[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Restricting user capabilities

Posted on 2005-05-10
3
Medium Priority
?
188 Views
Last Modified: 2010-04-14
I there a way in Windows 2000/XP to create a login with access to limited Windows functionality.  I would like to create an environment where a user can access only one application, which resides on our database server.  Ideally, I would have a desktop with one icon and no access to the start function.  Is there a third party product that provides this functionality.  I basically want to create an environment similar to that which is created when using the restricted shell in Unix (showing my age here).  Any assistance would be appreciated.
0
Comment
Question by:joespaz99
1 Comment
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 13972750
Hi joespaz99,
Writing a LOCAL computer Policy

NOTE write the policy as the local administrator and leave the mmc on the administrators desktop to avoid locking your self down!

To open a local access policy window
Start > Run > type gpedit.msc

Basically there are two types of policy computer policy and user policy

Good info on policies and applying them to remote PC’s
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/dsec/dsec_pol_dbyy.asp

Common tasks can be performed in the following locations

Internet Explorer Settings

Lock the homepage
User Configuration > Windows Settings > Internet Explorer Maintenance >Important URL’s
Lock the Proxy server
User Configuration > Windows Settings > Internet Explorer Maintenance >Connection > Proxy Settings

Logon & Logoff Scripts

Logon
User Configuration > Windows Settings > Scripts > Logon
Logoff
User Configuration > Windows Settings > Scripts > off

Password & Account Lockout Policies

Computer Configuration > Security Settings > Password Policy >
Computer Configuration > Security Settings > Account Lockout Policy >

Auditing Policies

Computer Configuration > Local Policies > Audit Policy

*****User rights assignment*****

Computer Configuration > Local Policies > User rights assignment

Change The Time
Windows settings >Security Settings >Local Policy's >User Rights Assignments >Change the system time


COMMON POLICIES AND WHERE TO FIND THEM

Don’t display last logon Name
Computer Configuration > Local Policies > Security Options > Do not display last user name in login screen (enable)
Stop users installing unsigned Drivers
Computer Configuration > Local Policies > Security Options > Unsigned Driver installation behaviour

REMEMBER save the MMC console on the Administrators Desktop!

HOW TO: Apply Local Policies to all Users Except Administrators on Windows 2000 in a Workgroup Setting
http://support.microsoft.com/?kbid=293655

PeteL
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Social messanging services like WhatsApp and Facebook can help businesses in ways that many owners don't even imagine, giving new opportunities to connect with customers. Discover some of the most innovative things they can do for your company.
Loops Section Overview
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question