• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 394
  • Last Modified:

Confirguring strict PC access control; (limiting user access to a specific application)

Experts!

Hello. I'm seeking advice on a task. I need to configure (on 300 laptops) the following scenario. The laptops will access one specific website (students will be taking on online exam). These laptops must be confirugred so that students cannot navigate away from that specific website. Students must be prevented from opening any other browser tabs, minimizing the browser, opening any other applications on the computer, ect. Things must be "nailed down" very strictly, so to speak.

Because of infrastructure and financial considerations, VMware is most likely not an option. We have 300 laptops that we plan to image with a master image. Just off the top of my head I'm thinking a hosts file and strict AD policies. If AD is an appropriate solution, I could use some help with creating those policies.

Any input or advice will be warmly welcomed!

Thank you
0
grindsmygeaqrs
Asked:
grindsmygeaqrs
  • 2
  • 2
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
You can definitly do this with AD and Group Policies. Under the default Administrative Templates for User Configuration.

Under Administrative Templates you will see...
- Control Panel
- Add/Remove Programs
- Display
- Desktop
etc

You can also set it up so that Internet Explorer launches unpon login and you can use full scrren window and remove address bar, back buttons etc.

Will.
0
 
grindsmygeaqrsAuthor Commented:
Hi Will. Thank you so much for the reply. Would be please provide a bit more info? Bear in mind you're dealing with a novice :)

What is the config setting to keep a window maximized? Is that possible? E.g. make it so that a student is unable to minimize or exit Firefox/IE? If you can provide any more specific config settings to achieve a "total lock", I would really appreciate that.

I was thinking to use a hosts file to restrict internet access. Besides the IPs specific to the testing portal.. are there any other addresses that I need to allow access to (that you can think of off hand)? What is the best config for a hosts file to allow access only to the sites/IPs/domains specified, and restrict anything else?

Finally, I wouldn't want to modify our existing group policy. If I were to create a new one, how would I assign new users to that Group Policy (rather than the default)?

Sorry, you're dealing with a novice! I've been doing some research and your guidance has really helped. If you can give me just a bit more help, I'll owe you a beer pal!

Thank you,
Mark
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
To stop intenet access you could enable proxy setting from a GPO and point it to 127.0.0.1. they will then never be able to get out to the internet. You can then also set the home page to whatever you want. You can also force Full Screen Mode in IE.

All of the configuration settings are in Group Policy. You can do this either for the User or Computer. I would assume that you want to do this for the computer.

All of the options are under the following GPO Location
Computer Configuration>Admin Templates> Windows Components>Internet Explorer
Scrrenshot below...
GPO Settings
If the computers are using FireFox then you will need to download the Admin Template for this as it is not installed natively.

FireFox Admin Template

As for the New GPO, all you would need to do is create a Test OU, create a new Group Policy Object, Edit the settings on the new GPO (with all of the IE/lock down configs), Link the GPO to the Test OU, move your computers into the test OU. reference the link below for additional/full steps to create GPO's.

Create/Delete/Link GPO's

Will.
0
 
grindsmygeaqrsAuthor Commented:
Many thanks Will! People like you make this site great!
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now