Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How can I totally secure a pc so a user can only run 1 program

Posted on 2004-10-25
7
Medium Priority
?
177 Views
Last Modified: 2013-12-04
Hello,

I would like to secure a pc (running windows xp pro) so a certain user can only run 1 game.
So he shouldn't do anything else on the pc.
Can I use local security templates?

He shouldn't access the registry, the c-drive, .... nothing.

When he exits the game, he should only see the desktop with the game icon... .
He shouldn't even be able to access the start button.

How can I do this pls?

ps, the user HAS access to the keyboard and mouse ...
0
Comment
Question by:T-Quest
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Accepted Solution

by:
NetworkArchitek earned 80 total points
ID: 12398251
Hi T-Quest,
Well, all right, you need to use group policy. If you only want to do this on the local machine, do this. Start>Run>MMC. Then once you are in the console click "Console">"Add/Remove Snapin">Add>Group Policy. Then hit ok. From there go to User Configuration>Administrate Templates. There you will find all the things you need. You can put a shortcut to the game on his desktop and remove EVERYTHING, including the start menu and ability to right click on the desktop or use keyboard shortcuts to access the "run" menu and all that.

Next, go to %systemroot%\system32\GroupPolicy , and go to the permissions of that folder and DENY the Administrators "read" access to that folder and anyone else you DO NOT want to be "locked down." Or else the same thing will happen to you!

Cheers!
0
 
LVL 10

Expert Comment

by:dis1931
ID: 12398261
Not possible on an XP Pro PC unless joined to the domain.  At least not with any built in functionality of XP, there may be a third party app that does this but I am not aware of any.  If it was joined to a domain a Group Policy could be created allowing access to only the game and denying access to anything else.  So clicking on any other program would cause an access denied message to appear.  This could be combined with hiding icons, and editing the start menu therefore providing few if any choices for the user to even see and none that will work.  However on a local XP Pro implementation setting a group policy will affect all users including the admin and cause irreversible problems....so setting access to only one program will mean that even the admin will only be able to access this one program as well.

This can also be done through terminal services but this is as well a server side implementation.

Dis
0
 

Author Comment

by:T-Quest
ID: 12398519
Hello NA,

Thx for the very good answer.
I do have one more problem though ....

When I disable read access for the admins, it doesn't have any affect.
I can't open the group policy anymore, because I denied read access, so that is ok.... but the group policy is STILL applied to the admins!
So when I logon as admin, I have restrictions .... what can I do about this?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:T-Quest
ID: 12398634
already found it... I was doing fast user swicthing instead of logging of administrator .....
0
 
LVL 10

Expert Comment

by:dis1931
ID: 12398772
?Does denying read access to that folder work?  If a change needs to be made will he have to change permissions and then run gpedit.msc...and then change the permissions back again?  I didn't know this was possible but would suggest that you be careful as you can very easily lock yourself out if you forget to edit permissions or otherwise....though i do like the workaround...sure it will come in handy

Dis
0
 
LVL 10

Expert Comment

by:NetworkArchitek
ID: 12398829
No, it works fine. Yes, if you want to edit it you have to go back and change the permissions but you will not be editing it that often. You retain ownership, you simply deny yourself read and read&execute access.
0
 
LVL 10

Expert Comment

by:dis1931
ID: 12401004
Nice....I wish I had thought of that a while ago....lol...It would have come in handy

Dis
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Loops Section Overview
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question