RE: Hardening Desktop

From: Dennis Bauer (dbauer_at_Mines.EDU)
Date: 09/21/04

  • Next message: John: "Re: Hardening Desktop" 
    To: "'DZiman aka UNik'" <UNik@mail.knastu.ru>, <focus-ms@securityfocus.com>
Date: Tue, 21 Sep 2004 09:47:18 -0600

    Make sure that when you're using GPO you are logged into two servers. I
    don't know anyone that has setup group policy the first time and not locked
    themselves out. So make sure that you are logged in on two servers before
    doing that.

    -----Original Message-----
    From: DZiman aka UNik [mailto:UNik@mail.knastu.ru]
    Sent: Sunday, September 19, 2004 7:50 PM
    To: focus-ms@securityfocus.com
    Subject: Re: Hardening Desktop

    Hello balyfix,

    Saturday, September 18, 2004, 12:28:13 AM, you wrote:

    bti> Hello,

    bti> i need to hardening My windows 2000 desktop.

    bti> When a user log on to my machine, start IE with a particular
    bti> url and the user can' t :
    bti> 1: Use the keyboard
    bti> 2: use taskbar
    bti> 3: Redirect the browser on C:\

    bti> Is it possible ?

    bti> I read some where that is possible with the registry command,
    bti> but i want to know if there is a white paper.

    bti> Thanks very much

    bti> --Filippo

    bti>
    ---------------------------------------------------------------------------
    bti>
    ---------------------------------------------------------------------------

    Do you know about Group Policy?
    (mmc.exe -> Add/Remove Snap-in -> Add... -> Group Policy)
    There're many possibilities to harder your desktop over DOMAIN or
    local computer, like
    leting users run only allowed applications or replacing standart shell
    (explorer.exe) with your own.

    Also there is a eBook SYNGRESS - Windows 2000 Active Directory Second
    Edition, which can help you. 

    -- 
Best regards,
 DZiman                            mailto:UNik@mail.knastu.ru
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
  • Next message: John: "Re: Hardening Desktop"

    Relevant Pages

    • Re: Event ID 1101 and 1030
      ... It sounds like an AD permissions problem on the AllServers OU object. ... Windows Platform Support Team ... Click on "Group Policy" tab, and there is no GPO listed there ... >> for the 2003 servers, ...
      (microsoft.public.win2000.active_directory)
    • Re: Windows 2003 DC, event IDs 1053, 1085, 1091
      ... -How DNS is set on both servers? ... After promotion, Event IDs 1085 and 1091 appeared once (after an initial successful group policy application), followed by many event ID 1053s: ... "Windows cannot determine the user or computer name. ...
      (microsoft.public.windows.server.active_directory)
    • RE: XP Policy Questions..
      ... users cannot install most of the programs. ... Group Policy then there is a chance that they can access ... > computers and 2 servers. ... > and the second is running Windows 2000 Server. ...
      (microsoft.public.windowsxp.security_admin)
    • Re: Application error log
      ... Are the errors because of this missing entry. ... I have 3 servers in our office running win 2003 R2 servers ... I did not set any group policy in my servers. ... Windows cannot query for the list of Group Policy objects. ...
      (microsoft.public.windows.server.networking)
    • Re: Enabling Automatic Updates via group policy
      ... As with all use of group policy, ... windows 2003 servers. ... I want to enable Automatic updates to my entire 150 client PCs (win ...
      (microsoft.public.windows.group_policy)