Solved

I want to lock down Windows XP so the user can only access two things, IE to get to an internal application and a softphone app?  Any ideas how I can accomplish this?

Posted on 2010-09-03
12
678 Views
Last Modified: 2012-05-10
It is a call center and the only thing we want them to do is get into the softphone and the call center software.  I can restrict access to the web by just removing the dns servers but how can hide everything including the start button from the desktop so all they see is softphone and ie icon that takes them to their app?
0
Comment
Question by:ComputerWhatever
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +4
12 Comments
 

Author Comment

by:ComputerWhatever
ID: 33597089
I don't want a third party app.  thanks
0
 
LVL 24

Expert Comment

by:Mike Thomas
ID: 33597103
You can do it using group policy

Start with this http://articles.techrepublic.com.com/5100-22_11-6028180.html

But look at the other policies and see if they will be useful to you.


0
 
LVL 6

Expert Comment

by:Nuttycomputer
ID: 33597151
I'm assuming your part of a domain. In which case you want to implement the Software Restrictions Group Policy. http://technet.microsoft.com/en-us/library/cc784363(WS.10).aspx

As far as keeping them from even hitting the start menu? I'm unsure but if you create the above group policy they won't be able to run anything else anyways.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 5

Accepted Solution

by:
eNarc earned 250 total points
ID: 33597439
thre is a microsoft application called Windows SteadyState, and its perfect for locking a user to apps and what they can or can not do.


http://www.microsoft.com/downloads/details.aspx?FamilyID=d077a52d-93e9-4b02-bd95-9d770ccdb431&displaylang=en
0
 
LVL 5

Expert Comment

by:eNarc
ID: 33597464
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33597539
I would also agree that Group policy would be the best way to accomplish this. You can disable most of these items from GPMC.msc. Under User Configuration>Administrative Templates you will fine Control Panel, Start Menu and Taskbar, System and a few more where you can customize quite a bit of settings.

One this you will not be abel to disable/remove is the start button (without 3rd party software). As Nutty has already said if applications are not able to use then even though they can access the start button they can't do anything.

Also, how are your users logging into the machine. Do you have a generic account or does every individual have their own account? I would suggest also doing a "Mandatory profile" and only have your Softphone Icon and IE icon on the desktop.

Having the mandatory profile will allow the desktop to be the same everytime the user logs on.

Implement Mandatory profile - http://support.microsoft.com/kb/307800

Hope this helps~!
0
 
LVL 6

Expert Comment

by:che6ausc
ID: 33597843
Follow this guide to disable the start button: http://www.pctools.com/guides/registry/detail/905.
0
 
LVL 6

Expert Comment

by:che6ausc
ID: 33597865
Open regedit on the computer. Rename the key by placing a dash "-" in front of the GUID (i.e. {-5b4dae26-b807-11d0-9815-00c04fd91972}).

Removing the dash will make the start button functional again.
0
 
LVL 9

Expert Comment

by:Krompton
ID: 33600320
If you have any programming ability you can create an executable that displays a form with links that only do what you want. Then use policy or registry edits to set your executable as the shell for this computer or a specific user instead of the normal Windows Desktop.

Cheers
0
 
LVL 5

Expert Comment

by:eNarc
ID: 33600817
remember Group Policy only works with windows xp pro, while steady state works on all xp version and does the same and greater thing, its very easy to use.
0
 

Author Closing Comment

by:ComputerWhatever
ID: 33605405
Thank you so much for pointing me towards this.  Although the group policy is good, I tried that and ended up locking myself as administrator out because the group policy effects all users on the machine.  steady state allows you to tell which users the lock down effects.  Thanks for the help.
0
 
LVL 6

Expert Comment

by:Nuttycomputer
ID: 33605586
ComputerWhatever,

This is an added benefit for you and others who are looking for a solution. Group policy also allows you to state which users the lock down affects via various methods. Applying the GPO to an OU that those users are contained in, while placing administrators ina  separate OU, is one way.

Group Policy also does not need to be installed on every computer and configured like SteadyState does but I digress and will just leave you with Microsoft's recomendation from the SteadyState handbook:

"Windows SteadyState provides administrators with an effective way to
restrict software, especially for a single shared computer or for a small
environment of shared computers. However, when administrators want
to centrally manage software restrictions across many computers or
users, we recommend that you set software restrictions by using Group
Policy Software Restriction Policies. Software restrictions that are
implemented by using Software Restriction Policies across a large
number of shared access computers on a given site, domain, or range of
organizational units are more efficiently administered than the restrictions
that can be implemented by using Windows SteadyState.
Software restrictions that can be applied by using Software Restrictions
Policies are identical to those restrictions that can be applied in
Windows SteadyState."
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article (http://rdsrc.us/u3GP7A) first and run the tool TDSSKiller (http://rdsrc.us/GDBBs4) to get rid of the infection. Once done, and if the …
If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question