Solved

Lock down XP workstation that is not part of domain

Posted on 2007-11-29
9
1,279 Views
Last Modified: 2011-03-24
We have one user in the office that chronically muddles their workstation (Ms XP Pro) up to the point where a rebuild is needed every other month. We do not have a domain setup, or use active directory so how can I lock this workstation down so that the following can be accomplished.

1. Limited web sites user can access
2. prevent user from changing program interfaces (accidently moving toolbars, losing tabs, columns etc.. anything that can be moved, they will find a way to move it, lose it or break it)
3. Prevent user from installing anything
4. Prevent user from changing anything
5. Allow user access to specific programs and websites and nothing else.

Is this possible?
0
Comment
Question by:chrisroman
9 Comments
 
LVL 26

Expert Comment

by:souseran
ID: 20379050
For one thing make sure the user is NOT given Local Administrator rights on the computer. Then use Local Policies to make some of the other changes you require.
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 20379085
Sounds like you need to modify the local security policy.  You won't be able to block websites though.

Go to Start | Settings | Administrative Tools | Local Security Policy and tweak away.
0
 
LVL 10

Expert Comment

by:dis1931
ID: 20379178
gpedit.msc will get you all the group policy settings.  Definitely do not give them admin rights make them a power user while they will be able to install some things it will prevent them from affecting major computer settings or files in system32 etc....preventing lots of malware, adware, spyware, viruses, and even just windows bugs, etc...

As for website blocking you can use content advisor built into Internet Explorer however if the person manages to download or install netscape or other browser then they will be able to get out to any site...Content advisor only blocks IE.  You could use the hosts file to block Internet access as well.  

The hosts file is located at C:\WINDOWS\system32\drivers\etc...or it might be C:\WINNT\system32\drivers\etc

In the file you will see 127.0.0.1 localhost as the only entry.  There is a tab between 127.0.0.1 and localhost
on the next line enter something like 127.0.0.1 www.google.com with a tab between 127.0.0.1 and www.google.com

From now on when they attempt to go to www.google.com it will direct them to 127.0.0.1 which is a loopback address to the local PC.  It will take them nowhere.  It will never look in DNS as this is the first place it looks for addresses.  She will not be able to edit the file as she will not have admin rights.

Dis
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 32

Expert Comment

by:r-k
ID: 20379220
For limiting web surfing to specific web sites, get the free IE URL Lock:

 https://www.moonlightdesign.org/urllock/Main_Page
0
 
LVL 10

Expert Comment

by:dis1931
ID: 20379355
The advantage of using the hosts file is that it will work for any browser while a lot of the packages only work for Internet Explorer and then a user can install netscape, opera, firefox, etc....and they will have internet now.
0
 
LVL 2

Accepted Solution

by:
h11 earned 500 total points
ID: 20385436
Look into steadystate this is the new microsoft program and it is free it will do everything you want and it is easy to setup up. I use it on over a hundred computers and it works great.

http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx

0
 

Author Closing Comment

by:chrisroman
ID: 31411839
Perfect, thank you!
0
 
LVL 10

Expert Comment

by:dis1931
ID: 20433650
Question about SteadyState.  It sounds very much like a product called "Deep Freeze"...My experience has been that with such a product you have issues because restoring your box to a working state can nullify windows updates, antivirus updates, can result in lost data, etc....  I'd like to hear if these issues are solved by the microsoft product.  I looked over their steadtstate site but couldn't find direct answers...to those questions.
0
 
LVL 2

Expert Comment

by:h11
ID: 20434764
We have it running on over a hundred computers and it receives all updates and antivirus updates with out a problem. As long as you do not use the disk protect all will work out of the box if you use disk protect you have to use a few scripts I found on the internet and modified them to meet my needs.  to get the updates to work.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question