Hello spiceworks! New here and thought I'd just jump into the fold. I work in a k5 environment with 1800 students and 200 teachers/staff/administration. All laptops are Lenovo's running windows 7 enterprise, teachers carry their laptop with them and keep them in the class, students use laptops in carts grouped into sets of 32 for a 1-to-1 environment.
We are planning on finally implementing active directory and a proper system for file sharing so that we can use group policy that is centrally controlled and filesharing that is windows based rather than our current solution (mac mini server... ugh). My questions are as follows:
1. Currently, the laptops in each laptop cart connect to an smb share hosted on a mac mini server IE Laptop 24 in cart 980 connects to a share where each laptop in that same cart can save data into. The problem is that some students are mischievous and create files with dirty words or delete other students work OR the entire class folder where all the data is stored.
With our new servers, we plan to use DFS to create load balanced shares. However, I want to know how I can track which computer (via hostname) issued the delete command and also what can be done to make the restoration of files much more straightforward than using time machine (again, ugh) to restore deleted or misnamed files.
Is this what file auditing is and if so how do I enable it and use the logs it creates to narrow down on which computer did what?
Also, should I be using Volume Snapshot Services to restore deleted files, and if so how can I enable it on the PC's or shares and how can I control how many versions I can revert to?
2. I want to create a seamless experience for the students because they are younger kids and currently our enforced policy from the department requires the students to use ctrl+alt+delete to login and then type student to login to a basic local student profile. This is all fine and dandy for 3rd to 5th grade but k-2 and some 3rd graders in special education have trouble with this, add into the fact that we are the largest english language learning school in the city and you have a language problem on top of this meaning that most of the students have no idea what the word "student" is or what exactly control alt or delete even are.
Can we use some sort of autologin so that the laptops will automatically load into an account and speed up the process from power on to a desktop ready and loaded? If so how can this be accomplished and how should I organize the users in AD to make this work?
Alternatively, can you have the welcome screen with the icons for users rather than the textbox that needs to be typed in so that a student can simply click "student room 885" or "student room 224" and still load GP from the servers?
3. I want to create a locked down account for testing purposes where the students desktop and abilities are severely limited including but not limited to restricting print screen (don't ask, test requirements) limiting bluetooth, restricting websites that are accessible during the test and some other small requirements as well as cleaning up the interface to be less distracting.
Can I create a single user in AD and have all the computers log into this account and have the policies I want to be loaded at startup?