xp lock down

From: Peter Clark (clark_at_hushmail.com)
Date: 04/28/03


Date: Mon, 28 Apr 2003 14:10:48 -0700


investigate software restriction policies:

(from brief notes of mine)

start -> settings -> control panel -> administrative tools
-> Local Security Policy
or secpol.msc

security settings\software restriction policies\security levels
security settings\software restriction policies\additional
rules

make sure you add the following new hash rules!!
userinit.exe (VERY %$^*& CRITICAL IF YOU WANT TO LOGON)
explorer.exe (SOMETIMES A SHELL IS REALLY NICE TO HAVE)

add addition programs that you want a user to be allowed to run

change the enforcement option to apply software
restrictions to all users except local administrators.

if you do lock yourself out you can reboot into safe mode,
logon as an administrator
and change the policy (run gpupdate /force - it will fail,
but it will update on reboot)
else reboot and attempt to logon twice.

for the other security settings, investigate/import/modify
the securews.inf template for local security policy and
group policy. tweakui and some updating of shortcuts may
also help.

>-----Original Message-----
>hello everybody!
>I am trying to lock down a stand alone windows xp pro,
>what I mean by locking down is to create a user with no
>right but to launch one app. also I would like to
>disabale the run command, and to take away the settings
>out of the start menu programs. but here is the problem
>when login as administrator I need to be able to run
>anythin.
>.
>



Relevant Pages

  • Re: Local Security Policy settings have locked out Admin. account
    ... >>>error message that the local security policy settings ... However, my wife, ... >>Right-click Add Scheduled Task and choose Open ... >>Administrator ...
    (microsoft.public.win2000.security)
  • Re: Windows Update error resolution problem
    ... to the administrator group - hopefully not restircted. ... > Impersonate a client after authentication policy either. ... >> then click Local Security Policy. ... On the Local Security Settings tab, click Add User or Group, and then ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: XP Security Question
    ... options are grayed out in local security policy. ... to have to completely re-install to move from win2k to XP ... >administrator and the domain admins group has been ... >> EXCEPT that I can no longer do any kind of remote ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Administrator w/ no RWW interactive logon
    ... I have been experiancing this and found that had to add users into ... control panel, administrative tools, local security policy, local policies, ... > When I am on the network, I can logon with no problems to other computers. ... > On the server management side, the computer is part of the Administrator ...
    (microsoft.public.windows.server.sbs)
  • I stand corrected !
    ... Forget my last post - it was the Virtual Memory Pagefile clearing that was ... taking so long - just had to reboot couple of times to determine this. ... > I have altered the Local Security Policy and yes - I had enabled the ...
    (microsoft.public.windows.server.general)