A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » Security and Administration with Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Desktop Lockdown



 
 
Thread Tools Display Modes
  #1  
Old October 3rd 05, 02:00 PM
Frank
external usenet poster
 
Posts: n/a
Default Desktop Lockdown

I'm currently running Windows 2000 Pro -- soon to be XP and shortly on a
Windows 2003 domain -- and I want to lockdown the desktops. I don't want
users to be able to install any programs -- whether by inserting a CD to
install something, or downloading some junk, like Webshots and AIM. But
ometimes, they may need to download a pdf file so I can't halt ALL downloads.

I also have a program that needs to be installed per user due to registry
settings. So, I've started installing everything under an Administrator
account and making that the Default User account to circumvent that issue. In
doing so, have I granted that user more file and registry permissions than I
should have? I don't want them to have rights beyond User -- not even Power
User.

Lastly, is there a Windows security template that would be good to use on
the domain (within Group Policy) that would give the ideal permission
restrictions I'm looking to implment?

Thanks for your thoughts and ideas...


Ads
  #2  
Old October 4th 05, 01:16 AM
external usenet poster
 
Posts: n/a
Default



Frank wrote:

I'm currently running Windows 2000 Pro -- soon to be XP and shortly on a
Windows 2003 domain -- and I want to lockdown the desktops. I don't want
users to be able to install any programs -- whether by inserting a CD to
install something, or downloading some junk, like Webshots and AIM. But
ometimes, they may need to download a pdf file so I can't halt ALL downloads.

I also have a program that needs to be installed per user due to registry
settings. So, I've started installing everything under an Administrator
account and making that the Default User account to circumvent that issue. In
doing so, have I granted that user more file and registry permissions than I
should have? I don't want them to have rights beyond User -- not even Power
User.


By pure definition you have given them more permission than just User.
Administrator user.
Administrator has access to everything.



Lastly, is there a Windows security template that would be good to use on
the domain (within Group Policy) that would give the ideal permission
restrictions I'm looking to implment?

Thanks for your thoughts and ideas...


well, we're not sure of the exact details you need on everything in the domain or
the local machines but I'd start out with the Default Domain Policy that already
exists in the Group Policy Management console and edit it to suit your
needs(better yet, copy it and edit the copy in case you need to revert back to
the default). Then do something similar, with slightly different settings, and
apply it to your workstations (servers will need different settings from
workstations so let them fall under the auspices of the domain policy or even
create specific server policies in addition to specific workstation related
policies). Look on nsa.gov and search for security guidelines for Windows. If
you really want it locked down you can start modifying registry and FS
permissions as well as redirecting a user's desktop to a readonly location and
only giving them write access to a My Documents folder. You can also restrict
use of MSI and disable access to all the drives in the system (don't disable
access to the C drive). All that is done within group policies under the User
configuration section.

hope that helps
Brandon


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unused Icon Removal SCREWED UP XPuser Windows XP Help and Support 5 September 4th 05 04:49 AM
1 wireless laptop & 1 ethernet wired desktop connect to modem rout Charles Robertson Networking and the Internet with Windows XP 13 August 16th 05 06:25 PM
XP Pro + XP Home Networking Problem Jack Macpherson Networking and the Internet with Windows XP 7 January 1st 05 03:59 AM
How show jpg in desktop background selection window? Peter Wilkins Windows XP Help and Support 13 November 11th 04 05:16 AM
XP Pro Desktop Lockdown ITR000 General XP issues or comments 2 November 3rd 04 07:51 AM






All times are GMT +1. The time now is 11:32 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.