Skip to main content

Group Policy Newbie

More
16 years 4 months ago #25180 by Stephanie
Hello All,

I'm wondering if anyone knows if I can use a Group Policy to auto login to a Windows XP Pro box in a Windows 2003 domain? I need this machine to only be used by one ID/password and access only 1 web page. So what I'm looking for is a kiosk type set-up.

Any suggestions? I'm not very versed in creating Group Policies so any advise is welcome!!
More
16 years 4 months ago #25183 by GTM
Replied by GTM on topic Re: Group Policy Newbie
Group policys come with two configuration options. One is for computer configuration and the other is for user account configuration group policys. I have never seen a group policy at the computer configration that can automatically log a user in and with user configuration group policys you need to log in first so windows knows which user policies to apply.

Regarding only allowing one user access to the machine you can set local group policies on the pc by going to start/run/gpedit.msc from here you can deny people the ability to log on locally or remotely though depending on the size of your domain im not quite sure how feasable this option is as anyone with a domain account will be able to log in unless you deny access.

An idea you could try would be to put the machine into a workgroup and set up the accounts as needed.
More
16 years 4 months ago #25191 by KiLLaBeE
Replied by KiLLaBeE on topic Re: Group Policy Newbie
You can configure the XP machine's registry to auto logon with a specified username and domain name. Then you can add the user account for the username being used in an organizational unit and use group policy to lock it down as youd like. The end result is that the computer will automatically log on with the specified username into the specified domain, where it will have group policy applied to it.

NOTE: I've done the auto logon portion in a lab environment to test, but not the group policy application AFTER auto logging on...but regardless, it should work.

To force the computer to automatically log on with a specified username, go to Start > Run, type regedit, and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and define the following keys:

DefaultDomainName - domain name to log into
DefaultUserName - username defined by user account in AD, which you will add to the appropriate OU that the GP is applied to
DefaultPassword - password for user account
AutoAdminLogon (set to 1 to automatically log on with credentials above and 0 to not automatically log on)

Due to the scope of what you can do with group policy or what you would need to specifically modify to lock down the computer and to only display 1 web page, I'll leave that up to you to research :wink: Pretty much all that is involved is you looking through the User Account portion of group policy editor and modifying the settings you need.

Hope that helps
More
16 years 4 months ago #25193 by skepticals
Replied by skepticals on topic Re: Group Policy Newbie
I just wanted to confirm that autologin does work in a production network with group policy/active directory. I had a network with over 50 PCs configured with autologon.

I used a custon ADM in group policy that I loaded an it allowed me to push the registry settings to each XP machine. This way I didn't have to do it manually.
More
16 years 4 months ago #25242 by Ozzy_98
Replied by Ozzy_98 on topic Re: Group Policy Newbie
Group policy like this is nothing more than registry changes. If you can change it via the registry, you can change it via group policy. There's a few issues, like prefrences vs policies, and tatooing, so I'd read up more about the registry. www.rhwiii.info/pdfs/Introduction%20to%2...dow's%20Registry.pdf And old (and crude) paper
More
16 years 4 months ago #25256 by Stephanie
Replied by Stephanie on topic Re: Group Policy Newbie
Thanks for all the good info! It looks like I will be making some registry changes as well as creating a group policy (yikes!), not something I work with much.

Now, let's say I get this auto login (regular user) to work. How can I login as Admin if i need to make more changes to the machine?
Time to create page: 0.204 seconds