XP Policies (like PolEdit)
From: David Jones (kk7gw_at_yahoo.com)
Date: 09/02/03
- Next message: OKlier: "Re: Virus Detection"
- Previous message: Iain: "Security"
- In reply to: Daniel Kerr: "XP Policies (like PolEdit)"
- Next in thread: Daniel Kerr: "Re: XP Policies (like PolEdit)"
- Reply: Daniel Kerr: "Re: XP Policies (like PolEdit)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 2 Sep 2003 14:21:49 -0700
When you're finished setting the policy, but before you
logoff/reboot, change the NTFS permissions on the
\Windows\system32\grouppolicy folder to Deny access to
Administrators (or whoever you want the policy to NOT
apply to).
When you need to change the policy, you'll need to remove
that Deny permission to change it.
Note that you should also make sure the only accessible
things are the keyboard and mouse, because with physical
access to a computer case (or floppy drive/CD drive/etc)
it is possible to do a wide variety of things that would
get around this.
Also make sure all Administrator level accounts are
password protected with strong passwords, and those
passwords change relatively frequently.
There's a host of other ways to secure the system as
well, but that's a good starting point.
>-----Original Message-----
>Ok, here's the deal.
>
>I am about to deploy a PC to a public area. The ONLY
thing I want people to
>be able to do is open IE, and of course lock it to say 3
of our websites.
>In Win98 or even NT this would not be very hard at all.
I would simply open
>PolEdit, make an account for either the group or
username, and then apply
>the restrictions. This way, when the user logs in, they
lose all access to
>everything in the computer (control panel, etc), yet I
can get in under the
>admin account that doesn't have this policy applied and
make changes.
>
>So far I have been beating my head in trying to get a
solution to this
>problem. It seems XP Pro wants to use the group
policy. That's wonderful
>as it has all the settings I want to change, but only
one catch. These all
>seem to be machine settings. IE, I remove the shutdown
button from the
>start menu, my admin account also has it gone. As you
can see, this is a
>huge issue as I don't want to lock myself out of doing
things to the
>computer.
>
>Due to the insecure nature of this system, we do NOT
want it on our domain
>(or even on our network for that matter). So, does
anyone have a solution?
>PolEdit from the OfficeXP resource kit would work, but
it won't let me add
>the system settings that I want...
>
>Any help will be GREATLY appreciated.
>
>Thanks for any assistance you guys can give...
>
>
>.
>
- Next message: OKlier: "Re: Virus Detection"
- Previous message: Iain: "Security"
- In reply to: Daniel Kerr: "XP Policies (like PolEdit)"
- Next in thread: Daniel Kerr: "Re: XP Policies (like PolEdit)"
- Reply: Daniel Kerr: "Re: XP Policies (like PolEdit)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
