Solved

Locking Down XP

Posted on 2004-10-19
5
149 Views
Last Modified: 2013-12-04
I am updating a number of business PC's to XP Pro. This seems like a good time to increase security. I want to know if I can use group policy to prevent users (or hackers) from installing programs or visiting unapproved websites. These users only need to visit 4 or 5 business related sites, and I can install any needed programs with the "install as" option.   Thanks
0
Comment
Question by:mr_kev
5 Comments
 
LVL 18

Accepted Solution

by:
luv2smile earned 100 total points
ID: 12360946
The first step would be to not grant them admin rights....most programs require admin rights to install

There are software restriction policies that you can set up with group policy, but here's the thing: You either have to 1.  block all programs except ones that you specify or 2.  know the programs you wish to block.

http://support.microsoft.com/default.aspx?scid=kb;en-us;324036

1. is very hard to setup and is often full of problems, etc. and takes a long time to perfect.
0
 
LVL 16

Assisted Solution

by:kbbcnet
kbbcnet earned 100 total points
ID: 12440343
Make everyone other than you part of the "Users" group, not "Power User" or "Administrator" groups.  This way they can't install programs; however, this will not stop all installations, such as screensavers, wallpapers, spyware, etc.

The MS article referenced above is also a good starting point, however complex to implement.  

You may want to try a third party solution to assist you in this task such as "Deep Freeze" by Faronics.  See their webpage - http://www.faronics.com/.  This product will basically make an image of the PC's O/S then restore it everytime you reboot....no installation crap to worry about then; just reboot it.

There are a number of internet content filtering products out there for blocking access to various websites.  They typically include 'black lists' for bad sites and 'white lists' for approved sites.  Most of these programs allow you to specify 'custom' lists of webpages you want to deny access to.

Good luck!
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now