The U-M Shared Desktop is a project to standardize the deployment of desktop images on campus. We hope to increase collaboration among units and save time for IT Staff by standardizing settings, applications, interfaces, tools and upgrade strategies.
We include drivers for the following hardware:
There are two UM Shared Desktop power schemes in our Windows 7 images.
Standard (limited) Users can change only the time the computer will go to sleep when running on battery.
Be aware: The Shared Desktop does not by default support the ability to connect remotely when the computer is in sleep mode. Users will have to "Change when the computer sleeps" to connect to their PC from home.
In addition to these power settings, we provide the following group
NOTE: These group policy settings reflect our initial Vista. Windows 7 settings were based on these.
No, although we do recommend that you rename admininstrator accounts. From the settings document (page 28):
The built-in local administrator account is a well-known account name that attackers will target. Microsoft recommends that you choose another name for this account, and that you avoid names that denote administrative or elevated access accounts. Be sure to also change the default description for the local administrator (through the Computer Management console). The Accounts: Rename administrator account setting is Recommended for the UM Shared Image.
Note: This policy setting is not configured in the Security Templates, nor does this guide suggest a user name for the account. Suggested user names are omitted to ensure that organizations that implement this guidance will not use the same new user name in their environments.
The Tech team has identified several security settings that departments should pay special attention to. You and your unit/department may want to change these.
If your workstations have multiple network connections (multiple network cards, connections created by afs or VMware), you may want to change your firewall exceptions to include "Private" or "Any" network properties. These are set to "Domain" by default, which may cause your machine to be unable to work with afs.
The Powershell Execution Policy is currently set to "Restricted." Units may want to change this. For more information, see Changing the Windows PowerShell Script Execution Policy on Microsoft's Website.
Outlook has three settings that units may want to change:
By default, Meeting Space is disabled in the image.
To enable Meeting Space, see Getting started with Windows Meeting Space.
If you're customizing the image and wish to view the disabled individual applications instead of the application bundles in Litetouch, you'll have to enable them in MDT.To enable individual applications in MDT: 1. Click Applications in the left sidebar. 2. Right click the name of the application you wish to enable. 3. Select Properties. At the bottom of the dialog box, you'll see two checkboxes. 4. Check the box to Enable the Application. In the Deployment Wizard, uncheck Hide the Application.
For Windows Vista, apply the UMROOT Vista pass-thru GPO. For more details, see the LAN/NOS Kerberos pass-thru instructions.
For Windows 7, apply the UMROOT Windows 7 pass-thru. for more details, see the LAN/NOS Kerberos pass-thru instructions.
In order for pilot units to replicate the U-M Shared Desktop from the Shared Desktop distribution servers to a server that your unit controls, you need to provide the Shared Desktop Administrator:
Send an e-mail message with this information to email@example.com.
For more information about replication with MDT2010, see the Windows Networking.com Article on Deployment.