Solved

Lock down XP workstation that is not part of domain

Posted on 2007-11-29
9
1,275 Views
Last Modified: 2011-03-24
We have one user in the office that chronically muddles their workstation (Ms XP Pro) up to the point where a rebuild is needed every other month. We do not have a domain setup, or use active directory so how can I lock this workstation down so that the following can be accomplished.

1. Limited web sites user can access
2. prevent user from changing program interfaces (accidently moving toolbars, losing tabs, columns etc.. anything that can be moved, they will find a way to move it, lose it or break it)
3. Prevent user from installing anything
4. Prevent user from changing anything
5. Allow user access to specific programs and websites and nothing else.

Is this possible?
0
Comment
Question by:chrisroman
9 Comments
 
LVL 26

Expert Comment

by:souseran
ID: 20379050
For one thing make sure the user is NOT given Local Administrator rights on the computer. Then use Local Policies to make some of the other changes you require.
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 20379085
Sounds like you need to modify the local security policy.  You won't be able to block websites though.

Go to Start | Settings | Administrative Tools | Local Security Policy and tweak away.
0
 
LVL 10

Expert Comment

by:dis1931
ID: 20379178
gpedit.msc will get you all the group policy settings.  Definitely do not give them admin rights make them a power user while they will be able to install some things it will prevent them from affecting major computer settings or files in system32 etc....preventing lots of malware, adware, spyware, viruses, and even just windows bugs, etc...

As for website blocking you can use content advisor built into Internet Explorer however if the person manages to download or install netscape or other browser then they will be able to get out to any site...Content advisor only blocks IE.  You could use the hosts file to block Internet access as well.  

The hosts file is located at C:\WINDOWS\system32\drivers\etc...or it might be C:\WINNT\system32\drivers\etc

In the file you will see 127.0.0.1 localhost as the only entry.  There is a tab between 127.0.0.1 and localhost
on the next line enter something like 127.0.0.1 www.google.com with a tab between 127.0.0.1 and www.google.com

From now on when they attempt to go to www.google.com it will direct them to 127.0.0.1 which is a loopback address to the local PC.  It will take them nowhere.  It will never look in DNS as this is the first place it looks for addresses.  She will not be able to edit the file as she will not have admin rights.

Dis
0
 
LVL 32

Expert Comment

by:r-k
ID: 20379220
For limiting web surfing to specific web sites, get the free IE URL Lock:

 https://www.moonlightdesign.org/urllock/Main_Page
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 10

Expert Comment

by:dis1931
ID: 20379355
The advantage of using the hosts file is that it will work for any browser while a lot of the packages only work for Internet Explorer and then a user can install netscape, opera, firefox, etc....and they will have internet now.
0
 
LVL 2

Accepted Solution

by:
h11 earned 500 total points
ID: 20385436
Look into steadystate this is the new microsoft program and it is free it will do everything you want and it is easy to setup up. I use it on over a hundred computers and it works great.

http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx

0
 

Author Closing Comment

by:chrisroman
ID: 31411839
Perfect, thank you!
0
 
LVL 10

Expert Comment

by:dis1931
ID: 20433650
Question about SteadyState.  It sounds very much like a product called "Deep Freeze"...My experience has been that with such a product you have issues because restoring your box to a working state can nullify windows updates, antivirus updates, can result in lost data, etc....  I'd like to hear if these issues are solved by the microsoft product.  I looked over their steadtstate site but couldn't find direct answers...to those questions.
0
 
LVL 2

Expert Comment

by:h11
ID: 20434764
We have it running on over a hundred computers and it receives all updates and antivirus updates with out a problem. As long as you do not use the disk protect all will work out of the box if you use disk protect you have to use a few scripts I found on the internet and modified them to meet my needs.  to get the updates to work.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now