We are currently running a windows network with a Small Business Server and roughly 30 WinXP workstations. There about 20 users that are spend the majority of there time offsite and come in 3-4 times per week to submit reports, check email, etc. Each user has their own login, but they share a group of 4 computers in a common area. The office also has an astaro firewall at the front end and all internet activity is passed through the content filter on the box.
I have been asked to setup a user account which can be used to access the internet on these 4 "shared" computers. They only want the account to be able to run Firefox and surf the net, check webmail. The user should not be able to download anything.. The user should not be able to see or make any changes to the system or anything on the network.
I'm assuming that the best way to do this is to create a new user account on the small business server, and then lock it down via group policy. Can anyone confirm if this is the way to go about it and if not, please advise on the alternative?
If group policy is the way to do it, can anyone suggest on what the settings should be or point me to a good resource?