Re: Restricting user access to one file only

From: Junethesis (michealcNOSPAM@mboxdesign.com)
Date: 12/03/02 

From: "Junethesis" <michealcNOSPAM@mboxdesign.com>
Date: Tue, 3 Dec 2002 11:25:15 -0800

Now, as far as the outline for a kiosk machine, where
would I find instructions for setting that up, and how
would I add a script into the exit feature that would log
the user off?

>"Junethesis" <michealc@mboxdesign.com> wrote in message
>news:02a101c29a6a$ab05a540$89f82ecf@TK2MSFTNGXA01...
> Using Windows XP, how can I restrict a user's access on
> the computer to one file only? We have a multimedia
> program on the computer that our client wants its
> employees to run through, but they do not want to give
> their employees access to any other part of the computer.
>
> The computer is NOT on a network and has been set to
>login
> using the clissic login.
>
> What do I need to do?

>You simply cannot do that. In order to log in an account
>needs access to very much that is in the filesystem.

>You can try two things. One, if the application allows
>such use, is to look into replacing the default shell
>(explorer)
>with the application. This also assumes that the
>application
>does not provide an escape mechanism. The other thing to
>try is to follow the outline of lockdown for a kiosk
>machine
>where the login account has very restricted access to
>anything
>(not in fact but rather in what they can get to) except
>icons for
>the application if they have a desktop, or where the
>application
>is run from the login script in such a way that when the
>app is
>exited the account is logged off. 

--
Roger Abell
MS MVP (Security, Windows), MCDBA,  MCSE both
Associate Expert - Windows XP ExpertZone
http://www.microsoft.com/windowsxp/expertzone

Relevant Pages

  • Re: problem with login
    ... login session" after I create their account. ... If your script is using the mkuser command, ...
    (comp.unix.aix)
  • Re: PHP Protect and select script
    ... You first mentioned you don't want your visitors to create an account, ... You post the username/password to the receiving script where you redirect ... I invite people to login to my web site and give them a login name and ... Isn't there a simple script that can take care of the redirection? ...
    (alt.php)
  • Re: Running Login Script Problems
    ... Have you replicated the login script to all your DCs' netlogon shares? ... If the "special account" is a domain admin account, ... > all my computers in a lab. ...
    (microsoft.public.win2000.networking)
  • Re: PHP Protect and select script
    ... You first mentioned you don't want your visitors to create an account, ... You post the username/password to the receiving script where you redirect ... I invite people to login to my web site and give them a login name and ... Isn't there a simple script that can take care of the redirection? ...
    (alt.php)
  • Weakness introduced by denying remote logins on AIX, possibly others
    ... AIX 4.3.3 and AIX 5.1, ... is possible to remotely enumerate the passwords of a known AIX account. ... believed to be in the response from the login program after authentication ... Give accounts that have been restricted from remote logins strong passwords. ...
    (Security-Basics)