Solved

I want to lock down Windows XP so the user can only access two things, IE to get to an internal application and a softphone app?  Any ideas how I can accomplish this?

Posted on 2010-09-03
12
674 Views
Last Modified: 2012-05-10
It is a call center and the only thing we want them to do is get into the softphone and the call center software.  I can restrict access to the web by just removing the dns servers but how can hide everything including the start button from the desktop so all they see is softphone and ie icon that takes them to their app?
0
Comment
Question by:ComputerWhatever
  • 3
  • 2
  • 2
  • +4
12 Comments
 

Author Comment

by:ComputerWhatever
ID: 33597089
I don't want a third party app.  thanks
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33597103
You can do it using group policy

Start with this http://articles.techrepublic.com.com/5100-22_11-6028180.html

But look at the other policies and see if they will be useful to you.


0
 
LVL 6

Expert Comment

by:Nuttycomputer
ID: 33597151
I'm assuming your part of a domain. In which case you want to implement the Software Restrictions Group Policy. http://technet.microsoft.com/en-us/library/cc784363(WS.10).aspx

As far as keeping them from even hitting the start menu? I'm unsure but if you create the above group policy they won't be able to run anything else anyways.
0
 
LVL 5

Accepted Solution

by:
eNarc earned 250 total points
ID: 33597439
thre is a microsoft application called Windows SteadyState, and its perfect for locking a user to apps and what they can or can not do.


http://www.microsoft.com/downloads/details.aspx?FamilyID=d077a52d-93e9-4b02-bd95-9d770ccdb431&displaylang=en
0
 
LVL 5

Expert Comment

by:eNarc
ID: 33597464
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33597539
I would also agree that Group policy would be the best way to accomplish this. You can disable most of these items from GPMC.msc. Under User Configuration>Administrative Templates you will fine Control Panel, Start Menu and Taskbar, System and a few more where you can customize quite a bit of settings.

One this you will not be abel to disable/remove is the start button (without 3rd party software). As Nutty has already said if applications are not able to use then even though they can access the start button they can't do anything.

Also, how are your users logging into the machine. Do you have a generic account or does every individual have their own account? I would suggest also doing a "Mandatory profile" and only have your Softphone Icon and IE icon on the desktop.

Having the mandatory profile will allow the desktop to be the same everytime the user logs on.

Implement Mandatory profile - http://support.microsoft.com/kb/307800

Hope this helps~!
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 6

Expert Comment

by:che6ausc
ID: 33597843
Follow this guide to disable the start button: http://www.pctools.com/guides/registry/detail/905.
0
 
LVL 6

Expert Comment

by:che6ausc
ID: 33597865
Open regedit on the computer. Rename the key by placing a dash "-" in front of the GUID (i.e. {-5b4dae26-b807-11d0-9815-00c04fd91972}).

Removing the dash will make the start button functional again.
0
 
LVL 9

Expert Comment

by:Krompton
ID: 33600320
If you have any programming ability you can create an executable that displays a form with links that only do what you want. Then use policy or registry edits to set your executable as the shell for this computer or a specific user instead of the normal Windows Desktop.

Cheers
0
 
LVL 5

Expert Comment

by:eNarc
ID: 33600817
remember Group Policy only works with windows xp pro, while steady state works on all xp version and does the same and greater thing, its very easy to use.
0
 

Author Closing Comment

by:ComputerWhatever
ID: 33605405
Thank you so much for pointing me towards this.  Although the group policy is good, I tried that and ended up locking myself as administrator out because the group policy effects all users on the machine.  steady state allows you to tell which users the lock down effects.  Thanks for the help.
0
 
LVL 6

Expert Comment

by:Nuttycomputer
ID: 33605586
ComputerWhatever,

This is an added benefit for you and others who are looking for a solution. Group policy also allows you to state which users the lock down affects via various methods. Applying the GPO to an OU that those users are contained in, while placing administrators ina  separate OU, is one way.

Group Policy also does not need to be installed on every computer and configured like SteadyState does but I digress and will just leave you with Microsoft's recomendation from the SteadyState handbook:

"Windows SteadyState provides administrators with an effective way to
restrict software, especially for a single shared computer or for a small
environment of shared computers. However, when administrators want
to centrally manage software restrictions across many computers or
users, we recommend that you set software restrictions by using Group
Policy Software Restriction Policies. Software restrictions that are
implemented by using Software Restriction Policies across a large
number of shared access computers on a given site, domain, or range of
organizational units are more efficiently administered than the restrictions
that can be implemented by using Windows SteadyState.
Software restrictions that can be applied by using Software Restrictions
Policies are identical to those restrictions that can be applied in
Windows SteadyState."
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now