Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 150
  • Last Modified:

Controlling the use of PC's resources and web browsing by users

I will be installing several PCs into a shared office space.  The desired outcome of this is to have PCs that the users cannot install/uninstall any programs to, cannot add any new hardware devices, and finally, only use the Internet to access one specific site.  Basically we have a web application that we want the users to access and use and that's it.  I think I can lock up the PC sufficiently with group policy and some regedit tweaks, but I'm having a difficult time figuring out how to restrict the web access.   If anyone has any experience with 3rd party software or anything that does something like this, I'd appreciate the point in the right direction. Thanks
0
jcks
Asked:
jcks
  • 4
  • 4
1 Solution
 
jcksAuthor Commented:
These PCs are all running Windows 2000 Professional
0
 
craylordCommented:
In Internet Exploer > Tools > Internet Options > Connections tab > LAN Settings > Uncheck the automatically detect settings and check use proxy server and bypass proxy server for local address. Enter bogus IP and port info into the proxy. 192.168.1.15 port 14000. Click the Advance button. Enter the web address of the address you want to give access to. like  
*.microsoft.com
Now it will attempt to look for a proxy when accessing the internet and fail :)

Next step if the user is technically savvy and knows how to uncheck these settings. There is a registry entry that will hide the Connections tab in Internet Options.

Here is the key to hide the connections tab from Internet Explorer options.

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\
   Add Dword named ConnectionsTab
   Edit the value and change it to 1
     1 = hidden 0 = visible

You can also disable other tabs in the same reg with dwords of:
SecurityTab
GeneralTab
ProgramsTab
AdvancedTab
ContentTab
0
 
craylordCommented:
Finally. If the users don't have to write data to the hard drive. You can get these systems tight as a drum with DeepFreeze www.faronics.com  With this program they can do nothing to the system. Well they can make changes and stuff, but as soon as they restart the system goes right back to where it was.

With DeepFreeze you can select the partitions to be "frozen".

If they do need to write to the hard drive, partition the system and redirect their profiles to the new partition. They can save stuff to that but no changes can take effect on the c:\ drive.
0
Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

 
jcksAuthor Commented:
Thanks for the reply. Where do I put the website(s) that I would like to give access to?  In the Trusted Sites Zone?
0
 
jcksAuthor Commented:
Also thanks for the link to www.faronics.com. Looks like they have what I'm looking for.  It looks like I could use WinSelect to do what I'm looking for with the PCs and the websites. Any experience in this app?
0
 
craylordCommented:
put it in the exceptions list for the proxy server.

Internet Explorer > Tools > Internet Options > Connections tab. > Lan Settings button
uncheck Automatically detect settings.
check Use a proxy server for your lan
  add a bogus ip in the address box. 192.192.192.192 port 14000
Check the Bypass proxy server for local addresses.
Click the Advanced button.
 In the Exceptions box enter the web address you want to allow. Enter it with an asterick in the beggining or the name of the internal server they're going to be accessing. like:
*.youdomain.local; webappserver
0
 
jcksAuthor Commented:
Lovely. It works great, though I found that using my local PC IP of 127.0.0.1 for the bogus IP seemed to work better for my situation for some reason. I'm connecting to an in house server via an https connection, so maybe that had something to do with it? Regardless, this does the trick nicely.  

I couldn't find the Internet Explorer key in your reg-edit recommendation, but I was able to find the same functions with the Group Policy editor and it does the job.  Thanks for the tips, it's been very useful.  The only thing I noticed is that the Privacy Tab for the Internet Options still remains.  Anyway, full credit to you, thanks
0
 
craylordCommented:
Yes, the reg keys are not there. You must create them. :) Thanks for the points!
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now