Re: locking down PC for only IE

From: Steven L Umbach (sumbach_at_nospam-ameritech.net)
Date: 03/04/04 

Date: Thu, 04 Mar 2004 15:33:18 GMT

You can block access to the computer itself for browsing by using user
configuration/administrative templates/Windows Components/Windows Explorer
settings and administrative templates/desktop settings. To allow only IE to
run you can go to user configuration/administrative templates/system and use
the run only allowed Windows Applications to include only iexplore.exe. I
would also disable the command prompt and registry editing while there.
Configure the internet Web Content Zone to not allow downloads. Also
configure ntfs permissions on the root/drive folder to be no more than
read/list/execute for everyone and users. Keep in mind that on a non domain
computer these restrictions will also apply to the administrators, however
you could manage Group policy remotely remotely via another computer on the
network while logged on as a user with adminstrator credentials to that
computer. If you enable the guest account for users to use as the access
account, any changes they make will not be saved and they will have nowhere
do save files to on the computer [they will also be deleted at logoff].
Enabling the guest account is a security hole for network access, so if you
use it configure the user right assignment for access this computer from the
network to not include everyone/users but probably just administraors and
add guest to the deny access to this computer from the network. Also see the
link below on kiosk mode. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;154780

"kidem" <anonymous@discussions.microsoft.com> wrote in message
news:E505C0CA-DF79-4DC0-808E-19FE54769672@microsoft.com...
> Can group policy lock everything down to where only IE can browse the
Internet, rather than use other software?
>
> This is for a library, they dont want downloading,saving or browsing the
PC.
>
>
> Thanks
>

Relevant Pages

  • RE: Offer Remote Assistance - "Permission denied" - Windows XP SP2
    ... I am on a Novell network. ... > being made from and under the security context of a Local AND Domain ... > Allow logon through Terminal Services Administrators,Remote Desktop Users ... > Back up files and directories Administrators ...
    (microsoft.public.windowsxp.security_admin)
  • Re: How Can I Allow Access From The Internet to Only Selected User
    ... users, groups, client ip address ranges, client computer naming conventions ... All users can access Terminal Server from inside the network ... "select remote users" and enter in th administrators group. ...
    (microsoft.public.windows.terminal_services)
  • Re: Seeking Win2000 Policy Advice
    ... "Not trusting your developers ... is as bad, if not worse, than not trusting your network administrators." ... you have anyone serious about network security working in your company, ... frequently using the internet as a resource. ...
    (comp.os.ms-windows.nt.admin.security)
  • [OSOT] Distinction between Network Admin and System Admin
    ... I have a question about how you all would distinguish Network Administrators ... from System Administrators and the separate duties for each function. ... Sys), a Network Admin would deal with the DNS, MTA, Firewalling, NFS, ...
    (comp.os.linux.networking)
  • Draft I: Why You Dont Want to Install Software
    ... number of local administrators we have lurking around our networks. ... idea of contacting your network consultant to install software probably ... commonplace task for the network consultant. ...
    (microsoft.public.windows.server.sbs)