I'm wondering if anyone knows if I can use a Group Policy to auto login to a Windows XP Pro box in a Windows 2003 domain? I need this machine to only be used by one ID/password and access only 1 web page. So what I'm looking for is a kiosk type set-up.
Any suggestions? I'm not very versed in creating Group Policies so any advise is welcome!!
Group policys come with two configuration options. One is for computer configuration and the other is for user account configuration group policys. I have never seen a group policy at the computer configration that can automatically log a user in and with user configuration group policys you need to log in first so windows knows which user policies to apply.
Regarding only allowing one user access to the machine you can set local group policies on the pc by going to start/run/gpedit.msc from here you can deny people the ability to log on locally or remotely though depending on the size of your domain im not quite sure how feasable this option is as anyone with a domain account will be able to log in unless you deny access.
An idea you could try would be to put the machine into a workgroup and set up the accounts as needed.
You can configure the XP machine's registry to auto logon with a specified username and domain name. Then you can add the user account for the username being used in an organizational unit and use group policy to lock it down as youd like. The end result is that the computer will automatically log on with the specified username into the specified domain, where it will have group policy applied to it.
NOTE: I've done the auto logon portion in a lab environment to test, but not the group policy application AFTER auto logging on...but regardless, it should work.
To force the computer to automatically log on with a specified username, go to Start > Run, type regedit, and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and define the following keys:
DefaultDomainName - domain name to log into
DefaultUserName - username defined by user account in AD, which you will add to the appropriate OU that the GP is applied to
DefaultPassword - password for user account
AutoAdminLogon (set to 1 to automatically log on with credentials above and 0 to not automatically log on)
Due to the scope of what you can do with group policy or what you would need to specifically modify to lock down the computer and to only display 1 web page, I'll leave that up to you to research :wink: Pretty much all that is involved is you looking through the User Account portion of group policy editor and modifying the settings you need.
Group policy like this is nothing more than registry changes. If you can change it via the registry, you can change it via group policy. There's a few issues, like prefrences vs policies, and tatooing, so I'd read up more about the registry.
And old (and crude) paper