Re: Securing a Windows XP Workstation

From: Bob Hollness (bob_at_blockbuster.com)
Date: 02/08/05 

Date: Tue, 8 Feb 2005 09:19:08 +0100

Yes, they could be overwritten by a GPO. Either use EFS or (which I prefer)
use PGP to create a disk volume. Only he has the password. The volume can
be stored on the server and included in the backups.

The benefit of PGP is that the keys can be backed up. If he loses his
workstation through a fatal system error, he 'may' not be able to recover
his files. Although, there may be a way to back up the windows keys as
well??? 

-- 
Bob
--------------------------------------
I'll have a B please Bob.
"Cary Kataoka" <caryk@cjrk.com> wrote in message 
news:%23LrPRqZDFHA.1012@TK2MSFTNGP14.phx.gbl...
> Hi.
>
> Tried posting this to the XP group, but did not receive any response, so 
> I'm
> trying this one.
>
> I am attempting to secure a XP workstation connected to a 2003 Server 
> based
> domain.  The workstation (belonging to the CEO) has private information 
> that
> should not be accessible by anyone including the network administrator.  I
> have disabled remote desktop and have added the key
> System\CurrentControlSet\Services\LanManServer\Parameters\AutoShareWks=0 
> to
> HKLM.  I have also disabled the remote registry service.  Further, I have
> removed all domain users except for the local user from local users and
> groups (specifically, I removed domain admins from the local administrator
> group).
>
> I would like some further information:  A.)  Could these settings be
> over-ridden via GPO?  B.)  Could these settings be modified if remote
> network
> profile is being used and the user is logging into different workstations
> with the same account?
>
> Thanks in advance for any advice.
>
> Cary Kataoka (caryk@cjrk.com)
> CJRK Computer Consulting Inc.
>
>
>

Relevant Pages

  • Re: Add a local user in a Restricted Group GPO
    ... The problem is that interface validate the user account, ... directly in the policy file you can add COMPUTERNAME\ACCOUNTNAME and it will ... This may cause problem if the GPO is executed on computer for which the ... Is it possible to add a local user inside a Restricted Group? ...
    (microsoft.public.windows.group_policy)
  • Re: Group Policy Wont Apply Unless User is a Member of Domain Admin. Why?
    ... I'd go to the workstation where the policy is not applying and do Start -> ... a different GPO applying policies there? ... gpo will only apply if the test user (uTest) is a member of theDomain> ...
    (microsoft.public.windows.server.sbs)
  • Re: AD error in Group policy
    ... This problem occurs because older versions of the Group Policy editor cannot ... the problem occurs when you try to view or modify a GPO that has ... been viewed by a different workstation, ... > explorer security for binary behaviours. ...
    (microsoft.public.win2000.advanced_server)
  • Re: Old GPO still being applied
    ... So it is about removing the printers configured with the GPO? ... workstation was moved from one branch to the other. ... Did you delete/unlink an old GPO and now the settings still apply? ...
    (microsoft.public.windows.group_policy)
  • Re: Old GPO still being applied
    ... So it is about removing the printers configured with the GPO? ... workstation was moved from one branch to the other. ... Did you delete/unlink an old GPO and now the settings still apply? ...
    (microsoft.public.windows.group_policy)
Quantcast