Go Premium for a chance to win a PS4. Enter to Win

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1211
  • Last Modified:

Start page - Internet Explorer

I am running a couple of clients on win XP where I want the user to be able to do nothing else than surf, chat (MSN) and mail. I am using a group policy for the network where I lock registry, set computer as "public access" and remove all items from start menu among other things. I have also disabled possibility to change start page in iexplorer - both in group policy and in iexplorer. Strangely enough I can sometimes see that the start-page is changed anyway - often to a sex page of course..  Can anyone give me some pointers of how to lock this up in a better way?

150 points to solution or best alternative...
  • 3
  • 2
  • 2
  • +1
1 Solution
Pete LongConsultantCommented:
Hi Trickster,
Writing a LOCAL computer Policy

NOTE write the policy as the local administrator and leave the mmc on the administrators desktop to avoid locking your self down!

To open a local access policy window
Start > Run > type gpedit.msc

Basically there are two types of policy computer policy and user policy

Good info on policies and applying them to remote PC’s

Common tasks can be performed in the following locations

Internet Explorer Settings

Lock the homepage
User Configuration > Windows Settings > Internet Explorer Maintenance >Important URL’s
Lock the Proxy server
User Configuration > Windows Settings > Internet Explorer Maintenance >Connection > Proxy Settings

Logon & Logoff Scripts

User Configuration > Windows Settings > Scripts > Logon
User Configuration > Windows Settings > Scripts > off

Password & Account Lockout Policies

Computer Configuration > Security Settings > Password Policy >
Computer Configuration > Security Settings > Account Lockout Policy >

Auditing Policies

Computer Configuration > Local Policies > Audit Policy

*****User rights assignment*****

Computer Configuration > Local Policies > User rights assignment

Change The Time
Windows settings >Security Settings >Local Policyes >User Rights Asignments >Change the system time


Don’t display last logon Name
Computer Configuration > Local Policies > Security Options > Do not display last user name in login screen (enable)
Stop users installing unsigned Drivers
Computer Configuration > Local Policies > Security Options > Unsigned Driver installation behaviour

REMEMBER save the MMC console on the Administrators Desktop!

HOW TO: Apply Local Policies to all Users Except Administrators on Windows 2000 in a Workgroup Setting

When something is changed to a sex page it's usually some kind of virus or malicious script, I suggest you do a scan of the network if you haven't already. www.antivirus.com has tools that function well on a per machine basis if that's needed. Homecall for example.
TricksterAuthor Commented:
Yes, I agree - it is probably scripts. When a user logs on certain sites, the start page is changed. I don't want this to happen, so as written above I've tried locking everything, downloaded all patches from MS and still - after a few days runtime - the startpage is changed - probably after someone has visited a site that changes the start page..

I want to make it impossible to change the startpage whatever site the user visits.. All of the clients are running Norton Antivirus software which alerts and disable most of those scripts. It would be good if I could find a way to stop even those scripts that Norton miss - like locking registry key or something..
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

I guess you can disable Active X and script and javastuff in the browser. Under security.
Pete LongConsultantCommented:
Use one of these - especially the last one!

Spyware & Adware

What is Spyware?

Spyware is ANY SOFTWARE which uses a user's Internet connection in the without the user knowledge.Allthough Software Firms and Web pages that launch this "code" on your PC are required to ask your permission many dont! ANY SOFTWARE communicating across the Internet from Your PC without your knowledge is guilty of information theft and is rightfully termed: Spyware.

What is Adware?

Adware is basically any application in which advertising banners are displayed while the program is running. This is built in to the coding of the Software that delivers th Adds to your desktop, These adds are either dislayed as pop up windows or through a Banner on the software front end. Many people believe that the revenue earned from this is justification for recouping development costs, which then dosnt need to be passed to the user.

Good Link

Adware, Spyware and other unwanted "malware" - and how to remove them

Removal Tools (Freeware)

Ad Aware http://www.lavasoftusa.com/software/adaware/
Spy Bot http://security.kolla.de/news.php?lang=en

Removal Tools (Shareware & Trialware)

Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.htm
Spy Cop http://spycop.com/products.htm

**********Prevent Browser Hijacking**********
BHODemon (Freeware)
Think of BHODemon as a guardian for your Internet browser: it protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. This program is my choice for BHO detection and is highly recommended.
Try using poledit.exe from a Windows NT/2000 machine. That way you will be able to lock down the machine for each computer/user.

The file you need is poledit.exe + the resorces file, notconfig.pol.

On XP machines you must save this file under Windows Directory\Policies. Putting it here stops the group policy overwriting the settings.

Then share the folder as NTlogon

If you require any more info/help on Policy Editor email me at mike.gascoigne@boltblue.com and Il;l get back to you asap.

TricksterAuthor Commented:
Not 100% the answer I was looking for but still gave a good solution to my problem, so I award PeteLong the points..
Pete LongConsultantCommented:

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now