Solved

Lock down XP workstation that is not part of domain

Posted on 2007-11-29
9
1,280 Views
Last Modified: 2011-03-24
We have one user in the office that chronically muddles their workstation (Ms XP Pro) up to the point where a rebuild is needed every other month. We do not have a domain setup, or use active directory so how can I lock this workstation down so that the following can be accomplished.

1. Limited web sites user can access
2. prevent user from changing program interfaces (accidently moving toolbars, losing tabs, columns etc.. anything that can be moved, they will find a way to move it, lose it or break it)
3. Prevent user from installing anything
4. Prevent user from changing anything
5. Allow user access to specific programs and websites and nothing else.

Is this possible?
0
Comment
Question by:chrisroman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 26

Expert Comment

by:souseran
ID: 20379050
For one thing make sure the user is NOT given Local Administrator rights on the computer. Then use Local Policies to make some of the other changes you require.
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 20379085
Sounds like you need to modify the local security policy.  You won't be able to block websites though.

Go to Start | Settings | Administrative Tools | Local Security Policy and tweak away.
0
 
LVL 10

Expert Comment

by:dis1931
ID: 20379178
gpedit.msc will get you all the group policy settings.  Definitely do not give them admin rights make them a power user while they will be able to install some things it will prevent them from affecting major computer settings or files in system32 etc....preventing lots of malware, adware, spyware, viruses, and even just windows bugs, etc...

As for website blocking you can use content advisor built into Internet Explorer however if the person manages to download or install netscape or other browser then they will be able to get out to any site...Content advisor only blocks IE.  You could use the hosts file to block Internet access as well.  

The hosts file is located at C:\WINDOWS\system32\drivers\etc...or it might be C:\WINNT\system32\drivers\etc

In the file you will see 127.0.0.1 localhost as the only entry.  There is a tab between 127.0.0.1 and localhost
on the next line enter something like 127.0.0.1 www.google.com with a tab between 127.0.0.1 and www.google.com

From now on when they attempt to go to www.google.com it will direct them to 127.0.0.1 which is a loopback address to the local PC.  It will take them nowhere.  It will never look in DNS as this is the first place it looks for addresses.  She will not be able to edit the file as she will not have admin rights.

Dis
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 32

Expert Comment

by:r-k
ID: 20379220
For limiting web surfing to specific web sites, get the free IE URL Lock:

 https://www.moonlightdesign.org/urllock/Main_Page
0
 
LVL 10

Expert Comment

by:dis1931
ID: 20379355
The advantage of using the hosts file is that it will work for any browser while a lot of the packages only work for Internet Explorer and then a user can install netscape, opera, firefox, etc....and they will have internet now.
0
 
LVL 2

Accepted Solution

by:
h11 earned 500 total points
ID: 20385436
Look into steadystate this is the new microsoft program and it is free it will do everything you want and it is easy to setup up. I use it on over a hundred computers and it works great.

http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx

0
 

Author Closing Comment

by:chrisroman
ID: 31411839
Perfect, thank you!
0
 
LVL 10

Expert Comment

by:dis1931
ID: 20433650
Question about SteadyState.  It sounds very much like a product called "Deep Freeze"...My experience has been that with such a product you have issues because restoring your box to a working state can nullify windows updates, antivirus updates, can result in lost data, etc....  I'd like to hear if these issues are solved by the microsoft product.  I looked over their steadtstate site but couldn't find direct answers...to those questions.
0
 
LVL 2

Expert Comment

by:h11
ID: 20434764
We have it running on over a hundred computers and it receives all updates and antivirus updates with out a problem. As long as you do not use the disk protect all will work out of the box if you use disk protect you have to use a few scripts I found on the internet and modified them to meet my needs.  to get the updates to work.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Wireless card not detected on Acer Aspire One 722 running Windows XP 49 626
Can’t delete a file 14 196
windows explorer default details view 10 97
extend monitor issues 6 62
Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question