Re: Security on student's workstations?

From: Fred Baumhardt [MSFT] (fredbaum@microsoft.com)
Date: 03/25/03 

From: "Fred Baumhardt [MSFT]" <fredbaum@microsoft.com>
Date: Tue, 25 Mar 2003 00:18:22 -0000

Ummm - Group Policy - Group Policy - Group Policy :)

Download and read the Windows 2000 security operations guide from
MSDN.microsoft.com/practices

Simply put you want to use group policy to restrict groups, services, NTFS,
Registry Key, and Security settings. In addition you can use the admin
template to restrict all sorts of of executables. Note - it is easier to
come up with a list of what you want to run, rather than try to come up with
an ever changing list of what you dont. If you have any XP desktops as well
as your 2K machines you can use software restriction policy - which takes
the execution restriction one step further.

Fred 

--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Mike" <nugget-NOSPAM@chello.se> wrote in message
news:YxKfa.28625$oe.37158@amstwist00...
> Hi everyone,
>
> I'm currently working with securing an high-school's student workstations
> and I'm just wondering if there are any good tips on how to secure Windows
> 2000 Pro clients for things such as these:
>
>     - Only allow certain software to run, and disallow students to run
>       stand-alone executables, for example.
>     - NTFS security on local disks, for "normal" software like Office
>       2000. What is needed by a minimum?
>     - What services can safely be stopped?
>
> And stuff similar to this. If you are interested we run Office 2000, a few
> Macromedia programs and a few Adobe programs mostly.
>
> Are there any good guidelines for setting up clients in schools? Any
> information, URLs, or answers directly to this NG would be most
appreciated!
>
> Regards,
> Mike
>
>

Relevant Pages

  • Re: Group Policy for locking down windows xp
    ... Your best bet would be to use a combination of Group Policy and ntfs ... permissions to restrict access. ... With XP Pro you can also use Software Restriction Policies to restrict what ...
    (microsoft.public.windows.group_policy)
  • Re: Computer Management Security Problem
    ... I have confirmed that they can only log into their own machines so that level of security is working. ... > adding their domain account to the local administrators group. ... then you can not realistically restrict them. ... > using Group Policy to restrict their access to mmc snapins, ...
    (microsoft.public.win2000.security)
  • Re: OU Security - best setup?
    ... Ideally for best security for each company and to restrict what users can ... only what is in their OU if you have disabled netbios over tcp/ip in the ... computer from the network to only include authorized groups such as users ...
    (microsoft.public.win2000.security)
  • Re: restrict read access
    ... Check to see if the objects are inheriting the parent ou's security. ... What ou did you deny? ... >>> account) and stores in an interna database. ... >>> we would like to restrict that to an special OU. ...
    (microsoft.public.win2000.active_directory)
  • Re: OU Security - best setup?
    ... restrict what users can ... >only what is in their OU if you have disabled netbios ... >for each company put into a security group. ... >> computers in their respective OU ...
    (microsoft.public.win2000.security)