swabeui
asked on
Group Policy - Lock a user down so all he can do is see our Intranet page
Hi,
I have a couple users at my company that I need to lock down so they can only see our Intranet. I have looking into the Kiosk mode for IE, but it would allow the user to still browse other pages other then our Intranet page. Additionally, it would not be intuitive to the user how to logoff or shutdown since the start menu is hidden.
Thanks.
I have a couple users at my company that I need to lock down so they can only see our Intranet. I have looking into the Kiosk mode for IE, but it would allow the user to still browse other pages other then our Intranet page. Additionally, it would not be intuitive to the user how to logoff or shutdown since the start menu is hidden.
Thanks.
why use a policy? just put in a firewall that blocks all TCP port 80 (web) traffic from that particular pc to the outside of your network
ASKER
I thought about this (in fact I have implemented similar policies already), but the computers in question are shared and other users do not have to share the same restrictions. I would also have to make the IPs static or at least assigned in DHCP which I would rather not do if I don't have to right now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Another option is to install a 3rd party software product such as cyber patrol to limit Internet access or indeed block all www sites for that user account.
ASKER
I think I might have it solved it. I have setup Internet Explorer to use a Proxy server and to bypass the server on local addresses as well as "certain" websites. I set the proxy server to point to the local machine so if they try to go anywhere except for the places I have listed as "bypass" sites, they get an error.
On top of all that, I of course locked down the controls so they can't undo this little trick. The user was mighty surprised at the effectiveness of the policy when I applied it to thier account today.
I am going to run some other tests to see if it is what I want, and if so I will award points, etc... at that time.
Thanks.
On top of all that, I of course locked down the controls so they can't undo this little trick. The user was mighty surprised at the effectiveness of the policy when I applied it to thier account today.
I am going to run some other tests to see if it is what I want, and if so I will award points, etc... at that time.
Thanks.
Use C:\Programs\Internet Explorer\iexplore.exe as user based custom shell
Implement a User Based Custom Shell (Windows 2000/XP)
http://www.winguides.com/registry/display.php/849/
Replacing the Microsoft Graphical Identification and Authentication DLL (MSGINA.DLL)
http://www.microsoft.com/windows2000/docs/msgina.doc
Implement a User Based Custom Shell (Windows 2000/XP)
http://www.winguides.com/registry/display.php/849/
Replacing the Microsoft Graphical Identification and Authentication DLL (MSGINA.DLL)
http://www.microsoft.com/windows2000/docs/msgina.doc
When I did my MCSE (which I did in a technical school) I implemented this on my final project by using a Shell as trywaredk already mentioned in the last post.
The page restriction I did with the help of ISA server 2000. My configuration logged the user out automatically if he closed Internet Explorer.
Hope this helps,
Daniel F.
The page restriction I did with the help of ISA server 2000. My configuration logged the user out automatically if he closed Internet Explorer.
Hope this helps,
Daniel F.
:o) Glad I could help you - thank you for the points