RE: Custom Shell or Exploror based shell

From: "ecoulson" <ecoulson@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Feb 2006 16:41:27 -0800

Hi all,

I followed directions in: http://www.jsifaq.com/subl/tip5600/rh5619.htm
to get different behavior using local group policy using the technique:
running mmc
Add/Remove Snapin
Add Group Policy Object Editor
Save as <name>.msc
Then run mmc
open <name>.mmc
Make Changes in "Administrative Templates"
Save - then backup Registry.pol
The logon to non-admin user - then logon to admin and change back
the copy backed up Registry.pol back

So I can do the Group Policy "hello world" and have different behavior for
Administrator and other users. But this brings up other questions:

1) Is there any more specific information on how to limit the user to
ony that single .Net Applciation using Group Policies.
- Note: I can play around with the Group Policies, but wondering if there
was an
specific steps posted anywhere.

2) If I make these Group Policy changes after installing Windows XPE do I
use the
Manual Reseal Technique - to create images to distribute - along with
other applciations that I will install manually. I am just wondering about
the
packaging and deploying after manually adjusting the image.

Thanks, Eric

"ecoulson" wrote:

I have a .Net application that has the requirements:

Admin - full access
single user: only run specific .Net application(s)

I have got the application running with "Windows XP Explorer User
Interface" shell.
Now I am trying to lock down the single user without limiting
Administration Group.

Note: I will probably use Manual Reseal Technique - install embedded and
then manually install application.

KM helpfully mentioned that I can use either "Explorer based shell" with
group policies or a Custom Shell.

I am trying to see which one I should put my effort into.

I have created a simple customer shell - but I don't understand:
- how this shell can apply to only the single user and not admin.

Also, there is a great deal of documentation on group policies, but I am
looking for
something that specifically details how to lock down a specific user to a
single
.Net Applciation interface while allowing admin free access.

Thanks, Eric

Prev by Date: Re: Newbie Questions on XPe Install and configure
Next by Date: Re: Driver component
Previous by thread: Re: Driver component
Next by thread: Re: Custom Shell or Exploror based shell
Index(es):
- Date
- Thread

Relevant Pages

Windows XP for untrusted users
... computers and the user logons they use are currently members of Active ... So far as I said I've used group policy, ... shell such as blackbox for windows and finally using no shell and configuring ...
(microsoft.public.windowsxp.security_admin)
Re: how to remove taskbar ?
... easy way to return the kiosk user to an Explorer shell, ... extra application in group policy for startup but it did not start. ... and then set your custom Group Policy to exclude non-Admin from ...
(microsoft.public.windowsxp.embedded)
Re: I need Ideas on securing a remote Win2k machine
... make a group policy temp & ... use group policy setting to secure the users group. ... I would probably setup that application as their shell, ... >> and just remotely administer individual accounts, ...
(microsoft.public.win2000.security)
Re: Deny windows explorer from users
... > How to deny Windows Explorer from users, using AD group policy? ... Change the Shell, ...
(microsoft.public.windows.group_policy)
Re: Apply GPO to a single user
... I know how to apply a GPO to a OU or Group, but where do I go within Active Directory Sites and Services on my PDC Server to only apply a logon script to a single user or pc? ... Then create a Group Policy on the OU the user is child of (among other users that might be children of that OU and deny "authenticated users" "Read" and "Apply Group Policy" permission. ...
(microsoft.public.windows.group_policy)