jcks
asked on
Controlling the use of PC's resources and web browsing by users
I will be installing several PCs into a shared office space. The desired outcome of this is to have PCs that the users cannot install/uninstall any programs to, cannot add any new hardware devices, and finally, only use the Internet to access one specific site. Basically we have a web application that we want the users to access and use and that's it. I think I can lock up the PC sufficiently with group policy and some regedit tweaks, but I'm having a difficult time figuring out how to restrict the web access. If anyone has any experience with 3rd party software or anything that does something like this, I'd appreciate the point in the right direction. Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Finally. If the users don't have to write data to the hard drive. You can get these systems tight as a drum with DeepFreeze www.faronics.com With this program they can do nothing to the system. Well they can make changes and stuff, but as soon as they restart the system goes right back to where it was.
With DeepFreeze you can select the partitions to be "frozen".
If they do need to write to the hard drive, partition the system and redirect their profiles to the new partition. They can save stuff to that but no changes can take effect on the c:\ drive.
With DeepFreeze you can select the partitions to be "frozen".
If they do need to write to the hard drive, partition the system and redirect their profiles to the new partition. They can save stuff to that but no changes can take effect on the c:\ drive.
ASKER
Thanks for the reply. Where do I put the website(s) that I would like to give access to? In the Trusted Sites Zone?
ASKER
Also thanks for the link to www.faronics.com. Looks like they have what I'm looking for. It looks like I could use WinSelect to do what I'm looking for with the PCs and the websites. Any experience in this app?
put it in the exceptions list for the proxy server.
Internet Explorer > Tools > Internet Options > Connections tab. > Lan Settings button
uncheck Automatically detect settings.
check Use a proxy server for your lan
add a bogus ip in the address box. 192.192.192.192 port 14000
Check the Bypass proxy server for local addresses.
Click the Advanced button.
In the Exceptions box enter the web address you want to allow. Enter it with an asterick in the beggining or the name of the internal server they're going to be accessing. like:
*.youdomain.local; webappserver
Internet Explorer > Tools > Internet Options > Connections tab. > Lan Settings button
uncheck Automatically detect settings.
check Use a proxy server for your lan
add a bogus ip in the address box. 192.192.192.192 port 14000
Check the Bypass proxy server for local addresses.
Click the Advanced button.
In the Exceptions box enter the web address you want to allow. Enter it with an asterick in the beggining or the name of the internal server they're going to be accessing. like:
*.youdomain.local; webappserver
ASKER
Lovely. It works great, though I found that using my local PC IP of 127.0.0.1 for the bogus IP seemed to work better for my situation for some reason. I'm connecting to an in house server via an https connection, so maybe that had something to do with it? Regardless, this does the trick nicely.
I couldn't find the Internet Explorer key in your reg-edit recommendation, but I was able to find the same functions with the Group Policy editor and it does the job. Thanks for the tips, it's been very useful. The only thing I noticed is that the Privacy Tab for the Internet Options still remains. Anyway, full credit to you, thanks
I couldn't find the Internet Explorer key in your reg-edit recommendation, but I was able to find the same functions with the Group Policy editor and it does the job. Thanks for the tips, it's been very useful. The only thing I noticed is that the Privacy Tab for the Internet Options still remains. Anyway, full credit to you, thanks
Yes, the reg keys are not there. You must create them. :) Thanks for the points!
ASKER