Configuring the Desktop Environment
The Environments feature in Pharos SignUp can be used to constrain user access to the network and to applications. This is done by associating one of the following to the guest account users are logged on with:
- A system Policy
- A user Profile
- A Custom Start-up file
Policies and profiles are a feature of Windows operating systems, and as such are not available on Macintosh operating systems.
The network administrator must make sure that the policies and profiles to be loaded by user workstations are accessible from those computers. For example, the network shares that are used to keep the policy and profile files can be configured to have read-only permission for everyone. The Network Administrator can assist in the use of policies and profiles.
The Pharos system administrator ensures that the Pharos system is set up to use Environments correctly. This requires configuring the Environments themselves at SignUp > Environments, and selecting the appropriate LAN logon option at SignUp > SignUp Global Settings > Reservations tab:
- If "LAN Accounts only" is selected, only Custom Start-up files can be used.
- If "Common Guest Account" is selected, policies, profiles and/or Custom Start-up files can be used.
Before they are associated with an Environment, policies, profiles and Custom Start-up files should be tested. To test a policy or profile, simply log on to a PC that is not running the SignUp Client, using the logon ID and password of the account that the policy/profile has been associated with.
Policies
A policy is a set of configuration settings that:
- restrict access to Control Panel options
- restrict what users can do from the desktop
- customize parts of the desktop
- configure network settings
Policies can be defined either for computers or user accounts, including Default User or Default Computer.
Policies can be used to restrict people to using only certain programs:
- Start the Policy Editor: select Start menu > Run, type ‘poledit’ in the field and click <OK>.
- Select ‘New Policy’ under the ‘File’ menu.
- Click the ‘Default Use’ icon and select ‘System Restrictions’.
A policy is stored in the registry or in a file. Storing policy information in a file allows the system to copy it into the local registry during logon; until it gets into the registry it cannot take effect. There is always policy information stored in the registry, and that is what determines the system's behavior.
The SignUp Client is responsible for loading a policy file during logon. Once loaded, the policy entries overwrite settings in the local registry:
- Desktop settings modify the HKEY_CURRENT_USER key in the registry, which defines the contents of the user registry file that is used by the operating system.
- Logon and network access settings modify the HKEY_LOCAL_MACHINE key in the registry, which defines the contents of system registry file that is used by the operating system.
Profiles
A profile keeps user-specific preferred settings, such as desktop appearance, contents of the Start menu and so on. A profile ensures a user sees a consistent desktop even on different computers.
You can use the Control Panel to copy profiles: Select Control Panel > System > User Profiles to access a list of profiles stored on the local computer. Copy profiles to any location you like (e.g. PDC if you have sufficient permissions). You can also copy profiles manually by cutting and pasting.
Because Pharos Environments are part of an enforced system, change the profile extension to .man (mandatory) before attaching the profile to a LAN account used by a Pharos Environment. This means no changes a user makes to the workstation during their session are saved to the profile when the user logs off.
Custom Start-up Files
In the majority of cases, customization of the user's desktop environment can be achieved with a policy or a profile. However, as an alternative to setting up policies and/or profiles, Pharos SignUp supports the use of Custom Start-up files, which can be associated with an Environment to be run whenever a user associated with the Environment logs on. These can be used, should it ever prove unfeasible or undesirable to use system policies or profiles.
Any program can be specified as a start-up file. It can be any executable or batch file that configures the user's environment, e.g. configures the Start Menu by adding or deleting directories under the Start Menu directory. Contact your network administrator or support staff for help in creating a Custom Start-up file. If necessary, contact your Authorized Pharos Reseller for assistance.
Custom Start-up files are specified for Environments at SignUp > Environments > Platforms Startup Files category.
Pharos SignUp adds a number of environment variables that may be of use when creating a Start-up file. They are
- BRANCHNAME = [The name of the Branch this computer is found in]
- COMPUTERGROUPNAME = [The name of the Computer Group for this computer]
- COMPUTERTYPENAME = [The name of the Computer Type for this computer]
- USERLOGONID = [Pharos Logon ID of the logged on User]
- USERGROUPNAME = [The User Group associated with the logged on User]
The settings can be viewed at Control Panel > System > Advanced tab > Environment Variables or by typing set from a command prompt.
It is possible that the Start-up file will not be available when a user logs on (if, for example, the file is stored on a central server and the Computer has been disconnected from the network). How the system behaves in this case depends on the Computer Type of the Computer being logged on to. The Requires Custom Start-up file property at SignUp > Computer Types > [selected Computer Type] > Advanced category determines behavior in this situation.