Re: KIOSK MODE?
From: zuke (lgilmore_at_NO_SPAMrainbowgrocery.net)
Date: Fri, 30 Sep 2005 13:26:03 -0700
So, I wanted to let a laptop in a physcally public place access one folder
on a server in my LAN. What I did do was to go to every top-level share and
disallow access from the user account that would be logging onto the laptop.
This took the better part of a day. It works.
Then I went to the executables on the laptop I wanted excluded and did the
Then I blocked all users but two from logging onto the laptop.
Not a great method, but it works.
I'm surprised few others want to do stuff like this.
"Steven L Umbach" <email@example.com> wrote in message
> Yes their is no SRP in Windows 2000. What the user could try is to use the
> Group Policy setting under user configuration/administrative
> templates/system - run only allowed Windows applications after reading the
> full explanation of the setting and adding iexplorer.exe to that list.
> However the user could be able to run any executable that is named
> iexplorer.exe on the computer - authorized or not though this is still a
> workable solution particularly if the user is not a local administrator or
> power user and other restrictions are enabled such as not being able to
> run the command prompt and using ntfs restrictions. --- Steve
> "Tom Che [MSFT]" <firstname.lastname@example.org> wrote in message
>> Hi Zuke,
>> Thanks for posting here. Sorry for my delayed response due to the
>> From your post, my understanding of this issue is: You would like to know
>> how to restrict a PC to run only one program in Win2K AD. If this is not
>> correct, please feel free to let me know.
>> Based on my experience, it might be difficult to perform this restriction
>> in Win2K AD without third-party specific software. But there are
>> Restriction Policies in Win2K3. For more information, please see:
>> Software Restriction Policies
>> However, in Win2K AD, you may try to use Group Policy to lock down the
>> desktop (just remain one shortcut for your application), remove unneeded
>> items from Start Menu, hide hard drives and so on. And then, the user
>> not run other applications if he is not an expert and has insufficient
>> privileges. For more information about how to do these policies, you may
>> refer to the following Microsoft web site:
>> Windows 2000 Group Policy Reference
>> Hope this helps!
>> Have a nice day!
>> Please note that the newsgroups are staffed weekdays by Microsoft Support
>> professionals to answer your non-urgent, break/fix systems and
>> questions. Our goal is to provide 24 hour response to all questions.
>> If this response time does not meet your needs, please contact Customer
>> Service and Support (CSS) for more immediate assistance. For more
>> information on available CSS services, please click here:
>> If you are outside the United States, please visit our International
>> Support page: http://support.microsoft.com/common/international.aspx
>> Tom Che
>> Microsoft Online Partner Support
>> Get Secure! - www.microsoft.com/security
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>> This posting is provided "AS IS" with no warranties, and confers no
>>>From: "zuke" <lgilmore@NO_SPAMrainbowgrocery.net>
>>>Subject: KIOSK MODE?
>>>Date: Fri, 23 Sep 2005 11:37:19 -0700
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>X-RFC2646: Format=Flowed; Original
>>>NNTP-Posting-Host: w160.z064002063.sjc-ca.dsl.cnc.net 188.8.131.52
>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.security:15293
>>>In a W2K AD network, can a PC be hooked up in a "kiosk mode" such that
>>>one application can be used?