Re: Locking Down A Computer Lab
From: mjfmn (mjfmn_at_discussions.microsoft.com)
Date: 05/16/05
- Next message: gerrylee: "RE: Can't change DVD region"
- Previous message: Carey Frisch [MVP]: "Re: Computer Browser service question?"
- In reply to: Nepatsfan: "Re: Locking Down A Computer Lab"
- Next in thread: Nepatsfan: "Re: Locking Down A Computer Lab"
- Reply: Nepatsfan: "Re: Locking Down A Computer Lab"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 May 2005 06:45:01 -0700
Nepatsfan, that was great! I got everything done in just a couple hours!
Now I can move on to other issues - like writing a Proper Usage document all
the kids have to sign!
Thanks again!
Mike
"Nepatsfan" wrote:
> I'm guessing that these machines are not part of a domain. If
> they are, post back with that info as that would make a big
> difference in my answer. I'm also guessing that you have the
> Professional version of XP as opposed to Home Edition.
>
> That said, here are some suggestions you might consider
> implementing:
>
> 1. Put passwords on both the built in administrator account and
> the account you created that is a member of the administrators
> group. Make sure it's something you'll remember but your users
> won't be able to guess. It's OK if it's the same for both
> accounts.
>
> If these machines have floppy drives or, better yet, you have a
> USB flash drive you might want to run the "Forgotten Password
> wizard". Here's how:
>
> http://www.petri.co.il/what's_the_password_reset_disk_in_windows_xp.htm
>
> I'd suggest leaving the limited account with a blank password.
>
> 2. Configure all machines to logon with the limited accounts by
> doing the following:
>
> Go to Start -> Run.
> Enter the following into the Open box:
>
> control userpasswords2
>
> Click OK.
> Uncheck "Users must enter a user name and password to use this
> computer".
> In the box that pops up, replace Administrator in the "User Name"
> box with your limited user account. Enter your password twice.
> Note: You can leave the password box blank if your account does
> not have a password.
> Click OK twice and reboot to see if you get the desired results.
>
> When you want to logon with your administrative account you can
> log off the limited account. The Welcome screen will be displayed
> which should contain the icon for your administrative account.
> Alternatively, you can hold down the shift key while windows is
> starting. This will bring you directly to the Welcome screen.
>
> 3. If running XP Professional in a workgroup:
>
> Right click on My Computer and select Manage from the drop down
> menu.
> In the Local Users and Groups section click on the Users.
> Right click on the limited account and select Properties.
> Put a check mark in the box next to "User cannot change password"
> as well as "Password never expires".
> This should prevent someone from assigning a password to this
> account. If you don't do this you're probably going to find
> yourself having to reset the password often.
>
> 4. If you plan on using the Local Group Policy to restrict the
> limited accounts you will need to use one of the procedures
> outlined in these articles to prevent the policies from being
> applied to members of the administrators group:
>
> Applies to XP as well as Win2K:
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B293655
>
> Group policy in a workgroup:
> http://www.theeldergeek.com/gp07.htm
>
> Be careful with Group Policy. It's not that hard to configure it
> in such a way that you lock yourself out of the computer.
>
> Good luck
>
> --
> Nepatsfan
> "mjfmn" <mjfmn@discussions.microsoft.com> wrote in message
> news:38DC0237-0AE0-4C91-85C0-FCC9C7644890@microsoft.com...
> > Jerry, thanks for the response. Sadly, I don't have the
> > opportunity to get
> > those books (we don't even have a book store in our little
> > town), or that
> > much time. The lab goes into use on Tuesday, May 17th. If
> > someone could
> > just tell me what I need to do to accomplish these two tasks
> > (going to a
> > restricted user at boot and / or changing the default login to
> > a restricted
> > user), that would get me far enough to lock it down by the time
> > the doors
> > open.
> >
> > Thanks again!
> > Mike
> >
> > "Jerry" wrote:
> >
> >> Try the Group Policy Editor and do some reading:
> >>
> >> Windows XP Booklist
> >>
> >> Microsoft Windows XP Inside Out 2nd ed ISBN 0-7356-2044-X
> >> Microsoft Windows XP Professional Resource Kit 2nd ed ISBN
> >> 0-7356-1974-3
> >> Microsoft Windows Command-Line ISBN 0-7356-2038-5
> >> Windows XP Pro 2nd ed The Missing Manual ISBN 0-596-00898-8
> >> Windows XP in a Nutshell, 2nd Edition ISBN 0-596-00900-3
> >> Windows XP Annoyances, 2nd ed ISBN 0-596-00876-7
> >> Windows XP Hacks, 2nd ed ISBN 0-596-0000918-6
> >> Windows XP Solutions ISBN 0-7645-6773-X
> >> Windows XP Speed Solutions ISBN 0-7645-7814-6
> >> Guide to Home Networking ISBN 0-7645-4473-X
> >>
> >> Downloadable Guides
> >>
> >> XP Tweak Guide (TweakGuides_XPTC.zip) from
> >> wwww.TweakGuides.com
> >> Windows Registry Guide (registryguide2003.exe) from
> >> www.winguides.com
> >> Error Message for Windows (MSWinErr.zip) from
> >> www.gregorybraun.com
> >>
> >> "mjfmn" <mjfmn@discussions.microsoft.com> wrote in message
> >> news:1B199E31-2849-4524-BA18-4C59387D6031@microsoft.com...
> >> > Hello! I have 16 XP SP2 machines I just installed in a
> >> > computer lab, and
> >> > I
> >> > want to lock them down. I got each of them setup today,
> >> > used a password
> >> > for
> >> > the administrator, then setup a new user for each one
> >> > (lab01, lab02,
> >> > etc.).
> >> > When I was all done I wanted to change the permission on the
> >> > user from
> >> > administrator level to restricted, so I rebooted, went into
> >> > safe mode as
> >> > administrator. I was told I couldn't change the user from
> >> > administrator
> >> > because there had to be one computer administrator (I
> >> > thought the
> >> > "administrator" log in was that?). I created a new user
> >> > that I would give
> >> > low rights to, but when the computer is booted up it gives
> >> > the option of
> >> > choosing a users - that kind of negates what I'm trying to
> >> > do! I'd just
> >> > like
> >> > it so the computer boots up to the restricted user.
> >> >
> >> > I need to lock down these computer so no one installs any
> >> > software,
> >> > disables
> >> > antivirus or Adaware, etc. Does anyone have any tips I can
> >> > use? Thanks
> >> > so
> >> > much!
> >> >
> >> > Mike, MIS Director
> >>
> >>
> >>
>
>
>
- Next message: gerrylee: "RE: Can't change DVD region"
- Previous message: Carey Frisch [MVP]: "Re: Computer Browser service question?"
- In reply to: Nepatsfan: "Re: Locking Down A Computer Lab"
- Next in thread: Nepatsfan: "Re: Locking Down A Computer Lab"
- Reply: Nepatsfan: "Re: Locking Down A Computer Lab"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
