Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Domain User Restriction

Posted on 2006-06-19
9
410 Views
Last Modified: 2008-03-10
Hello,
          I have a windows 2000 domain and need to restrict one user from being able to access the internet and several applications, this user is
a temporary worker and should only access excel while they are here, I have looked under user rights and could not find where this would be implemented, I have not checked under user policy yet but don,t believe this is it either, can anyone please tell me how to restrict a single user to just excel on the domain...


Thanks
0
Comment
Question by:etec
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 43

Assisted Solution

by:zephyr_hex (Megan)
zephyr_hex (Megan) earned 150 total points
ID: 16936299
do you often have temp workers?  if not, then it may not be worth the hassle to set up a domain policy.  it may be easier to set up a local account and change the local policy for that one account.  you can then restrict internet access by setting a static IP on the computer and blocking the IP in your router.
0
 
LVL 4

Expert Comment

by:drauch
ID: 16936345
you could create a policy to restrict the users environment (desktop, start menu redirection etc) so they cannot launch IE or other programs.  You could also set a fake proxy server for IE in the policy to prevent access to the internet.  If you are using ISA as your firewall/proxy you can restrict the user account's access to the internet.

Its not the nicest method but it will work.  You could also use what zephyr mentioned by setting a static ip etc.

0
 
LVL 13

Expert Comment

by:prashsax
ID: 16936434
You can implement Software Restirction policy on an OU.

Create an OU called(TempUsers) or something.

Move, this userid in this OU.

Then create a Software restriction policy(Disallowed Mode). But be carefull.

Apply this policy to a TestOU first and test it completely.

Here is the link to create Software restriction policy. Create it in disallowed mode.
http://support.microsoft.com/?kbid=310791

After this create a hash rule for the excel.exe file. This will ensure that only this thing works.

Link for hash rule.
http://support.microsoft.com/kb/324036/en-us

But be carefull, if done incorrectly can affect the operating system. If it does, just delete the Group policy from OU.

Make sure that do apply this on OU and not on domain.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 8

Assisted Solution

by:bilbus
bilbus earned 150 total points
ID: 16936690
You can also just use group policys and have a policy that adds a proxy to Ie, and locks the proxy setting.

Its in user config, internet explorer maintence section

If the user installs another brouser like firefox this will not work

Hex has a good idea
If you can, i would set the router to block all access from that ip address (give user static ip)

If you cant do that, remove the default gateway from the ip address settings
0
 
LVL 1

Author Comment

by:etec
ID: 16936929
Hello,
         All good suggestions but this user is not assigned to a particular machine, so blocking the ip address will not work, it would appear i need to create a policy ?, any suggestions on how to do this safely, this is a small company and all of the employess are trusted so we have never implemented something like this and really don,t know how, any advice greatly appreciated...


Thanks.


0
 
LVL 1

Author Comment

by:etec
ID: 16936948
Also,
         We have temp workers come in once every 6 months or so, based on need....
0
 
LVL 8

Expert Comment

by:bilbus
ID: 16936956
you apply the policy i sugested to the user, so it would be applyed to his user account. When user 1 logs in, everthing is normal. When temp guy logs in IE will block internet access.

If the temp uses a computer that somoen else is loged into, there will be no ristrictions
0
 
LVL 8

Expert Comment

by:bilbus
ID: 16936982
well, you would add the temp users to a group called "temp users" and apply the policy to the whole group. That way you dont need to change anything for each user, just make them a member of the group. This will not work for 3rd party brousers .. only IE
0
 
LVL 13

Accepted Solution

by:
prashsax earned 200 total points
ID: 16937193
If you create software restriction policy in disallowed mode.
Any create a rule for Excel only.

Anyways no other software can run.(IExplore or Firefox or anything else).

0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction How to create multiboot configuration with XP\Vista and Windows 7 on it? And most important question - how to do this correctly so not to have any kind of nightmares we get when system gets screwed? First of all one should realize t…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question