Domain User Restriction

Posted on 2006-06-19
Last Modified: 2008-03-10
          I have a windows 2000 domain and need to restrict one user from being able to access the internet and several applications, this user is
a temporary worker and should only access excel while they are here, I have looked under user rights and could not find where this would be implemented, I have not checked under user policy yet but don,t believe this is it either, can anyone please tell me how to restrict a single user to just excel on the domain...

Question by:etec
  • 3
  • 2
  • 2
  • +2
LVL 42

Assisted Solution

by:zephyr_hex (Megan)
zephyr_hex (Megan) earned 150 total points
ID: 16936299
do you often have temp workers?  if not, then it may not be worth the hassle to set up a domain policy.  it may be easier to set up a local account and change the local policy for that one account.  you can then restrict internet access by setting a static IP on the computer and blocking the IP in your router.

Expert Comment

ID: 16936345
you could create a policy to restrict the users environment (desktop, start menu redirection etc) so they cannot launch IE or other programs.  You could also set a fake proxy server for IE in the policy to prevent access to the internet.  If you are using ISA as your firewall/proxy you can restrict the user account's access to the internet.

Its not the nicest method but it will work.  You could also use what zephyr mentioned by setting a static ip etc.

LVL 13

Expert Comment

ID: 16936434
You can implement Software Restirction policy on an OU.

Create an OU called(TempUsers) or something.

Move, this userid in this OU.

Then create a Software restriction policy(Disallowed Mode). But be carefull.

Apply this policy to a TestOU first and test it completely.

Here is the link to create Software restriction policy. Create it in disallowed mode.

After this create a hash rule for the excel.exe file. This will ensure that only this thing works.

Link for hash rule.

But be carefull, if done incorrectly can affect the operating system. If it does, just delete the Group policy from OU.

Make sure that do apply this on OU and not on domain.
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.


Assisted Solution

bilbus earned 150 total points
ID: 16936690
You can also just use group policys and have a policy that adds a proxy to Ie, and locks the proxy setting.

Its in user config, internet explorer maintence section

If the user installs another brouser like firefox this will not work

Hex has a good idea
If you can, i would set the router to block all access from that ip address (give user static ip)

If you cant do that, remove the default gateway from the ip address settings

Author Comment

ID: 16936929
         All good suggestions but this user is not assigned to a particular machine, so blocking the ip address will not work, it would appear i need to create a policy ?, any suggestions on how to do this safely, this is a small company and all of the employess are trusted so we have never implemented something like this and really don,t know how, any advice greatly appreciated...



Author Comment

ID: 16936948
         We have temp workers come in once every 6 months or so, based on need....

Expert Comment

ID: 16936956
you apply the policy i sugested to the user, so it would be applyed to his user account. When user 1 logs in, everthing is normal. When temp guy logs in IE will block internet access.

If the temp uses a computer that somoen else is loged into, there will be no ristrictions

Expert Comment

ID: 16936982
well, you would add the temp users to a group called "temp users" and apply the policy to the whole group. That way you dont need to change anything for each user, just make them a member of the group. This will not work for 3rd party brousers .. only IE
LVL 13

Accepted Solution

prashsax earned 200 total points
ID: 16937193
If you create software restriction policy in disallowed mode.
Any create a rule for Excel only.

Anyways no other software can run.(IExplore or Firefox or anything else).


Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to create custom bootable image of Centos 7.2 4 110
Site to Site Replication and Clustering 4 93
Tablets in POS (point of sale) environment 5 173
AS400 user directory 6 113
Introduction How to create multiboot configuration with XP\Vista and Windows 7 on it? And most important question - how to do this correctly so not to have any kind of nightmares we get when system gets screwed? First of all one should realize t…
As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, ( because one time I did this and I essentially had a bricked …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question