I want to lock down Windows XP so the user can only access two things, IE to get to an internal application and a softphone app?  Any ideas how I can accomplish this?

Posted on 2010-09-03
Last Modified: 2012-05-10
It is a call center and the only thing we want them to do is get into the softphone and the call center software.  I can restrict access to the web by just removing the dns servers but how can hide everything including the start button from the desktop so all they see is softphone and ie icon that takes them to their app?
Question by:ComputerWhatever
  • 3
  • 2
  • 2
  • +4

Author Comment

ID: 33597089
I don't want a third party app.  thanks
LVL 24

Expert Comment

by:Mike Thomas
ID: 33597103
You can do it using group policy

Start with this

But look at the other policies and see if they will be useful to you.


Expert Comment

ID: 33597151
I'm assuming your part of a domain. In which case you want to implement the Software Restrictions Group Policy.

As far as keeping them from even hitting the start menu? I'm unsure but if you create the above group policy they won't be able to run anything else anyways.
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.


Accepted Solution

eNarc earned 250 total points
ID: 33597439
thre is a microsoft application called Windows SteadyState, and its perfect for locking a user to apps and what they can or can not do.

Expert Comment

ID: 33597464
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33597539
I would also agree that Group policy would be the best way to accomplish this. You can disable most of these items from GPMC.msc. Under User Configuration>Administrative Templates you will fine Control Panel, Start Menu and Taskbar, System and a few more where you can customize quite a bit of settings.

One this you will not be abel to disable/remove is the start button (without 3rd party software). As Nutty has already said if applications are not able to use then even though they can access the start button they can't do anything.

Also, how are your users logging into the machine. Do you have a generic account or does every individual have their own account? I would suggest also doing a "Mandatory profile" and only have your Softphone Icon and IE icon on the desktop.

Having the mandatory profile will allow the desktop to be the same everytime the user logs on.

Implement Mandatory profile -

Hope this helps~!

Expert Comment

ID: 33597843
Follow this guide to disable the start button:

Expert Comment

ID: 33597865
Open regedit on the computer. Rename the key by placing a dash "-" in front of the GUID (i.e. {-5b4dae26-b807-11d0-9815-00c04fd91972}).

Removing the dash will make the start button functional again.

Expert Comment

ID: 33600320
If you have any programming ability you can create an executable that displays a form with links that only do what you want. Then use policy or registry edits to set your executable as the shell for this computer or a specific user instead of the normal Windows Desktop.


Expert Comment

ID: 33600817
remember Group Policy only works with windows xp pro, while steady state works on all xp version and does the same and greater thing, its very easy to use.

Author Closing Comment

ID: 33605405
Thank you so much for pointing me towards this.  Although the group policy is good, I tried that and ended up locking myself as administrator out because the group policy effects all users on the machine.  steady state allows you to tell which users the lock down effects.  Thanks for the help.

Expert Comment

ID: 33605586

This is an added benefit for you and others who are looking for a solution. Group policy also allows you to state which users the lock down affects via various methods. Applying the GPO to an OU that those users are contained in, while placing administrators ina  separate OU, is one way.

Group Policy also does not need to be installed on every computer and configured like SteadyState does but I digress and will just leave you with Microsoft's recomendation from the SteadyState handbook:

"Windows SteadyState provides administrators with an effective way to
restrict software, especially for a single shared computer or for a small
environment of shared computers. However, when administrators want
to centrally manage software restrictions across many computers or
users, we recommend that you set software restrictions by using Group
Policy Software Restriction Policies. Software restrictions that are
implemented by using Software Restriction Policies across a large
number of shared access computers on a given site, domain, or range of
organizational units are more efficiently administered than the restrictions
that can be implemented by using Windows SteadyState.
Software restrictions that can be applied by using Software Restrictions
Policies are identical to those restrictions that can be applied in
Windows SteadyState."

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
I/E toolbars 7 32
How to install Windows XP Driver 28 158
Windows XP on domain not allowing domain admins to RDP in 10 100
extend monitor issues 6 44
Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question