[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Lockdown Win2k for a single app

Posted on 2004-04-22
7
Medium Priority
?
658 Views
Last Modified: 2012-05-04
Hi,

I've written an application that I need to run on win2k. The problem is I need to lockdown the box so the only thing that can run is the application.

How can I disable the start menu (or limit it)?
How can I prevent ctrl+alt+del then run a task from there?
How can I start the app on login(besides a login script)?
Is this what is called 'kiosk' mode?
Can most of this be done without modding the registry?
Can the lockdown be implemented only for certain usernames?

Anyway if I missed anything please let me know - additional info/suggestions apreciated. Any links to pertinent sites also are great.

Thanks in advance!

0
Comment
Question by:bleech677
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 1

Expert Comment

by:dltsd
ID: 10893299
Is this a standalone Win2K server?Or Is it a member of a AD domain?
 
Everything you are asking about here can be done by implementing group policies on the Server at the domain level.

If the server is a member of the domain you can create a group policy object to completely lock down the entire desktop a user receives and apply it to an OU so that it will apply to all users in that OU.

You can then create a mandatory profile for all users and have only an Icon on the profile for the application you want users to run and apply the profile through group policies also.    
0
 

Expert Comment

by:carlosdurango
ID: 10893339
All this can be done with group policies
Click on start run and type GPEDIT.MSC
The group policy console will be displayed

You will see computer configuration
            Software setting
            Windows settings
            Administrative templates
User configuration
            Software setting
            Windows settings
            Administrative templates

You can do all you want by enabling and disabling policies
0
 
LVL 3

Author Comment

by:bleech677
ID: 10893741
FYI Its a member of an AD domain (win2k advanced server)  

dltsd and carlos, do you mind being more specific - can you give me some examples? I am really a developer not an admin though I understood pretty much everything though I'd like some more detail (or perhaps you have a link to a guide online or a book I can look at)

dltsd, when you say "...desktop a user receives and apply it to an OU so that it will apply to all users in that OU." Does it matter if I use local profiles or must I use a roaming profile?

To all,
Should gpedit.msc be run on the DC or the Workstation?

Anyway, please give me some detail/walkthroughs if you can. Like I said, I'm a developer not an Admin - unfortunaltly I have to fill both roles

Thanks,
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 1

Accepted Solution

by:
dltsd earned 2000 total points
ID: 10894495
For your case an example would be

Lets say all users that need access are in the following OU
USER

To enforce a policy that would control the desktop a user sees when they login to the DOMAIN.
 
You would then on the DC
 
open AD users and computers
go to the USER OU
right click and select properties
select the Group policy tab
click the edit button
Click New to add a New Group Policy on the USER OU
Name the Group policy, and then double click it

You can now Go to the "User Configuration"
THen to "Administrative Templates"
From here you can navigate through the policies and enable the settings you need.
After you enable all your settings close the Policy MMC

Then from the properties tab
Click the options button
Then check the No Override Check box (To ensure the policy takes effect and is not overridden by the Default policy)
Click OK

Now, everytime a user whose USER object is in the USER OU, logons to the Domain whatever you took away in the group policy will be enforced.

I.E. Everything you mentioned earlier.



0
 
LVL 1

Expert Comment

by:dltsd
ID: 10894535
0
 
LVL 3

Author Comment

by:bleech677
ID: 10900368
dltsd,

Works great, thanks. btw: is there any way to add 'templates' e.g. Disable control panel is an option but say I want to add a template 'disable right click' - I may not be using the correct terminology here so forgive me.
0
 
LVL 1

Expert Comment

by:dltsd
ID: 10901493
Take a look at this site it has some good information on using security templates and group policies.  

http://www.microsoft.com/windows2000/techinfo/planning/security/secconfsteps.asp

0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Desired Skill Set for Microsoft Dynamics CRM Technical Resources – Part III
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question