Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to lockdown an Windows XP machine to be used as a Kiosk machine.

Posted on 2006-06-19
7
Medium Priority
?
281 Views
Last Modified: 2012-08-13
I want to take a windows XP Pro PC and using the local policy and or additional reg hacks or other solutions, lock the machine down to prevent use other than IE browsing.  I would lso like users to be able to open PDF documents for viewing but not download them to the desktop.  Again I want to prevent all any and all ability to access functionality to modify the system by a user who is using the PC.
0
Comment
Question by:kapara
7 Comments
 
LVL 4

Expert Comment

by:woodas26
ID: 16937761
What about running IE6 in Kiosk mode:  http://www.microsoft.com/windowsxp/using/setup/learnmore/tips/oswald1.mspx

Is this PC part of a domain?
0
 
LVL 12

Expert Comment

by:gidds99
ID: 16937809
You would want to ensure they were running as limited users firstly.  You would then install software (such as Acrobat) they require.  Modify the start menu so they only have access to required areas and ensure the desktop and quicklaunch areas only contain authorised links.  To prevent saving to the desktop you should set NTFS permissions.  The actual local policy contains numerous settings and I wont list them here but you will need to work through each one and enforce the policies you want to apply.  Pay special attention to access to the local drives, control panel, windows explorer and Internet Explorer restrictions.  Many local policy settings may not apply or can be otherwise mitigated through other policy options.

Hope this helps.
0
 
LVL 4

Expert Comment

by:woodas26
ID: 16937831
Are you just worried about people tampering with settings?  I have several PC that I use here that are avalible to all employees.  I'm using IE in Kiosk mode, along with mandatory profiles.  You can just rename the ntuser.dat file to ntuser.man.  That way if someone gets in there and srcews with any settings, all the changes they make are lost as soon as they log out.  Just a thought...  Hope this helps.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:kapara
ID: 16937966
I understand that I would want to lock down the PC.  What I am looking for is some type of cheat sheet of keys within local policy and or other locations which I should lockdown.  I posted this question to get the detailed steps.  Not the general concept.  I am hoping someone out there has a step by step guide on how to lock down the PC for this type of use.

0
 
LVL 1

Author Comment

by:kapara
ID: 16937991
In regards to the ntuser.man.  Can you still make changes to the local policy and have thos settings apply even though you have changed the ntuser.dat?  Also this is a workgroup (Stand Alone) PC.
0
 
LVL 10

Assisted Solution

by:bbrunning
bbrunning earned 200 total points
ID: 16939405
Load the group policy editor.  Start/Run/ mmc.exe
add snapin group policy.

You can limit a number of things in windows. Stick in administrative templates to limit what you need. There are soo many options in here it's kind of hard to just do a cheat sheet for you. Looking around will help you because most of them are self explanatory.

Examples:

User Configuration/Administrative Templates/System/Ctrl+Alt+Del options
Here you can remove task manager, change password, and lock computer, You can even disable log off if you want.

Then in

User Configuration/Administrative Templates/Windows Components/Desktop
You can remove active desktop, my documents, my computer, etc

User Configuration/Administrative Templates/Windows Components/Internet Explorer
here you can lock out many of the features of internet explorer, users could still download and view PDF's from IE but run IE in kiosk mode like said above and only allow them to run adobe reader.

Just look around and you'll see ways of lockin XP down really well.

0
 
LVL 3

Accepted Solution

by:
griffin36 earned 1800 total points
ID: 16940519
Microsoft recently released the Shared Computer Toolkit, designed to help with this sort of thing, available here: http://www.microsoft.com/windowsxp/sharedaccess/default.mspx
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month5 days, 18 hours left to enroll

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question