Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

best software to lock down desktop pcs

Posted on 2012-03-28
5
Medium Priority
?
326 Views
Last Modified: 2012-06-21
I have 4 desktop pcs in a warehouse that I need to lock down so people can't delete icons, get in the control panel etc.  I have tried using group policy but this always left something people could mess with (yes, we have "those" type of people working for us)

my ideal solution would be as follows:

have a central profile so all pc's are locked down the same way
can be unlocked by typing in a password
be able to lock down the vast majority of things people with idle hands will try to mess with.
work on both XP and windows 7
32 and 64 bit.

any suggestions would be appreciated

thanks
0
Comment
Question by:monkey_balls
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 28

Accepted Solution

by:
Run5k earned 2000 total points
ID: 37777187
Depending upon how in-depth you want to get, you may want to consider the Faronics products:

Faronics Deep Freeze Standard

Faronics Deep Freeze Standard Manual

Faronics WINSelect Standard

Faronics WINSelect Standard Manual

Great functionality, and they will definitely do what you want.
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37777220
A combination of Group Policy and not running as a local administrator or power user should eliminate these problems.  

An option could be to use a thin client in the warehouse connected to either a VM which is restored to a 'gold' snapshot at the end of the day, or use VDI to accomplish this.  

Citrix has purchased Kaviza which produces VDI-in-a-Box.  This is a very affordable VDI solution for small deployments.  With this, you can control your 'gold' image and manage any updates as well.
http://www.citrix.com/English/ps2/products/product.asp?contentID=2316437

Here is a TechRepublic article on Desktop Lockdown
http://www.techrepublic.com/article/alternatives-to-windows-standard-desktop-lockdown-features/5034950

More information
http://www.infosecblog.org/2009/07/alternatives-to-desktop-lockdown/
0
 
LVL 30

Expert Comment

by:serialband
ID: 37777334
How about just creating a mandatory profile in addition to group policy for the account.  They can mess with it all they want, but upon logout, everything is reset.

http://support.microsoft.com/kb/307800
http://technet.microsoft.com/en-us/library/gg241183(v=ws.10).aspx
0
 
LVL 6

Expert Comment

by:awaggoner
ID: 37778304
If you are looking for a software solution, you should look into BeyondTrust.

It integrates with AD/Group Policy and is able to give very granular controls to secure the desktop.
0
 
LVL 7

Expert Comment

by:Vanguard_LH
ID: 37781189
Going along with the DeepFreeze suggestion (of restoring your computer back to a base state), you could use the following to ensure upon reboot that the state of the computer is back to some baseline state.  Any changes get discarded on reboot.  Let them change whatever they want but it'll be back again to the baseline state on reboot.  You could even schedule a reboot during off-hours, like at 3AM, to ensure the host is at its baseline state in the morning when the workers show up.

Returnil System Safe
Returnil Pro 2011
Returnil Lite 2011
(www.returnil.com)

Some [biased] comparisons here between RSS and DF:
http://www.bleepingcomputer.com/forums/topic347970.html

I do like Returnil's config where I can have it prompt on unknown programs (those ran or "installed" [but will disappear on reboot] after activating safe mode) rather than just trust all programs to run in safe mode.  Just because I virtualized all disk I/O that gets discarded on a reboot still doesn't mean I want unknown processes to startup while I'm virtualized in safe mode.

There was Microsoft's SteadyState but they dropped it back in June 2011; see http://support.microsoft.com/kb/2390706.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Assume you have an outside contractor who comes in seasonally or once a week to do some work in your office, but you only want to give him access to the programs and files he needs and keep all other documents and programs private. Can you do this o…
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question