Re: Easiest way to implement a lock-down policy? Suggestions welcome

From: Roger Abell [MVP] (mvpNOSPAM@asu.edu)
Date: 08/09/02 

From: "Roger Abell [MVP]" <mvpNOSPAM@asu.edu>
Date: Fri, 9 Aug 2002 00:36:08 -0700

Since it is your app, what I would first explore is
whether I could make the app non-escapable and
also full screen (no way to get out of app, no escape
to a prompt, etc, and no way to minimize). If I could
then I would wrapper the app in an app that launches it,
and when there is a return from the app (i.e. the app
has terminated) then the wrapper does a log off. This
wrapper would then be launched from the login script.

You can do much with group policy, but getting to the
point of being water tight is difficult. It is easier to look
at just replaying explorer with the app as the default shell
than to make a stand-alone 100% locked inescapably,
and using the login route mentioned first is sometimes
more simple and flexible that shell replacement. 

--
Roger Abell
MS MVP (Windows Platform), MCSE, MCDBA
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone
"FriskyWeasel" <friskyweasel@hotmail.com> wrote in message
news:3d52e7e8.102595312@news.atl.bellsouth.net...
> Hello -
>
> I am actually a web developer, NOT a network or Windoze security
> admin, so I don't have much experience with locking down machines (or
> at least taking reasonable security measures) in XP - So any help you
> could provide would be appreciated
>
> Pretty simple - I have 6 client machines running XP Home edition - We
> have some custom software we will place on each of these clients -
> Just a simple .EXE we wrote for them to use - At this point they
> really don't need to be able to run ANYTHING else on the system - just
> this custom app we provide them.
>
> I've done a bit of preliminary research and it's led me to believe
> maybe implementing a group policy would be the answer - My question -
> what would be the EASIEST, QUICKEST way to lock down these 6 client
> machines - No start menu, no IE, no nothing - just our app
>
> tia
>
>

Relevant Pages

  • Re: IWMHeaderInfo::GetAttributeByIndex fails with buffer too small
    ... This takes the aproach of converting the app ... Reference the orginal csharp wrapper. ... > I have translated the WMFSDKWrapper from the managed code example in ... > The GetAttributeByIndex functions is defined as follows: ...
    (microsoft.public.win32.programmer.mmedia)
  • Re: IWMHeaderInfo::GetAttributeByIndex fails with buffer too smal
    ... I modified the GetAttributeByIndex definition to pass ByVal pointers to ... wszName and Value rather then ByRef inclusions of the variables themselves. ... This takes the aproach of converting the app ... > Reference the orginal csharp wrapper. ...
    (microsoft.public.win32.programmer.mmedia)
  • Re: MSFlexGrid in simple ATL container window doesnt accept keystrokes
    ... a wrapper, not an app and it uses an old version of ATL and won't build ... As a wrapper, we don't have access to the event loop. ... Surely getting the keyboard to work ... turns out the control is irrelevant. ...
    (microsoft.public.win32.programmer.ole)
  • Re: Question about mmap wrt compressed files
    ... How is a wrapper to mmap() going to help? ... A lot really depends on your app. ... exactly what you mention where it decompresses gzip/bzip2 data into an ...
    (comp.compression)
  • Re: Remoting between 2.0 and 1.1
    ... >> reference in my 2.0 app because it will be run in 2.0. ... >> and then it will communicate with my 2.0 app using remoting. ... > Even if it did not for you, then how about providing a COM wrapper on your ...
    (microsoft.public.dotnet.framework)