From: zuke (
Date: 09/30/05

Date: Fri, 30 Sep 2005 13:26:03 -0700

So, I wanted to let a laptop in a physcally public place access one folder
on a server in my LAN. What I did do was to go to every top-level share and
disallow access from the user account that would be logging onto the laptop.
This took the better part of a day. It works.

Then I went to the executables on the laptop I wanted excluded and did the

Then I blocked all users but two from logging onto the laptop.

Not a great method, but it works.

I'm surprised few others want to do stuff like this.


"Steven L Umbach" <> wrote in message
> Yes their is no SRP in Windows 2000. What the user could try is to use the
> Group Policy setting under user configuration/administrative
> templates/system - run only allowed Windows applications after reading the
> full explanation of the setting and adding iexplorer.exe to that list.
> However the user could be able to run any executable that is named
> iexplorer.exe on the computer - authorized or not though this is still a
> workable solution particularly if the user is not a local administrator or
> power user and other restrictions are enabled such as not being able to
> run the command prompt and using ntfs restrictions. --- Steve
> "Tom Che [MSFT]" <> wrote in message
> news:Wgb%235kmwFHA.768@TK2MSFTNGXA01.phx.gbl...
>> Hi Zuke,
>> Thanks for posting here. Sorry for my delayed response due to the
>> weekend.
>> From your post, my understanding of this issue is: You would like to know
>> how to restrict a PC to run only one program in Win2K AD. If this is not
>> correct, please feel free to let me know.
>> Based on my experience, it might be difficult to perform this restriction
>> in Win2K AD without third-party specific software. But there are
>> Software
>> Restriction Policies in Win2K3. For more information, please see:
>> Software Restriction Policies
>> <
>> erHelp/9c25d487-eb0b-4e2d-a5f7-89b2686d6a69.mspx>
>> However, in Win2K AD, you may try to use Group Policy to lock down the
>> desktop (just remain one shortcut for your application), remove unneeded
>> items from Start Menu, hide hard drives and so on. And then, the user
>> may
>> not run other applications if he is not an expert and has insufficient
>> privileges. For more information about how to do these policies, you may
>> refer to the following Microsoft web site:
>> Windows 2000 Group Policy Reference
>> Hope this helps!
>> Have a nice day!
>> -------------------------------------------------------
>> Please note that the newsgroups are staffed weekdays by Microsoft Support
>> professionals to answer your non-urgent, break/fix systems and
>> applications
>> questions. Our goal is to provide 24 hour response to all questions.
>> If this response time does not meet your needs, please contact Customer
>> Service and Support (CSS) for more immediate assistance. For more
>> information on available CSS services, please click here:
>> If you are outside the United States, please visit our International
>> Support page:
>> -------------------------------------------------------
>> Sincerely,
>> Tom Che
>> Microsoft Online Partner Support
>> Get Secure! -
>> =====================================================
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> --------------------
>>>From: "zuke" <>
>>>Subject: KIOSK MODE?
>>>Date: Fri, 23 Sep 2005 11:37:19 -0700
>>>Lines: 4
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>X-RFC2646: Format=Flowed; Original
>>>Message-ID: <#7OZV3GwFHA.460@TK2MSFTNGP15.phx.gbl>
>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>>>Xref: TK2MSFTNGXA01.phx.gbl
>>>In a W2K AD network, can a PC be hooked up in a "kiosk mode" such that
>> only
>>>one application can be used?

Relevant Pages

  • Re: Latest Windows XP Updates Break File Sharing?
    ... Each Security MSKB and Security bulletin contains this, ... no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. ... I just installed today's 9 updates on my XP laptop and now I cannot access the file sharing on my other Windows XP systems, nor from them access my laptop. ...
  • Re: PC wont boot up - LSASS.exe problem ???
    ... Help & Support again. ... Then if it fails to load, reboot to Safe mode, ... Problem on boot up. ... Turned her Sony laptop on. ...
  • Re: Thats betterer!...
    ... By that I mean the cheapest Apple laptop is more ... I wanted) and I don't use OSX often enough to warrant it. ... and getting support here in the UK was going to cost money. ... With a space laptop in use there never will be. ...
  • Re: Hp Software screwing up windows
    ... came with OS setup media. ... system without preloaded junks from HP. ... I have to give Dell credit, though- whenever I called their support and got lucky enough to get a tech that spoke and understood English, their support was superb, although I never had any support problems with HP either, just less cause to use it. ... I had one Compaq laptop, one HP laptop, two Compaq PC's, and various other makes and models of hand-me-downs and home-builds. ...
  • Moving from WEP to WPA
    ... I have a relatively old Compaq Evo N600C laptop which I picked up ... 802.11a/b wireless LAN card which uses the orinoco driver in the kernel. ... result, a completely clean, unsullied installation. ... installation process doesn't support WPA, ...