Solved

Confirguring strict PC access control; (limiting user access to a specific application)

Posted on 2014-01-23
4
356 Views
Last Modified: 2014-01-24
Experts!

Hello. I'm seeking advice on a task. I need to configure (on 300 laptops) the following scenario. The laptops will access one specific website (students will be taking on online exam). These laptops must be confirugred so that students cannot navigate away from that specific website. Students must be prevented from opening any other browser tabs, minimizing the browser, opening any other applications on the computer, ect. Things must be "nailed down" very strictly, so to speak.

Because of infrastructure and financial considerations, VMware is most likely not an option. We have 300 laptops that we plan to image with a master image. Just off the top of my head I'm thinking a hosts file and strict AD policies. If AD is an appropriate solution, I could use some help with creating those policies.

Any input or advice will be warmly welcomed!

Thank you
0
Comment
Question by:grindsmygeaqrs
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39803562
You can definitly do this with AD and Group Policies. Under the default Administrative Templates for User Configuration.

Under Administrative Templates you will see...
- Control Panel
- Add/Remove Programs
- Display
- Desktop
etc

You can also set it up so that Internet Explorer launches unpon login and you can use full scrren window and remove address bar, back buttons etc.

Will.
0
 

Author Comment

by:grindsmygeaqrs
ID: 39806791
Hi Will. Thank you so much for the reply. Would be please provide a bit more info? Bear in mind you're dealing with a novice :)

What is the config setting to keep a window maximized? Is that possible? E.g. make it so that a student is unable to minimize or exit Firefox/IE? If you can provide any more specific config settings to achieve a "total lock", I would really appreciate that.

I was thinking to use a hosts file to restrict internet access. Besides the IPs specific to the testing portal.. are there any other addresses that I need to allow access to (that you can think of off hand)? What is the best config for a hosts file to allow access only to the sites/IPs/domains specified, and restrict anything else?

Finally, I wouldn't want to modify our existing group policy. If I were to create a new one, how would I assign new users to that Group Policy (rather than the default)?

Sorry, you're dealing with a novice! I've been doing some research and your guidance has really helped. If you can give me just a bit more help, I'll owe you a beer pal!

Thank you,
Mark
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39806872
To stop intenet access you could enable proxy setting from a GPO and point it to 127.0.0.1. they will then never be able to get out to the internet. You can then also set the home page to whatever you want. You can also force Full Screen Mode in IE.

All of the configuration settings are in Group Policy. You can do this either for the User or Computer. I would assume that you want to do this for the computer.

All of the options are under the following GPO Location
Computer Configuration>Admin Templates> Windows Components>Internet Explorer
Scrrenshot below...
GPO Settings
If the computers are using FireFox then you will need to download the Admin Template for this as it is not installed natively.

FireFox Admin Template

As for the New GPO, all you would need to do is create a Test OU, create a new Group Policy Object, Edit the settings on the new GPO (with all of the IE/lock down configs), Link the GPO to the Test OU, move your computers into the test OU. reference the link below for additional/full steps to create GPO's.

Create/Delete/Link GPO's

Will.
0
 

Author Closing Comment

by:grindsmygeaqrs
ID: 39807564
Many thanks Will! People like you make this site great!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now