If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Desktop Lockdown
I'm currently running Windows 2000 Pro -- soon to be XP and shortly on a
Windows 2003 domain -- and I want to lockdown the desktops. I don't want users to be able to install any programs -- whether by inserting a CD to install something, or downloading some junk, like Webshots and AIM. But ometimes, they may need to download a pdf file so I can't halt ALL downloads. I also have a program that needs to be installed per user due to registry settings. So, I've started installing everything under an Administrator account and making that the Default User account to circumvent that issue. In doing so, have I granted that user more file and registry permissions than I should have? I don't want them to have rights beyond User -- not even Power User. Lastly, is there a Windows security template that would be good to use on the domain (within Group Policy) that would give the ideal permission restrictions I'm looking to implment? Thanks for your thoughts and ideas... |
Ads |
#2
|
|||
|
|||
Frank wrote: I'm currently running Windows 2000 Pro -- soon to be XP and shortly on a Windows 2003 domain -- and I want to lockdown the desktops. I don't want users to be able to install any programs -- whether by inserting a CD to install something, or downloading some junk, like Webshots and AIM. But ometimes, they may need to download a pdf file so I can't halt ALL downloads. I also have a program that needs to be installed per user due to registry settings. So, I've started installing everything under an Administrator account and making that the Default User account to circumvent that issue. In doing so, have I granted that user more file and registry permissions than I should have? I don't want them to have rights beyond User -- not even Power User. By pure definition you have given them more permission than just User. Administrator user. Administrator has access to everything. Lastly, is there a Windows security template that would be good to use on the domain (within Group Policy) that would give the ideal permission restrictions I'm looking to implment? Thanks for your thoughts and ideas... well, we're not sure of the exact details you need on everything in the domain or the local machines but I'd start out with the Default Domain Policy that already exists in the Group Policy Management console and edit it to suit your needs(better yet, copy it and edit the copy in case you need to revert back to the default). Then do something similar, with slightly different settings, and apply it to your workstations (servers will need different settings from workstations so let them fall under the auspices of the domain policy or even create specific server policies in addition to specific workstation related policies). Look on nsa.gov and search for security guidelines for Windows. If you really want it locked down you can start modifying registry and FS permissions as well as redirecting a user's desktop to a readonly location and only giving them write access to a My Documents folder. You can also restrict use of MSI and disable access to all the drives in the system (don't disable access to the C drive). All that is done within group policies under the User configuration section. hope that helps Brandon |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Unused Icon Removal SCREWED UP | XPuser | Windows XP Help and Support | 5 | September 4th 05 04:49 AM |
1 wireless laptop & 1 ethernet wired desktop connect to modem rout | Charles Robertson | Networking and the Internet with Windows XP | 13 | August 16th 05 06:25 PM |
XP Pro + XP Home Networking Problem | Jack Macpherson | Networking and the Internet with Windows XP | 7 | January 1st 05 03:59 AM |
How show jpg in desktop background selection window? | Peter Wilkins | Windows XP Help and Support | 13 | November 11th 04 05:16 AM |
XP Pro Desktop Lockdown | ITR000 | General XP issues or comments | 2 | November 3rd 04 07:51 AM |