Re: different user groups with different security settings and windows environment

From: Roger Abell (
Date: 08/09/05

Date: Mon, 8 Aug 2005 23:10:00 -0700

Well, you would need to purchase Server in order to have a domain.

I am not sure if there is or is not something out there to aggregate
bandwidth between a cable and a wireless interface. In modem days
there was ability to do so and in higher end network cards this is
possible - but those are not the interfaces you have.

>From the range of your questions I feel that you may be getting in
too deeply if you were to try altering the default shell for those
accounts. Explorer is the normal default shell, not IE.

The best way to protect your machine is to use a firewall,
to keep it up-to-date on patches, and to keep those at the
keyboard using a limited user account with sanity in their

Roger Abell
Microsoft MVP (Windows  Security)
"dh" <> wrote in message
> The OS is WinXP Pro.
> So, will you suggest I promote my standalone PC to a standalone Domain
> Controller in order to configure the specific group security requirement?
> What is the default shell for IE? How can I access and change it?
> By the way, if I get internet access by wireless router, which has several
> PC connect to it, which parameters should I set to ensure the other PC
> connect to the same router cannot invade my privacy?
> Can I use both cable access and wireless access at the same time to
> accerlerate the data rate?
> Thanx
> "Roger Abell" <> wrote in message
> news:OBcXNm9mFHA.1480@TK2MSFTNGP10.phx.gbl...
> > What OS ?  This is more approachable with XP Pro than it is with
> > Windows 2000, mostly due to the addition of Software Restriction
> > Policy in XP and later.
> > However, local policy (i.e. stand-alone) is always applied equally
> > to all accounts.  User and group selectivity is a domain feature.
> > There is a workaround, a very tedious workaround, for which one
> > must plan carefully what policies are to be in effect for which
> > In general I do not recommend it.
> > Also, most things effected by local policy can be done with registry
> > settings - and there are third-party tools to assist.  You might want to
> > look at Doug's little app for this (
> > Finally, from what you have said it almost sound like what you could
> > do is to change the default shell from Explorer for the couple accounts
> > that are to be restricted to only accessing the bank web sites.
> >
> > -- 
> > Roger Abell
> > Microsoft MVP (Windows  Security)
> >
> > "dh" <> wrote in message
> > news:e3lvZn6mFHA.3960@TK2MSFTNGP12.phx.gbl...
> >> My machine is a standalone machine without any AD setting.
> >> I am planning to set different user groups with different security
> > settings
> >> and windows environment.
> >> From gpedit.msc, there are only Windows Setting->Local
> >> Policies->UserRightAssignments and Windows Setting->Local
> > Policies->Security
> >> Options working with User Groups. The other policies affecting all
> >> I need the very tight security user group for working only with one or
> >> two
> >> banking web sites, no other application runs, no application can be
> > install,
> >> and no communication to other sites. Limited ports. The cleaning
> >> should run during login and logout. The point is to avoid the backdoor
> >> and
> >> keylogger.
> >> Another user group for general usage, like accessing chatroom site,
> >> YIM, game.
> >>
> >> How can I do this?
> >> Any suggestion on setting user groups to acheive security?
> >> Thanx a lot
> >>
> >>
> >
> >