Restricting user capabilities

Posted on 2005-05-10
Last Modified: 2010-04-14
I there a way in Windows 2000/XP to create a login with access to limited Windows functionality.  I would like to create an environment where a user can access only one application, which resides on our database server.  Ideally, I would have a desktop with one icon and no access to the start function.  Is there a third party product that provides this functionality.  I basically want to create an environment similar to that which is created when using the restricted shell in Unix (showing my age here).  Any assistance would be appreciated.
Question by:joespaz99
    1 Comment
    LVL 57

    Accepted Solution

    Hi joespaz99,
    Writing a LOCAL computer Policy

    NOTE write the policy as the local administrator and leave the mmc on the administrators desktop to avoid locking your self down!

    To open a local access policy window
    Start > Run > type gpedit.msc

    Basically there are two types of policy computer policy and user policy

    Good info on policies and applying them to remote PC’s

    Common tasks can be performed in the following locations

    Internet Explorer Settings

    Lock the homepage
    User Configuration > Windows Settings > Internet Explorer Maintenance >Important URL’s
    Lock the Proxy server
    User Configuration > Windows Settings > Internet Explorer Maintenance >Connection > Proxy Settings

    Logon & Logoff Scripts

    User Configuration > Windows Settings > Scripts > Logon
    User Configuration > Windows Settings > Scripts > off

    Password & Account Lockout Policies

    Computer Configuration > Security Settings > Password Policy >
    Computer Configuration > Security Settings > Account Lockout Policy >

    Auditing Policies

    Computer Configuration > Local Policies > Audit Policy

    *****User rights assignment*****

    Computer Configuration > Local Policies > User rights assignment

    Change The Time
    Windows settings >Security Settings >Local Policy's >User Rights Assignments >Change the system time


    Don’t display last logon Name
    Computer Configuration > Local Policies > Security Options > Do not display last user name in login screen (enable)
    Stop users installing unsigned Drivers
    Computer Configuration > Local Policies > Security Options > Unsigned Driver installation behaviour

    REMEMBER save the MMC console on the Administrators Desktop!

    HOW TO: Apply Local Policies to all Users Except Administrators on Windows 2000 in a Workgroup Setting


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now