Start page - Internet Explorer

I am running a couple of clients on win XP where I want the user to be able to do nothing else than surf, chat (MSN) and mail. I am using a group policy for the network where I lock registry, set computer as "public access" and remove all items from start menu among other things. I have also disabled possibility to change start page in iexplorer - both in group policy and in iexplorer. Strangely enough I can sometimes see that the start-page is changed anyway - often to a sex page of course..  Can anyone give me some pointers of how to lock this up in a better way?

150 points to solution or best alternative...
TricksterAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
Hi Trickster,
Writing a LOCAL computer Policy

NOTE write the policy as the local administrator and leave the mmc on the administrators desktop to avoid locking your self down!

To open a local access policy window
Start > Run > type gpedit.msc

Basically there are two types of policy computer policy and user policy

Good info on policies and applying them to remote PC’s
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_dbyy.asp

Common tasks can be performed in the following locations

Internet Explorer Settings

Lock the homepage
User Configuration > Windows Settings > Internet Explorer Maintenance >Important URL’s
Lock the Proxy server
User Configuration > Windows Settings > Internet Explorer Maintenance >Connection > Proxy Settings

Logon & Logoff Scripts

Logon
User Configuration > Windows Settings > Scripts > Logon
Logoff
User Configuration > Windows Settings > Scripts > off

Password & Account Lockout Policies

Computer Configuration > Security Settings > Password Policy >
Computer Configuration > Security Settings > Account Lockout Policy >

Auditing Policies

Computer Configuration > Local Policies > Audit Policy

*****User rights assignment*****

Computer Configuration > Local Policies > User rights assignment

Change The Time
Windows settings >Security Settings >Local Policyes >User Rights Asignments >Change the system time


COMMON POLICIES AND WHERE TO FIND THEM

Don’t display last logon Name
Computer Configuration > Local Policies > Security Options > Do not display last user name in login screen (enable)
Stop users installing unsigned Drivers
Computer Configuration > Local Policies > Security Options > Unsigned Driver installation behaviour

REMEMBER save the MMC console on the Administrators Desktop!

HOW TO: Apply Local Policies to all Users Except Administrators on Windows 2000 in a Workgroup Setting
http://support.microsoft.com/?kbid=293655

Cheers!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
biXenCommented:
When something is changed to a sex page it's usually some kind of virus or malicious script, I suggest you do a scan of the network if you haven't already. www.antivirus.com has tools that function well on a per machine basis if that's needed. Homecall for example.
TricksterAuthor Commented:
Yes, I agree - it is probably scripts. When a user logs on certain sites, the start page is changed. I don't want this to happen, so as written above I've tried locking everything, downloaded all patches from MS and still - after a few days runtime - the startpage is changed - probably after someone has visited a site that changes the start page..

I want to make it impossible to change the startpage whatever site the user visits.. All of the clients are running Norton Antivirus software which alerts and disable most of those scripts. It would be good if I could find a way to stop even those scripts that Norton miss - like locking registry key or something..
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

biXenCommented:
I guess you can disable Active X and script and javastuff in the browser. Under security.
Pete LongTechnical ConsultantCommented:
biXen,
Use one of these - especially the last one!

Spyware & Adware

What is Spyware?

Spyware is ANY SOFTWARE which uses a user's Internet connection in the without the user knowledge.Allthough Software Firms and Web pages that launch this "code" on your PC are required to ask your permission many dont! ANY SOFTWARE communicating across the Internet from Your PC without your knowledge is guilty of information theft and is rightfully termed: Spyware.

What is Adware?

Adware is basically any application in which advertising banners are displayed while the program is running. This is built in to the coding of the Software that delivers th Adds to your desktop, These adds are either dislayed as pop up windows or through a Banner on the software front end. Many people believe that the revenue earned from this is justification for recouping development costs, which then dosnt need to be passed to the user.

Good Link

Adware, Spyware and other unwanted "malware" - and how to remove them
http://www.cexx.org/adware.htm

Removal Tools (Freeware)

Ad Aware http://www.lavasoftusa.com/software/adaware/
Spy Bot http://security.kolla.de/news.php?lang=en

Removal Tools (Shareware & Trialware)

Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.htm
Spy Cop http://spycop.com/products.htm

**********Prevent Browser Hijacking**********
BHODemon (Freeware)
Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.
http://www.spywareinfo.com/downloads/bhod/
MikeGascoigneCommented:
Try using poledit.exe from a Windows NT/2000 machine. That way you will be able to lock down the machine for each computer/user.

The file you need is poledit.exe + the resorces file, notconfig.pol.

On XP machines you must save this file under Windows Directory\Policies. Putting it here stops the group policy overwriting the settings.

Then share the folder as NTlogon

If you require any more info/help on Policy Editor email me at mike.gascoigne@boltblue.com and Il;l get back to you asap.

Mike
TricksterAuthor Commented:
Not 100% the answer I was looking for but still gave a good solution to my problem, so I award PeteLong the points..
Pete LongTechnical ConsultantCommented:
ThanQ
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.