Hi guys,

We are using shadowuser to secure some of our company's laptops, so users cant install cr*p and then complain to IT that his/her laptop is messed up.

I have excluded the "C:\Docs and Settings" folder so their files won't disappear at bootup.

BUT, whenever they, as we periodically require them to, change their windows login password (whether its local logon or domain password), it always returns to the old password after reboot.....can anyone point me to which directory I should exclude or auto-commit so this will work?

Thanks All.

ps. Is it better to exclude c:\docs and settings or auto-commit? Which one is the better practice?

Hello,
I'm not quite sure what registry key you need to preserve in order to save the changes, but here are a few guidlines that might help:

Try Group Restriction Policies (gpedit.msc).

In there, you will find lots and lots of options for hardening Windows, including only local users. You can also prevent installations from within the Policies, so this might be worth looking into.

Not exactly the answer you needed, but might work - especially since some of the options concern the password.

Mrk

Hello, thanks for the reply.

I guess....if I can know which filenames contain the registry (or wherever winXP stores passwords), I can auto-commit them, so when computer reboots, shadowuser commits the changes in those files.

Hello,
If ShadowUser supports that, yes.
Check with Microsoft knowledge base, you might find there. They usually have solid info for administrators and IT guys.
Mrk