group policy - Recovery Windows XP Active Desktop for Restricted Users

07
2014-07
  • jp2code

    We have public accounts out on our manufacturing floor so that people without Active Directory accounts can use some basic functions.

    These public accounts are locked down pretty good through our Group Policy.

    The Active Desktop to some of the Windows XP machines has stopped working and is showing the Active Desktop Recovery screen.

    From this public account, a person can Right-Click to go into Properties, and they are presented a message saying something along the lines of 'This has been disabled due to restrictions.'

    Here is a video of what is going on that I posted on You Tube: Active Desktop Restrictions

    I am one of the network administrators, but not the main network administrator. The main network administrator does not care about this problem and says it does not hurt anything, but it is driving me bananas! It has been like this for about 2 years now.

    How can I fix it?

    Screenshot

    • Answers
  • techie007

    Unless you need Active Desktops, why not just turn them off via Group Policy and then set a standard (perhaps blank) desktop wallpaper?

    Wallpaper:

    User Configuration\Administrative Templates\Desktop\Desktop\Desktop Wallpaper (more info)

    Active Desktop Disable:

    User Configuration\Administrative Templates\Desktop\Desktop\Disable Active Desktop (more info)

    You're probably better off using Group Policy Preferences to set the wallpaper if it's available to you.

    Another alternative may be to allow them to set their own wallpapers. :)


    • Related Question

    windows xp - Software to completely restrict Internet Access?
  • bruno077

    I need to completely restrict Internet browsing in one computer with Windows XP installed.

    I have read many methods which imply editing the hosts file, using Internet Explorer filters, etc. The problem with these solutions is that they are not flawless unless you're running a limited account, which is not possible in my case.

    Is there any software that restricts this kind of activity under, say, a password?

    Thanks in advance.

    EDIT: I'm running an admin account because the machine runs a POS (Point of Sale) software which cannot be run under a limited account.


    • Related Answers
  • lajuette

    You should configure your router to restrict access for the machine.

    An user with an admin account can reverse every change you made and disable any protection you install. That's what admin accounts are for. So any measure you take to limit internet access on the machine itself is useless.

    The most fairly modern routers allow you to block internet access to certain machines. This feature may be called "parental control" (that's what this mechanism is usually used for) or something similar.

    If your router doesn't support this, you may have to reconfigure your network (routing the machine in question through another machine with two network interfaces) or find another solution. IMHO a software solution can always be bypassed.