Hi, i'm having a bit of trouble trying to put this together, and i'm not really sure how to explain it properly. First of all, i have a domain running 2003 server, with something like 150 computers running xp, for something like 3000 users (it's a school). the idea is to have some kind of script that would allow to set the xp back to a pre-defined configuration every time a client logs off, but without taking too long to log on again. Is there anyway that this can be done, and if so, how? Thanks

theres multiple options, depending on what exactly you want to achieve you can deny people to change the desktop or dont save changes they make via group policy (user\administrative template\desktop). if the accounts of the pupil are normal user accounts, they wont be able to install software as well. the gpo approach doesnt really reset the profiles but prevent changing them. theres also 3rd party programs out there that will watch the hdd and undo changes when a pc shuts down / a user logs of as a script you could eventually delete the user profiles (most likely as a sheduled task, i would assume its still locked on logof)

theres multiple options, depending on what exactly you want to achieve you can deny people to change the desktop or dont save changes they make via group policy (user\administrative template\desktop). if the accounts of the pupil are normal user accounts, they wont be able to install software as well. the gpo approach doesnt really reset the profiles but prevent changing them. theres also 3rd party programs out there that will watch the hdd and undo changes when a pc shuts down / a user logs of as a script you could eventually delete the user profiles (most likely as a sheduled task, i would assume its still locked on logof) i'm considering the group policy option, this can be helpful, i'm looking for something that deletes any changes made to the system, and files stored on local machine. Would this be possible with gpo, and if so, can you tell me how to do it, step by step?

not with gpo alone. as i understand you, you look for something like http://www.hdd-sheriff.com/ (was a name i remembered, dont know how good or bad the tool is, there is others like it out there) you can use gpo's and other windows mechanics to prevent most changes, its less of an approach to revert those changes. you can use ntfs permissions to define whos allowed to create/change files where in the filesystem. with gpos you define what you can change in your system (on your dc, administrative tools -> group policy management, you create a new policy, define the settings and assign it to a oganisational unit you want them applied, eg the ou you have your pupils in). there is no real step by step guide how you secure your system, it depends on the requirements for your environment. a good idea is to browse a bit through the group policies and get an overview what can be defined

Hi coelhosauro , Thanks for posting here. Have you consider to using roaming user profile ? With this setting, the user profile will be stored on server .When user attempt to login system on their client with domain account , system will download the profile which you defined from server and as a temporary profile, event user change the setting of profile , it will not write back to server, and when user log out , this temporary profile will be deleted from client computer. Implementing Roaming User Profiles http://technet.microsoft.com/en-us/library/cc784961(WS.10).aspx Implementing User State Management Overview http://technet.microsoft.com/en-us/library/cc783007(WS.10).aspx User Data and Settings Management http://technet.microsoft.com/en-us/library/cc781516(WS.10).aspx Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

hi guys, all your answers were helpful, and i'm considering each one of them, i would personally go with the roaming profiles option, but the rest of the guys are considering using the gpo option. thanks for the help.