Solved

How to lockdown an Windows XP machine to be used as a Kiosk machine.

Posted on 2006-06-19
7
275 Views
Last Modified: 2012-08-13
I want to take a windows XP Pro PC and using the local policy and or additional reg hacks or other solutions, lock the machine down to prevent use other than IE browsing.  I would lso like users to be able to open PDF documents for viewing but not download them to the desktop.  Again I want to prevent all any and all ability to access functionality to modify the system by a user who is using the PC.
0
Comment
Question by:kapara
7 Comments
 
LVL 4

Expert Comment

by:woodas26
ID: 16937761
What about running IE6 in Kiosk mode:  http://www.microsoft.com/windowsxp/using/setup/learnmore/tips/oswald1.mspx

Is this PC part of a domain?
0
 
LVL 12

Expert Comment

by:gidds99
ID: 16937809
You would want to ensure they were running as limited users firstly.  You would then install software (such as Acrobat) they require.  Modify the start menu so they only have access to required areas and ensure the desktop and quicklaunch areas only contain authorised links.  To prevent saving to the desktop you should set NTFS permissions.  The actual local policy contains numerous settings and I wont list them here but you will need to work through each one and enforce the policies you want to apply.  Pay special attention to access to the local drives, control panel, windows explorer and Internet Explorer restrictions.  Many local policy settings may not apply or can be otherwise mitigated through other policy options.

Hope this helps.
0
 
LVL 4

Expert Comment

by:woodas26
ID: 16937831
Are you just worried about people tampering with settings?  I have several PC that I use here that are avalible to all employees.  I'm using IE in Kiosk mode, along with mandatory profiles.  You can just rename the ntuser.dat file to ntuser.man.  That way if someone gets in there and srcews with any settings, all the changes they make are lost as soon as they log out.  Just a thought...  Hope this helps.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 1

Author Comment

by:kapara
ID: 16937966
I understand that I would want to lock down the PC.  What I am looking for is some type of cheat sheet of keys within local policy and or other locations which I should lockdown.  I posted this question to get the detailed steps.  Not the general concept.  I am hoping someone out there has a step by step guide on how to lock down the PC for this type of use.

0
 
LVL 1

Author Comment

by:kapara
ID: 16937991
In regards to the ntuser.man.  Can you still make changes to the local policy and have thos settings apply even though you have changed the ntuser.dat?  Also this is a workgroup (Stand Alone) PC.
0
 
LVL 10

Assisted Solution

by:bbrunning
bbrunning earned 50 total points
ID: 16939405
Load the group policy editor.  Start/Run/ mmc.exe
add snapin group policy.

You can limit a number of things in windows. Stick in administrative templates to limit what you need. There are soo many options in here it's kind of hard to just do a cheat sheet for you. Looking around will help you because most of them are self explanatory.

Examples:

User Configuration/Administrative Templates/System/Ctrl+Alt+Del options
Here you can remove task manager, change password, and lock computer, You can even disable log off if you want.

Then in

User Configuration/Administrative Templates/Windows Components/Desktop
You can remove active desktop, my documents, my computer, etc

User Configuration/Administrative Templates/Windows Components/Internet Explorer
here you can lock out many of the features of internet explorer, users could still download and view PDF's from IE but run IE in kiosk mode like said above and only allow them to run adobe reader.

Just look around and you'll see ways of lockin XP down really well.

0
 
LVL 3

Accepted Solution

by:
griffin36 earned 450 total points
ID: 16940519
Microsoft recently released the Shared Computer Toolkit, designed to help with this sort of thing, available here: http://www.microsoft.com/windowsxp/sharedaccess/default.mspx
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question