Solved

Lock down XP workstation that is not part of domain

Posted on 2007-11-29
9
1,282 Views
Last Modified: 2011-03-24
We have one user in the office that chronically muddles their workstation (Ms XP Pro) up to the point where a rebuild is needed every other month. We do not have a domain setup, or use active directory so how can I lock this workstation down so that the following can be accomplished.

1. Limited web sites user can access
2. prevent user from changing program interfaces (accidently moving toolbars, losing tabs, columns etc.. anything that can be moved, they will find a way to move it, lose it or break it)
3. Prevent user from installing anything
4. Prevent user from changing anything
5. Allow user access to specific programs and websites and nothing else.

Is this possible?
0
Comment
Question by:chrisroman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 26

Expert Comment

by:souseran
ID: 20379050
For one thing make sure the user is NOT given Local Administrator rights on the computer. Then use Local Policies to make some of the other changes you require.
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 20379085
Sounds like you need to modify the local security policy.  You won't be able to block websites though.

Go to Start | Settings | Administrative Tools | Local Security Policy and tweak away.
0
 
LVL 10

Expert Comment

by:dis1931
ID: 20379178
gpedit.msc will get you all the group policy settings.  Definitely do not give them admin rights make them a power user while they will be able to install some things it will prevent them from affecting major computer settings or files in system32 etc....preventing lots of malware, adware, spyware, viruses, and even just windows bugs, etc...

As for website blocking you can use content advisor built into Internet Explorer however if the person manages to download or install netscape or other browser then they will be able to get out to any site...Content advisor only blocks IE.  You could use the hosts file to block Internet access as well.  

The hosts file is located at C:\WINDOWS\system32\drivers\etc...or it might be C:\WINNT\system32\drivers\etc

In the file you will see 127.0.0.1 localhost as the only entry.  There is a tab between 127.0.0.1 and localhost
on the next line enter something like 127.0.0.1 www.google.com with a tab between 127.0.0.1 and www.google.com

From now on when they attempt to go to www.google.com it will direct them to 127.0.0.1 which is a loopback address to the local PC.  It will take them nowhere.  It will never look in DNS as this is the first place it looks for addresses.  She will not be able to edit the file as she will not have admin rights.

Dis
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 32

Expert Comment

by:r-k
ID: 20379220
For limiting web surfing to specific web sites, get the free IE URL Lock:

 https://www.moonlightdesign.org/urllock/Main_Page
0
 
LVL 10

Expert Comment

by:dis1931
ID: 20379355
The advantage of using the hosts file is that it will work for any browser while a lot of the packages only work for Internet Explorer and then a user can install netscape, opera, firefox, etc....and they will have internet now.
0
 
LVL 2

Accepted Solution

by:
h11 earned 500 total points
ID: 20385436
Look into steadystate this is the new microsoft program and it is free it will do everything you want and it is easy to setup up. I use it on over a hundred computers and it works great.

http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx

0
 

Author Closing Comment

by:chrisroman
ID: 31411839
Perfect, thank you!
0
 
LVL 10

Expert Comment

by:dis1931
ID: 20433650
Question about SteadyState.  It sounds very much like a product called "Deep Freeze"...My experience has been that with such a product you have issues because restoring your box to a working state can nullify windows updates, antivirus updates, can result in lost data, etc....  I'd like to hear if these issues are solved by the microsoft product.  I looked over their steadtstate site but couldn't find direct answers...to those questions.
0
 
LVL 2

Expert Comment

by:h11
ID: 20434764
We have it running on over a hundred computers and it receives all updates and antivirus updates with out a problem. As long as you do not use the disk protect all will work out of the box if you use disk protect you have to use a few scripts I found on the internet and modified them to meet my needs.  to get the updates to work.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question