Solved

How to lockdown an Windows XP machine to be used as a Kiosk machine.

Posted on 2006-06-19
7
277 Views
Last Modified: 2012-08-13
I want to take a windows XP Pro PC and using the local policy and or additional reg hacks or other solutions, lock the machine down to prevent use other than IE browsing.  I would lso like users to be able to open PDF documents for viewing but not download them to the desktop.  Again I want to prevent all any and all ability to access functionality to modify the system by a user who is using the PC.
0
Comment
Question by:kapara
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 4

Expert Comment

by:woodas26
ID: 16937761
What about running IE6 in Kiosk mode:  http://www.microsoft.com/windowsxp/using/setup/learnmore/tips/oswald1.mspx

Is this PC part of a domain?
0
 
LVL 12

Expert Comment

by:gidds99
ID: 16937809
You would want to ensure they were running as limited users firstly.  You would then install software (such as Acrobat) they require.  Modify the start menu so they only have access to required areas and ensure the desktop and quicklaunch areas only contain authorised links.  To prevent saving to the desktop you should set NTFS permissions.  The actual local policy contains numerous settings and I wont list them here but you will need to work through each one and enforce the policies you want to apply.  Pay special attention to access to the local drives, control panel, windows explorer and Internet Explorer restrictions.  Many local policy settings may not apply or can be otherwise mitigated through other policy options.

Hope this helps.
0
 
LVL 4

Expert Comment

by:woodas26
ID: 16937831
Are you just worried about people tampering with settings?  I have several PC that I use here that are avalible to all employees.  I'm using IE in Kiosk mode, along with mandatory profiles.  You can just rename the ntuser.dat file to ntuser.man.  That way if someone gets in there and srcews with any settings, all the changes they make are lost as soon as they log out.  Just a thought...  Hope this helps.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:kapara
ID: 16937966
I understand that I would want to lock down the PC.  What I am looking for is some type of cheat sheet of keys within local policy and or other locations which I should lockdown.  I posted this question to get the detailed steps.  Not the general concept.  I am hoping someone out there has a step by step guide on how to lock down the PC for this type of use.

0
 
LVL 1

Author Comment

by:kapara
ID: 16937991
In regards to the ntuser.man.  Can you still make changes to the local policy and have thos settings apply even though you have changed the ntuser.dat?  Also this is a workgroup (Stand Alone) PC.
0
 
LVL 10

Assisted Solution

by:bbrunning
bbrunning earned 50 total points
ID: 16939405
Load the group policy editor.  Start/Run/ mmc.exe
add snapin group policy.

You can limit a number of things in windows. Stick in administrative templates to limit what you need. There are soo many options in here it's kind of hard to just do a cheat sheet for you. Looking around will help you because most of them are self explanatory.

Examples:

User Configuration/Administrative Templates/System/Ctrl+Alt+Del options
Here you can remove task manager, change password, and lock computer, You can even disable log off if you want.

Then in

User Configuration/Administrative Templates/Windows Components/Desktop
You can remove active desktop, my documents, my computer, etc

User Configuration/Administrative Templates/Windows Components/Internet Explorer
here you can lock out many of the features of internet explorer, users could still download and view PDF's from IE but run IE in kiosk mode like said above and only allow them to run adobe reader.

Just look around and you'll see ways of lockin XP down really well.

0
 
LVL 3

Accepted Solution

by:
griffin36 earned 450 total points
ID: 16940519
Microsoft recently released the Shared Computer Toolkit, designed to help with this sort of thing, available here: http://www.microsoft.com/windowsxp/sharedaccess/default.mspx
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Are you unable to synchronize your OST (Offline Storage Table) file with Microsoft Exchange Server? Is your OST file exceeding 2 GB size limit? In Microsoft Outlook 2002 and earlier versions, there is a 2 GB size limit for the OST file. If the file …
Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question