Re: Information PC

From: Roger Abell (
Date: 02/11/04

Date: Tue, 10 Feb 2004 23:22:22 -0700

"Curtis Koenig [MSFT]" <> wrote in message
> Create an OU that the machines will be members of then create a policy for
> that OU that only allows the actions you want to allow.
> --
> Curtis Koenig
> Support Engineer
> Product Support Services, Security Team

Hi Curtis,

You know that, since W2k released, MS has answered this
kiosk type of post much as you have just done.

However, I have yet to see a template that actually does do
this. W2k is known to be exceedingly difficult to truly and fully
restrict so that no one can escape in any way to a shell, prompt,
etc.. XP and W2k3 have improved on things, but it would seem
that MS could provide an actually example of doing this.

Please understand, I am not trying to pick on you. Not at all.
If anything I am wanting to raise some awareness that we see
posts like this fairly regularly. Yet since late 1999 I have yet
to see people rapidly step up to answer these postings, and
when they do it is usually with info on only the first steps down
the road.

So, if you have a mind to, pass the feedback along would you ?
There should be a paper / KB : How to build a bullet-proof
public access kiosk machine with Windows XP


Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
> --------------------
> >From: "Marcus Wolf" <>
> >Subject: Information PC
> >Date: Tue, 10 Feb 2004 09:54:41 -0000
> >
> >Hi all,
> >
> >I need to set up some info-PCs. The only thing the logged-on user
> >account) should be able to do is using the local intranet. Ververything
> >else, e.g. taskmgr, taskbar, ctrl&alt&del, etc. should be diabled. The
> >maschine will be domain-members with Windows XP installed.
> >
> >Any suggestions??
> >
> >Regards Marcus Wolf
> >
> >
> >