Re: Setting up new users
From: Anguel Iordanov (adiaxissm_at_hotmail.com)
Date: 03/14/05
- Next message: Laura E. Hunter \(MVP\): "Re: command line account editor"
- Previous message: Ken B: "Re: Remove SID/User from a local Group Policy"
- In reply to: Steven L Umbach: "Re: Setting up new users"
- Next in thread: Steven L Umbach: "Re: Setting up new users"
- Reply: Steven L Umbach: "Re: Setting up new users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 14 Mar 2005 21:26:58 -0000
Hi Steve,
Thank you very much for the reply. What you are saying makes sense, however
I am not really sure how to do it. Is there a step by step guide? Or any
articles I can read?
Thanks a lot.
Anguel
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:#R1$nvrJFHA.2648@TK2MSFTNGP14.phx.gbl...
> Your best bet would to be to use Windows XP Pro which can use Software
> Restriction Policies for such computers. However for Windows 2000 what you
> could do is to let the users logon as the guest account. You can give the
> guest account a password if you want and configure the account so that
the
> password can not be changed. Enabling the guest account however will allow
> any user network access to the computer that has the everyone group
> configured in permissions for a share folder so keep that in mind. If you
> want to use a regular user account you would want to modify permissions to
> that users profile to be only read/list/execute. A local administrator
would
> need to take ownership of that folder first to do such.
>
> The guest account will use a profile that will be deleted when the user
logs
> off. Make sire that the root/drive folder has no more than read/list
> permissions for the everyone group. Also make sure that the guest account
> has deny permissions to the \documents and settings\all users\shared
> documents folder. You can use ntfs permissions to prevent the guest
account
> from running applications you do not want them to access such as folders
in
> the program files folder.
>
> Use Group Policy to restrict the users further. Local Group Policy is
> invoked with the gpedit.msc command but keep in mind that by default local
> Group Policy applies to ALL users that logon to a computer - even
> administrators. You will find the most useful settings under user
> configuration/administrative templates in the various categories. Be sure
to
> read full explanation of settings before enabling. Settings for "context
> menu" will disable right click at various places in the operating system.
An
> administrator could still access Group Policy from another computer on the
> network to manage Group Policy if he locked himself out by using the mmc
> snapin for Group Policy on the remote computer and browsing to the locked
> down computer. The admin would want to logon to the remote computer with
an
> account that has admin powers on the locked down computer.
>
> You could configure Internet Explorer so that the internet Web Content
Zone
> [ tools/internet options/security/custom] will not allow downloads and
that
> will prevent downloads through Internet Explorer. As far as printing you
> could go to printers and faxes, select file/server properties and enable
log
> spooler information events in the advanced tab. The part about restricting
> internet access and monitoring access is best done at your firewall which
> may or may not have the abilities you need. Microsoft ISA 2004 can
certainly
> do such but is not cheap - around $1500 installed on a server operating
> system. You could try using IE Content Advisor to restrict where users can
> go which may or may not work well depending on the amount of sites you
want
> to allow access to and the type of sites as many sites are a bunch of
links
> to other sites. Another option may be to use an internet monitoring
software
> package such as Net Nanny or Cyber Patrol. Many of them have free trial
> downloads. If the budget allows many lower priced firewalls offer a
> subscription content service where you pay a small monthly fee and the
> service will help prevent users from accessing websites which you deem
> inappropriate. Such an investment most likely would prove well worth
while.
> The links below may help. --- Steve
>
> http://www.netnanny.com/
> http://www.cyberpatrol.com/internet_monitor.aspx
> http://www.sonicwall.com/products/tz170.html
>
> "Anguel Iordanov" <adiaxissm@hotmail.com> wrote in message
> news:eohb6ChJFHA.1392@TK2MSFTNGP10.phx.gbl...
> > Hi everyone,
> >
> >
> >
> > I am faced with the following challenge and would really appreciate if
you
> > could help or point me in the right direction.
> >
> >
> >
> > We have two computer running Win 2000 Pro.
> >
> > We would like to give a public access to this computer so anyone coming
in
> > can use them.
> >
> >
> >
> > My challenge is to:
> >
> > 1 Create an account on each computer with the following
> > restrictions:
> >
> > - Users cannot change any settings on the computer.
> >
> > - Users cannot right click.
> >
> > - Users cannot download files from the Internet
> >
> > - Users cannot create files or folders
> >
> > - Users can only access sites approved by us
> >
> > 2 Does any of you know of a cheap software, which will allow us:
> >
> > - How long people have been on the Internet
> >
> > - Have the printed anything
> >
> >
> >
> > Thanks a lot in advance.
> >
> >
> >
> > Anguel
> >
> >
> >
>
>
- Next message: Laura E. Hunter \(MVP\): "Re: command line account editor"
- Previous message: Ken B: "Re: Remove SID/User from a local Group Policy"
- In reply to: Steven L Umbach: "Re: Setting up new users"
- Next in thread: Steven L Umbach: "Re: Setting up new users"
- Reply: Steven L Umbach: "Re: Setting up new users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
