Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Domain User Restriction

Posted on 2006-06-19
9
Medium Priority
?
416 Views
Last Modified: 2008-03-10
Hello,
          I have a windows 2000 domain and need to restrict one user from being able to access the internet and several applications, this user is
a temporary worker and should only access excel while they are here, I have looked under user rights and could not find where this would be implemented, I have not checked under user policy yet but don,t believe this is it either, can anyone please tell me how to restrict a single user to just excel on the domain...


Thanks
0
Comment
Question by:etec
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 44

Assisted Solution

by:zephyr_hex (Megan)
zephyr_hex (Megan) earned 600 total points
ID: 16936299
do you often have temp workers?  if not, then it may not be worth the hassle to set up a domain policy.  it may be easier to set up a local account and change the local policy for that one account.  you can then restrict internet access by setting a static IP on the computer and blocking the IP in your router.
0
 
LVL 4

Expert Comment

by:drauch
ID: 16936345
you could create a policy to restrict the users environment (desktop, start menu redirection etc) so they cannot launch IE or other programs.  You could also set a fake proxy server for IE in the policy to prevent access to the internet.  If you are using ISA as your firewall/proxy you can restrict the user account's access to the internet.

Its not the nicest method but it will work.  You could also use what zephyr mentioned by setting a static ip etc.

0
 
LVL 13

Expert Comment

by:prashsax
ID: 16936434
You can implement Software Restirction policy on an OU.

Create an OU called(TempUsers) or something.

Move, this userid in this OU.

Then create a Software restriction policy(Disallowed Mode). But be carefull.

Apply this policy to a TestOU first and test it completely.

Here is the link to create Software restriction policy. Create it in disallowed mode.
http://support.microsoft.com/?kbid=310791

After this create a hash rule for the excel.exe file. This will ensure that only this thing works.

Link for hash rule.
http://support.microsoft.com/kb/324036/en-us

But be carefull, if done incorrectly can affect the operating system. If it does, just delete the Group policy from OU.

Make sure that do apply this on OU and not on domain.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Assisted Solution

by:bilbus
bilbus earned 600 total points
ID: 16936690
You can also just use group policys and have a policy that adds a proxy to Ie, and locks the proxy setting.

Its in user config, internet explorer maintence section

If the user installs another brouser like firefox this will not work

Hex has a good idea
If you can, i would set the router to block all access from that ip address (give user static ip)

If you cant do that, remove the default gateway from the ip address settings
0
 
LVL 1

Author Comment

by:etec
ID: 16936929
Hello,
         All good suggestions but this user is not assigned to a particular machine, so blocking the ip address will not work, it would appear i need to create a policy ?, any suggestions on how to do this safely, this is a small company and all of the employess are trusted so we have never implemented something like this and really don,t know how, any advice greatly appreciated...


Thanks.


0
 
LVL 1

Author Comment

by:etec
ID: 16936948
Also,
         We have temp workers come in once every 6 months or so, based on need....
0
 
LVL 8

Expert Comment

by:bilbus
ID: 16936956
you apply the policy i sugested to the user, so it would be applyed to his user account. When user 1 logs in, everthing is normal. When temp guy logs in IE will block internet access.

If the temp uses a computer that somoen else is loged into, there will be no ristrictions
0
 
LVL 8

Expert Comment

by:bilbus
ID: 16936982
well, you would add the temp users to a group called "temp users" and apply the policy to the whole group. That way you dont need to change anything for each user, just make them a member of the group. This will not work for 3rd party brousers .. only IE
0
 
LVL 13

Accepted Solution

by:
prashsax earned 800 total points
ID: 16937193
If you create software restriction policy in disallowed mode.
Any create a rule for Excel only.

Anyways no other software can run.(IExplore or Firefox or anything else).

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question