Lockdown XP based on local user or group

I have a test application that needs to be locked down so certain account can only run one application and nothing else.  I tried putting XP in Kiosk mode but the test application relies on explorer.exe.  Is there a way to lockdown XP for a specific user or group in a workgroup or do I have to be in a domain?

Thanks
Brian
LVL 1
bmcdowell540Asked:
Who is Participating?
 
Spar-QCommented:
The only way you can be selective with group policy/local computer policy is to be an Active Directory domain. Local Security Policy for workgroup computers is an all-or-nothing approach.
0
 
duffmeCommented:
I don't have an XP box to check, but you should be able to set this using Local Security Policy (the Local GPO) by creating a Software Restriction Policy, or heavily restricting the user/group with other security policy settings.  
0
 
Netman66Commented:
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
bmcdowell540Author Commented:
@duffme:  I think Spar-Q is right.  I created a GPO for the current user and it applied the settings to all users including the administrator account.
0
 
duffmeCommented:
Spar-Q is correct.  Group Policy (ecxcept for the local GPO I mentioned) requires a domain and Active Directory.  In a GPO there are User and Computer based GPO settings.  You can apply GPOs to domains, OUs, security groups, etc.  to make it as granular as you seem to need.  In a workgroup you have to take the approach of restricting that one user from normal user accesses, which is klunky.  It may be worthwhile for you though if this is really a unique situation, but you aren't going to be able to truly lock down that one user you are trying to.  You'd be able to (maybe) get "good enough" by having it that user user log on and launch into your one application that doesn't easily allow the user to shell out, or quit back to the desktop, etc.  If you make this user a Guest, for example, they would be much more restricted than a regular User, but not truly locked down to one application.  You'd have to use NTFS permissions and deny access to other directories in the Program Files directory and such, but they'd still be able to run things from other directories though.  Again, no good way to do this.
0
 
bmcdowell540Author Commented:
Thanks everyone for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.