Solved

Looking for thoughts on Windows 7 'guest' account

Posted on 2013-01-03
5
213 Views
Last Modified: 2014-02-24
I manage the client side of AD in a Windows 7 / 2008 environment with about 2000 devices.

We have ~1500 team members with AD accounts.  

Our HR department wants to make a 3rd party training web site available to ~200 team members who currently do not have devices or AD accounts.  They want them to be able to 'walk up' to any available computers a few times a month and access only this one URL, no network resources, and they don't want to pay for CAL's to get domain accounts.

The only idea I'm toying with is opening up a single shared domain account with no access, white listing the URL at the proxy so it doesn't require authentication, and finding a way to lock down that user profile 100% at the client side to only present a URL shortcut and no other options at all.  I'm not sure what policies that would take; I don't see how to apply policies based upon a specific user.  I'm also very concerned about the security implications.  

Ideas?
0
Comment
Question by:MortensonIT
  • 2
  • 2
5 Comments
 
LVL 27

Accepted Solution

by:
Steve earned 500 total points
ID: 38742323
this kindof thing is normally done by creating a seperate OU for all the GUEST PCs and a sepearte OU for the login account(s)
You can create very (very) restrictive grou policies for these OUs that can lock the PCs and user down very tightly.

This would be a domain user/PC though, so may not fulful all your requirements.

The only other option would be to use LOCAL group policy on the PCs independatly, which would mean they wouldnt need to be domain PCs etc. It's a bit fiddly, but can easily be done using gpedit.msc on any local workgroup PC.
0
 

Author Comment

by:MortensonIT
ID: 39877548
I was able to make my solution work with some extensive group policy manipulation.

I created a "Training" domain account and removed it from all groups.  I put the account in it's own OU, and then applied policy to it.  
When a user logs in with the training account on ANY computer in the domain, it removes all entries from the desktop and applies a single link to IE that opens up to the external training page.  It doesn't have any access to domain resources.
The start menu is empty, the task bar is empty, the context menu is disabled; all that remains is the clock.  It took a lot of testing but I got it to work.
0
 

Author Comment

by:MortensonIT
ID: 39877747
I've requested that this question be closed as follows:

Accepted answer: 0 points for MortensonIT's comment #a39877548

for the following reason:

The only other community solution wasn't viable for my application.  It took doing, but I figured it out myself.
0
 
LVL 27

Expert Comment

by:Steve
ID: 39877748
My response was valid and suggested the use of OUs & group policies in answer to your request for 'ideas', which you did implement.
At least acknowledge my imput and throw some points my way matey?
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question