Solved

How to lockdown an Windows XP machine to be used as a Kiosk machine.

Posted on 2006-06-19
7
274 Views
Last Modified: 2012-08-13
I want to take a windows XP Pro PC and using the local policy and or additional reg hacks or other solutions, lock the machine down to prevent use other than IE browsing.  I would lso like users to be able to open PDF documents for viewing but not download them to the desktop.  Again I want to prevent all any and all ability to access functionality to modify the system by a user who is using the PC.
0
Comment
Question by:kapara
7 Comments
 
LVL 4

Expert Comment

by:woodas26
Comment Utility
What about running IE6 in Kiosk mode:  http://www.microsoft.com/windowsxp/using/setup/learnmore/tips/oswald1.mspx

Is this PC part of a domain?
0
 
LVL 12

Expert Comment

by:gidds99
Comment Utility
You would want to ensure they were running as limited users firstly.  You would then install software (such as Acrobat) they require.  Modify the start menu so they only have access to required areas and ensure the desktop and quicklaunch areas only contain authorised links.  To prevent saving to the desktop you should set NTFS permissions.  The actual local policy contains numerous settings and I wont list them here but you will need to work through each one and enforce the policies you want to apply.  Pay special attention to access to the local drives, control panel, windows explorer and Internet Explorer restrictions.  Many local policy settings may not apply or can be otherwise mitigated through other policy options.

Hope this helps.
0
 
LVL 4

Expert Comment

by:woodas26
Comment Utility
Are you just worried about people tampering with settings?  I have several PC that I use here that are avalible to all employees.  I'm using IE in Kiosk mode, along with mandatory profiles.  You can just rename the ntuser.dat file to ntuser.man.  That way if someone gets in there and srcews with any settings, all the changes they make are lost as soon as they log out.  Just a thought...  Hope this helps.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 1

Author Comment

by:kapara
Comment Utility
I understand that I would want to lock down the PC.  What I am looking for is some type of cheat sheet of keys within local policy and or other locations which I should lockdown.  I posted this question to get the detailed steps.  Not the general concept.  I am hoping someone out there has a step by step guide on how to lock down the PC for this type of use.

0
 
LVL 1

Author Comment

by:kapara
Comment Utility
In regards to the ntuser.man.  Can you still make changes to the local policy and have thos settings apply even though you have changed the ntuser.dat?  Also this is a workgroup (Stand Alone) PC.
0
 
LVL 10

Assisted Solution

by:bbrunning
bbrunning earned 50 total points
Comment Utility
Load the group policy editor.  Start/Run/ mmc.exe
add snapin group policy.

You can limit a number of things in windows. Stick in administrative templates to limit what you need. There are soo many options in here it's kind of hard to just do a cheat sheet for you. Looking around will help you because most of them are self explanatory.

Examples:

User Configuration/Administrative Templates/System/Ctrl+Alt+Del options
Here you can remove task manager, change password, and lock computer, You can even disable log off if you want.

Then in

User Configuration/Administrative Templates/Windows Components/Desktop
You can remove active desktop, my documents, my computer, etc

User Configuration/Administrative Templates/Windows Components/Internet Explorer
here you can lock out many of the features of internet explorer, users could still download and view PDF's from IE but run IE in kiosk mode like said above and only allow them to run adobe reader.

Just look around and you'll see ways of lockin XP down really well.

0
 
LVL 3

Accepted Solution

by:
griffin36 earned 450 total points
Comment Utility
Microsoft recently released the Shared Computer Toolkit, designed to help with this sort of thing, available here: http://www.microsoft.com/windowsxp/sharedaccess/default.mspx
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now