RE: I need some information on locking down pc's
From: Matthew Farrenkopf (farrenkm_at_ohsu.edu)
Date: 04/08/05
- Previous message: Andrew Blevins: "RE: Windows Server 2003 Service Pack 1"
- Maybe in reply to: Mike Thaxton: "I need some information on locking down pc's"
- Next in thread: Dubber, Drew B: "RE: I need some information on locking down pc's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 08 Apr 2005 09:43:43 -0700 To: focus-ms@securityfocus.com
I'm just taking a shot in the dark here. I have never tried this, nor have I ever seen this suggested.
How about:
* Lock it down as you would a normal PC (turn off unnecessary services, tweak Registry settings to harden them, etc.)
* Change the shell so that, instead of running Explorer, it runs Internet Explorer
* Set the desired Web page to the home page
* Use IE's proxy settings to limit to this one page (set proxy to localhost, then list in the exception list the site(s) you want to be able to visit)
* Use AppSec (or it's XP equivalent; I understood it's built-in to XP now) to restrict down the applications you want to be able to run
Theoretically, this will cause it to run IE each time the user logs in.
More knowledgeable people may be able to tweak this list further.
Matt
>>> "Mike Thaxton" <mthaxton@britecomputers.com> 04/07/05 1:18 PM >>>
Let me add a little more to this - these are xpsp2 boxes for a medical
purpose they do not want anyone to be able to access anything but one
webpage. Using fingerprint id to be able to access the pc, there is
also a webcam, microphone, speakers, printer on these machines.
The webpage that loads needs to have java and windows media player
access for the internet connectivitivty.
I hope that maybe this will help with what I want to do
Michael Thaxton
Brite Computers Helpdesk Support
585-758-0200 x183
585-758-0222 fax
mthaxton@britecomputers.com
www.britecomputers.com
-----Original Message-----
From: Dominique Davis [mailto:DDavis@pivx.com]
Sent: Thursday, April 07, 2005 4:12 PM
To: Mike Thaxton; focus-ms@securityfocus.com
Subject: RE: I need some information on locking down pc's
Qwik fix
-----Original Message-----
From: Mike Thaxton [mailto:mthaxton@britecomputers.com]
Sent: Thursday, April 07, 2005 12:21 PM
To: focus-ms@securityfocus.com
Subject: I need some information on locking down pc's
I have the need to lockdown a pc so tight that the only thing they can
do is access a website, have access to media player and java runtime
environment. Can anybody recommend anything or a way to do this on a
machine.
Thank You
Michael Thaxton
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Andrew Blevins: "RE: Windows Server 2003 Service Pack 1"
- Maybe in reply to: Mike Thaxton: "I need some information on locking down pc's"
- Next in thread: Dubber, Drew B: "RE: I need some information on locking down pc's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
