Re: Limiting users to specific software
From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/18/02
- Next message: Karl Levinson [x y] mvp: "Re: detect intruders with WMI"
- Previous message: Karl Levinson [x y] mvp: "Re: NTFS special access permissions"
- In reply to: Jim Collins: "Limiting users to specific software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@excite.com> Date: Tue, 17 Dec 2002 22:34:02 -0500
You do have to know how to undo what you are doing, and yes there are some
things you can do to lock yourself out of a machine. But yes, locking down
Windows 2000 the way you want involves using the Group Policy snap-in within
the MMC.
The key to this like anything else, unfortunately, is to understand the
ramification of every setting you enable before you enable it. The
descriptions of the settings in the Group Policy MMC are pretty clear for
the most part, with some exceptions. If you don't understand Group Policy,
then you might not successfully lock the machine down anyways.
If you get lost again, information on how to undo group policy changes for
most situations by using the default install templates is given below.
There are some guides to using and enabling Group Policy at:
www.nsa.gov
http://securityadmin.info/faq.htm#4.42 [includes instructions on how to undo
Group Policy changes]
http://securityadmin.info/faq.htm#harden
There IS third party software that can help you lock down machines, software
that is probably used in kiosk machines in public libraries and prisons, but
I wouldn't be able to name any of them for you. A search of www.google.com
and/or www.download.com might help.
"Jim Collins" <james.collins@omems.redstone.army.mil> wrote in message
news:019d01c2a612$ed326440$d6f82ecf@TK2MSFTNGXA13...
> I am trying to set up a user account where my students can
> run a CD-based program and nothing else is accessible to
> them. The program is to be loaded under an account one
> step below administrator and it installs the minimum
> needed for the program to run so anytime the student
> double-clicks on the desktop icon it will open the program
> up as long as the CD is in the D: drive. There is no
> need, and highly preferred minimizing access, for the
> student to have any other options other than logging off.
>
> Then I need to setup a separate account for a person to
> connect to a specific website to answer course critique
> questions. They need no other access to anything on the
> web or being able to open any files on the C: drive.
>
> I am a novice at MMC and find that using iut limits access
> to all users and have had to reload the intial image when
> I locked one too many features.
>
> Thanks.
>
> Jim
- Next message: Karl Levinson [x y] mvp: "Re: detect intruders with WMI"
- Previous message: Karl Levinson [x y] mvp: "Re: NTFS special access permissions"
- In reply to: Jim Collins: "Limiting users to specific software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
