Re: Locking down W2K pro for public user
From: Karl Levinson [x y] mvp (levinson_k@despammed.com)
Date: 02/16/03
- Next message: Lyal Collins: "Re: Strong Passwords Revisited"
- Previous message: Karl Levinson [x y] mvp: "Re: What service is allowing this?"
- In reply to: cnwk64: "Locking down W2K pro for public user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] mvp" <levinson_k@despammed.com> Date: Sun, 16 Feb 2003 08:02:51 -0500
I agree... start with Group Policy, e.g. by running gpedit.MSC
You should probably also consider some of these things as well:
http://securityadmin.info/faq.htm#harden
I would also think about looking into the Microsoft free IEAK from
www.microsoft.com/download to lock down IE settings, though some of that
stuff is also configurable using Group Policy.
If the computer does have or need internet access, you may want to consider
blocking access to objectionable sites like porn sites. This is probably
best done by an external device that does content filtering, like maybe
www.netscreen.com 5XP or something similar. There is software you can
install to the local computer such as www.cyberpatrol.com if you prefer [I
hesitate to recommend cyberpatrol because even though it has a lot of
features, past versions were very easily hacked.]
http://securityadmin.info/faq.htm#contentfilter
If you need more than that, you could look into third party software,
whatever is commonly used by libraries and prisons to lock down their
computers in kiosk mode.
These are just thoughts, but there is a command [possibly
iexplore.exe -kiosk] that I think will run IE in Kiosk mode. You could also
looking into changing the Windows shell from Explorer.exe to Iexplorer.exe,
no idea if that is a good idea or not... but then Windows should boot
directly into Internet Explorer. I'm not 100% sure these things wouldn't
enable some additional security issues, but are worth researching further.
"cnwk64" <cnwk64@hotmail.com> wrote in message
news:b1cf47d4.0302141815.1a329be6@posting.google.com...
> I am task to put a w2k pro WS in front office for guest to view our
> web site and some marketing BS.
> The workstation will not connect to our internet network, it will run
> by its own dsl line. so Group policy is out.
> and company don't want guest to have any other access besides IE (no
> control panel, start menu, my computer, or right click to screen
> property, etc)
> and the only Icon on the Desktop is IE plus whatever BS powerpoint
> files.
> Does anyone know any software can do that? or can I do it without
> regedit in w2k itself?
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003
- Next message: Lyal Collins: "Re: Strong Passwords Revisited"
- Previous message: Karl Levinson [x y] mvp: "Re: What service is allowing this?"
- In reply to: cnwk64: "Locking down W2K pro for public user"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
