Solved

Start page - Internet Explorer

Posted on 2003-11-19
9
1,195 Views
Last Modified: 2008-02-01
I am running a couple of clients on win XP where I want the user to be able to do nothing else than surf, chat (MSN) and mail. I am using a group policy for the network where I lock registry, set computer as "public access" and remove all items from start menu among other things. I have also disabled possibility to change start page in iexplorer - both in group policy and in iexplorer. Strangely enough I can sometimes see that the start-page is changed anyway - often to a sex page of course..  Can anyone give me some pointers of how to lock this up in a better way?

150 points to solution or best alternative...
0
Comment
Question by:Trickster
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 150 total points
ID: 9777588
Hi Trickster,
Writing a LOCAL computer Policy

NOTE write the policy as the local administrator and leave the mmc on the administrators desktop to avoid locking your self down!

To open a local access policy window
Start > Run > type gpedit.msc

Basically there are two types of policy computer policy and user policy

Good info on policies and applying them to remote PC’s
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_dbyy.asp

Common tasks can be performed in the following locations

Internet Explorer Settings

Lock the homepage
User Configuration > Windows Settings > Internet Explorer Maintenance >Important URL’s
Lock the Proxy server
User Configuration > Windows Settings > Internet Explorer Maintenance >Connection > Proxy Settings

Logon & Logoff Scripts

Logon
User Configuration > Windows Settings > Scripts > Logon
Logoff
User Configuration > Windows Settings > Scripts > off

Password & Account Lockout Policies

Computer Configuration > Security Settings > Password Policy >
Computer Configuration > Security Settings > Account Lockout Policy >

Auditing Policies

Computer Configuration > Local Policies > Audit Policy

*****User rights assignment*****

Computer Configuration > Local Policies > User rights assignment

Change The Time
Windows settings >Security Settings >Local Policyes >User Rights Asignments >Change the system time


COMMON POLICIES AND WHERE TO FIND THEM

Don’t display last logon Name
Computer Configuration > Local Policies > Security Options > Do not display last user name in login screen (enable)
Stop users installing unsigned Drivers
Computer Configuration > Local Policies > Security Options > Unsigned Driver installation behaviour

REMEMBER save the MMC console on the Administrators Desktop!

HOW TO: Apply Local Policies to all Users Except Administrators on Windows 2000 in a Workgroup Setting
http://support.microsoft.com/?kbid=293655

Cheers!
0
 
LVL 4

Expert Comment

by:biXen
ID: 9778369
When something is changed to a sex page it's usually some kind of virus or malicious script, I suggest you do a scan of the network if you haven't already. www.antivirus.com has tools that function well on a per machine basis if that's needed. Homecall for example.
0
 

Author Comment

by:Trickster
ID: 9778959
Yes, I agree - it is probably scripts. When a user logs on certain sites, the start page is changed. I don't want this to happen, so as written above I've tried locking everything, downloaded all patches from MS and still - after a few days runtime - the startpage is changed - probably after someone has visited a site that changes the start page..

I want to make it impossible to change the startpage whatever site the user visits.. All of the clients are running Norton Antivirus software which alerts and disable most of those scripts. It would be good if I could find a way to stop even those scripts that Norton miss - like locking registry key or something..
0
 
LVL 4

Expert Comment

by:biXen
ID: 9779051
I guess you can disable Active X and script and javastuff in the browser. Under security.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 57

Expert Comment

by:Pete Long
ID: 9779148
biXen,
Use one of these - especially the last one!

Spyware & Adware

What is Spyware?

Spyware is ANY SOFTWARE which uses a user's Internet connection in the without the user knowledge.Allthough Software Firms and Web pages that launch this "code" on your PC are required to ask your permission many dont! ANY SOFTWARE communicating across the Internet from Your PC without your knowledge is guilty of information theft and is rightfully termed: Spyware.

What is Adware?

Adware is basically any application in which advertising banners are displayed while the program is running. This is built in to the coding of the Software that delivers th Adds to your desktop, These adds are either dislayed as pop up windows or through a Banner on the software front end. Many people believe that the revenue earned from this is justification for recouping development costs, which then dosnt need to be passed to the user.

Good Link

Adware, Spyware and other unwanted "malware" - and how to remove them
http://www.cexx.org/adware.htm

Removal Tools (Freeware)

Ad Aware http://www.lavasoftusa.com/software/adaware/
Spy Bot http://security.kolla.de/news.php?lang=en

Removal Tools (Shareware & Trialware)

Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.htm
Spy Cop http://spycop.com/products.htm

**********Prevent Browser Hijacking**********
BHODemon (Freeware)
Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.
http://www.spywareinfo.com/downloads/bhod/
0
 

Expert Comment

by:MikeGascoigne
ID: 9780142
Try using poledit.exe from a Windows NT/2000 machine. That way you will be able to lock down the machine for each computer/user.

The file you need is poledit.exe + the resorces file, notconfig.pol.

On XP machines you must save this file under Windows Directory\Policies. Putting it here stops the group policy overwriting the settings.

Then share the folder as NTlogon

If you require any more info/help on Policy Editor email me at mike.gascoigne@boltblue.com and Il;l get back to you asap.

Mike
0
 

Author Comment

by:Trickster
ID: 10087314
Not 100% the answer I was looking for but still gave a good solution to my problem, so I award PeteLong the points..
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10087489
ThanQ
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Most of the time we are in fix when all of sudden our systems behave weirdly.  Such problems cost time and effort... so it's best to take some preventive actions so that we can avoid such issues or overcome such problems more easily. Preventive M…
Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now