bleech677
asked on
Lockdown Win2k for a single app
Hi,
I've written an application that I need to run on win2k. The problem is I need to lockdown the box so the only thing that can run is the application.
How can I disable the start menu (or limit it)?
How can I prevent ctrl+alt+del then run a task from there?
How can I start the app on login(besides a login script)?
Is this what is called 'kiosk' mode?
Can most of this be done without modding the registry?
Can the lockdown be implemented only for certain usernames?
Anyway if I missed anything please let me know - additional info/suggestions apreciated. Any links to pertinent sites also are great.
Thanks in advance!
I've written an application that I need to run on win2k. The problem is I need to lockdown the box so the only thing that can run is the application.
How can I disable the start menu (or limit it)?
How can I prevent ctrl+alt+del then run a task from there?
How can I start the app on login(besides a login script)?
Is this what is called 'kiosk' mode?
Can most of this be done without modding the registry?
Can the lockdown be implemented only for certain usernames?
Anyway if I missed anything please let me know - additional info/suggestions apreciated. Any links to pertinent sites also are great.
Thanks in advance!
All this can be done with group policies
Click on start run and type GPEDIT.MSC
The group policy console will be displayed
You will see computer configuration
Software setting
Windows settings
Administrative templates
User configuration
Software setting
Windows settings
Administrative templates
You can do all you want by enabling and disabling policies
Click on start run and type GPEDIT.MSC
The group policy console will be displayed
You will see computer configuration
Software setting
Windows settings
Administrative templates
User configuration
Software setting
Windows settings
Administrative templates
You can do all you want by enabling and disabling policies
ASKER
FYI Its a member of an AD domain (win2k advanced server)
dltsd and carlos, do you mind being more specific - can you give me some examples? I am really a developer not an admin though I understood pretty much everything though I'd like some more detail (or perhaps you have a link to a guide online or a book I can look at)
dltsd, when you say "...desktop a user receives and apply it to an OU so that it will apply to all users in that OU." Does it matter if I use local profiles or must I use a roaming profile?
To all,
Should gpedit.msc be run on the DC or the Workstation?
Anyway, please give me some detail/walkthroughs if you can. Like I said, I'm a developer not an Admin - unfortunaltly I have to fill both roles
Thanks,
dltsd and carlos, do you mind being more specific - can you give me some examples? I am really a developer not an admin though I understood pretty much everything though I'd like some more detail (or perhaps you have a link to a guide online or a book I can look at)
dltsd, when you say "...desktop a user receives and apply it to an OU so that it will apply to all users in that OU." Does it matter if I use local profiles or must I use a roaming profile?
To all,
Should gpedit.msc be run on the DC or the Workstation?
Anyway, please give me some detail/walkthroughs if you can. Like I said, I'm a developer not an Admin - unfortunaltly I have to fill both roles
Thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here are a couple of links that may help
http://support.microsoft.com/default.aspx?scid=kb;en-us;278295
more for Terminal servers but same concept
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/grpolwt.mspx
YOu can also download examples from here
http://www.microsoft.com/downloads/details.aspx?FamilyID=354b9f45-8aa6-4775-9208-c681a7043292&displaylang=en
Hope this helps.
http://support.microsoft.com/default.aspx?scid=kb;en-us;278295
more for Terminal servers but same concept
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/grpolwt.mspx
YOu can also download examples from here
http://www.microsoft.com/downloads/details.aspx?FamilyID=354b9f45-8aa6-4775-9208-c681a7043292&displaylang=en
Hope this helps.
ASKER
dltsd,
Works great, thanks. btw: is there any way to add 'templates' e.g. Disable control panel is an option but say I want to add a template 'disable right click' - I may not be using the correct terminology here so forgive me.
Works great, thanks. btw: is there any way to add 'templates' e.g. Disable control panel is an option but say I want to add a template 'disable right click' - I may not be using the correct terminology here so forgive me.
Take a look at this site it has some good information on using security templates and group policies.
http://www.microsoft.com/windows2000/techinfo/planning/security/secconfsteps.asp
http://www.microsoft.com/windows2000/techinfo/planning/security/secconfsteps.asp
Everything you are asking about here can be done by implementing group policies on the Server at the domain level.
If the server is a member of the domain you can create a group policy object to completely lock down the entire desktop a user receives and apply it to an OU so that it will apply to all users in that OU.
You can then create a mandatory profile for all users and have only an Icon on the profile for the application you want users to run and apply the profile through group policies also.