Doppio Posted February 2, 2009 Share Posted February 2, 2009 Good Morning, I manage a school network with over 500 laptops (XP SP3, not joined to a domain). The major problem I have is that every week I have to go around recreating the wireless profiles that the kids delete, or change settings. The students have limitted accounts but for some reason windows allows them to delte or change their profiles, look at the screenshot to see what I mean. Is there a way to prevent this? (registry tweak, script, patch, etc) any sugestion will be greatly appreciated. Thanks in advance. Link to comment Share on other sites More sharing options...
PsaltyDS Posted February 2, 2009 Share Posted February 2, 2009 Good Morning,I manage a school network with over 500 laptops (XP SP3, not joined to a domain). The major problem I have is that every week I have to go around recreating the wireless profiles that the kids delete, or change settings.The students have limitted accounts but for some reason windows allows them to delte or change their profiles, look at the screenshot to see what I mean.Is there a way to prevent this? (registry tweak, script, patch, etc) any sugestion will be greatly appreciated.Thanks in advance.Change the name of the NTUser.DAT file to NTUser.MAN and it becomes a MANDATORY profile. The user can make changes to their environment while logged in, but they will not be saved on logout.The problem with this is that it is global to everything in the user's hive. They won't be able to save changes to wireless, but also won't be able to save changes to their default printer. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Doppio Posted February 4, 2009 Author Share Posted February 4, 2009 This machines are not part of a Domain, and as I understand you can't use mandatory profiles on standalone PC's Any other Ideas? Link to comment Share on other sites More sharing options...
99ojo Posted February 4, 2009 Share Posted February 4, 2009 (edited) This machines are not part of a Domain, and as I understand you can't use mandatory profiles on standalone PC'sAny other Ideas?Hi,1) U can use mandatory profiles in workgroup environment. The profile has to be stored on a file server.1st idea:It seems, that the users are in the locally group poweruser. U may change the groupmembership to user.2nd idea: How do the kids login? With there names or with a special account for every laptop. If the username is like laptop1 you should have a look at the Microsoft Tool Steady State. But if you have to control 500 accounts or more for every laptop without domain, you are in serious trouble.;-))Stefan Edited February 4, 2009 by 99ojo Link to comment Share on other sites More sharing options...
James Posted February 4, 2009 Share Posted February 4, 2009 If you're a school then surely you'd have something running the network. Most schools I have been to use RM Connect. Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
Doppio Posted February 4, 2009 Author Share Posted February 4, 2009 Good Morning, Let me explain. There are 3 accounts on every machine: Admin (full administrator), Teacher (Power User), Student (User). I can't put these pc's on a domain because of school policies (Some School board BS!!) anyway... I hope you guys get a clearer picture of my problem. I think the best solution would be to find a way to protect the "wireless network connection properties" window, or tweak the Wireless Network tab to prevent regular users from deleting or changing wireless settings. Thank you. Link to comment Share on other sites More sharing options...
99ojo Posted February 4, 2009 Share Posted February 4, 2009 Have a look at Microsoft Steady State.... ;--)) Stefan Link to comment Share on other sites More sharing options...
James Posted February 4, 2009 Share Posted February 4, 2009 What a fu**** school (no offence). Just out of curiosity, have you tried explaining the amount of problems you will face? Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
Doppio Posted February 4, 2009 Author Share Posted February 4, 2009 I know I know, believe me I had meeting after meeting with the school board trying to explain why these F%$#ing machines are not working half of the time.... but hey with this tought economy I don't mind the overtime.Anyway, I think I found the solution let me know what you think.Gpedit.msc User Configuration Administrative templates Network Network ConnectionProhibit access to properties of a LAN connection (ENABLED)Prohibit access to the advanced settings item on the advanced menu (ENABLED)Prohibit access to properties of a LAN connection (ENABLED) Link to comment Share on other sites More sharing options...
PsaltyDS Posted February 4, 2009 Share Posted February 4, 2009 I know I know, believe me I had meeting after meeting with the school board trying to explain why these F%$#ing machines are not working half of the time.... but hey with this tought economy I don't mind the overtime.Anyway, I think I found the solution let me know what you think.Gpedit.msc User Configuration Administrative templates Network Network ConnectionProhibit access to properties of a LAN connection (ENABLED)Prohibit access to the advanced settings item on the advanced menu (ENABLED)Prohibit access to properties of a LAN connection (ENABLED)Much better solution. As I've had to local policy changes for USB ports and removable media, I feel kind of dense for not thinking of that before... Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Doppio Posted February 4, 2009 Author Share Posted February 4, 2009 Much better solution. As I've had to local policy changes for USB ports and removable media, I feel kind of dense for not thinking of that before... fixed:Prohibit access to properties of components of a LAN connection (ENABLED)Prohibit access to the advanced settings item on the advanced menu (ENABLED)Prohibit access to properties of a LAN connection (ENABLED) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now