Re: KIOSK MODE?
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: Fri, 30 Sep 2005 17:19:23 -0500
Microsoft has a great solution for kiosk computers but it will only work on
XP SP2 and is called Shared Computer Toolkit for XP. I tried it out a bit
and so far the results are impressive. One thing I like is that you can
easily restrict a users from running any executable outside of the program
files folder or system folder. See the link below if you are
nterested. --- Steve
"zuke" <lgilmore@NO_SPAMrainbowgrocery.net> wrote in message
> So, I wanted to let a laptop in a physcally public place access one
> folder on a server in my LAN. What I did do was to go to every top-level
> share and disallow access from the user account that would be logging onto
> the laptop. This took the better part of a day. It works.
> Then I went to the executables on the laptop I wanted excluded and did the
> Then I blocked all users but two from logging onto the laptop.
> Not a great method, but it works.
> I'm surprised few others want to do stuff like this.
> "Steven L Umbach" <email@example.com> wrote in message
>> Yes their is no SRP in Windows 2000. What the user could try is to use
>> the Group Policy setting under user configuration/administrative
>> templates/system - run only allowed Windows applications after reading
>> the full explanation of the setting and adding iexplorer.exe to that
>> list. However the user could be able to run any executable that is named
>> iexplorer.exe on the computer - authorized or not though this is still a
>> workable solution particularly if the user is not a local administrator
>> or power user and other restrictions are enabled such as not being able
>> to run the command prompt and using ntfs restrictions. --- Steve
>> "Tom Che [MSFT]" <firstname.lastname@example.org> wrote in message
>>> Hi Zuke,
>>> Thanks for posting here. Sorry for my delayed response due to the
>>> From your post, my understanding of this issue is: You would like to
>>> how to restrict a PC to run only one program in Win2K AD. If this is
>>> correct, please feel free to let me know.
>>> Based on my experience, it might be difficult to perform this
>>> in Win2K AD without third-party specific software. But there are
>>> Restriction Policies in Win2K3. For more information, please see:
>>> Software Restriction Policies
>>> However, in Win2K AD, you may try to use Group Policy to lock down the
>>> desktop (just remain one shortcut for your application), remove unneeded
>>> items from Start Menu, hide hard drives and so on. And then, the user
>>> not run other applications if he is not an expert and has insufficient
>>> privileges. For more information about how to do these policies, you
>>> refer to the following Microsoft web site:
>>> Windows 2000 Group Policy Reference
>>> Hope this helps!
>>> Have a nice day!
>>> Please note that the newsgroups are staffed weekdays by Microsoft
>>> professionals to answer your non-urgent, break/fix systems and
>>> questions. Our goal is to provide 24 hour response to all questions.
>>> If this response time does not meet your needs, please contact Customer
>>> Service and Support (CSS) for more immediate assistance. For more
>>> information on available CSS services, please click here:
>>> If you are outside the United States, please visit our International
>>> Support page: http://support.microsoft.com/common/international.aspx
>>> Tom Che
>>> Microsoft Online Partner Support
>>> Get Secure! - www.microsoft.com/security
>>> When responding to posts, please "Reply to Group" via your newsreader so
>>> that others may learn and benefit from your issue.
>>> This posting is provided "AS IS" with no warranties, and confers no
>>>>From: "zuke" <lgilmore@NO_SPAMrainbowgrocery.net>
>>>>Subject: KIOSK MODE?
>>>>Date: Fri, 23 Sep 2005 11:37:19 -0700
>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>>X-RFC2646: Format=Flowed; Original
>>>>NNTP-Posting-Host: w160.z064002063.sjc-ca.dsl.cnc.net 220.127.116.11
>>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.security:15293
>>>>In a W2K AD network, can a PC be hooked up in a "kiosk mode" such that
>>>>one application can be used?