask a few questions in case I ever want to lock someone down like this.

 

When you say you want this "user1" profile to be able to run IE only when logged onto the W2K server, do you mean locally or remotely? And you really don't want them to see ANYTHING else? So IE will come up in kiosk mode automatically at the terminus of the login, say by running "iexplore -k <whatever> /OK", where <whatever> is a local or remote Web page or a Web address? And you'd want to prohibit them from quitting, too, right?

[bytemangler 0]

Either locally or remotely. When "user1" logon to w2k and click on start the only thing they'll be able to do is log off and run Internet explorer. Right now user1 is setup to run as a w2k terminal server client with internet explorer access.

problem 1: user1 like to get on the **** site alot.

So I go and install a site blocking program, it work the way it suppose to.

problem 2: in order for the site blocking program to be effective a user have to completely login to w2k.

Well, unfortunately I have setup user1 to *only* load a "session" of terminal server so they never see the desktop at all, just the program assign to that session window (internet explorer included). It never got to the part that loaded the web site blocking services. The only thing I can think of is let the user log all the way to the desktop but also they can see everything, that's why I need to create a specifics policy for each user. Hope you can catch all this...if it make any sense. If anyone has a better idea throw it my way to try it.