Solved

Confirguring strict PC access control; (limiting user access to a specific application)

Posted on 2014-01-23
4
371 Views
Last Modified: 2014-01-24
Experts!

Hello. I'm seeking advice on a task. I need to configure (on 300 laptops) the following scenario. The laptops will access one specific website (students will be taking on online exam). These laptops must be confirugred so that students cannot navigate away from that specific website. Students must be prevented from opening any other browser tabs, minimizing the browser, opening any other applications on the computer, ect. Things must be "nailed down" very strictly, so to speak.

Because of infrastructure and financial considerations, VMware is most likely not an option. We have 300 laptops that we plan to image with a master image. Just off the top of my head I'm thinking a hosts file and strict AD policies. If AD is an appropriate solution, I could use some help with creating those policies.

Any input or advice will be warmly welcomed!

Thank you
0
Comment
Question by:grindsmygeaqrs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39803562
You can definitly do this with AD and Group Policies. Under the default Administrative Templates for User Configuration.

Under Administrative Templates you will see...
- Control Panel
- Add/Remove Programs
- Display
- Desktop
etc

You can also set it up so that Internet Explorer launches unpon login and you can use full scrren window and remove address bar, back buttons etc.

Will.
0
 

Author Comment

by:grindsmygeaqrs
ID: 39806791
Hi Will. Thank you so much for the reply. Would be please provide a bit more info? Bear in mind you're dealing with a novice :)

What is the config setting to keep a window maximized? Is that possible? E.g. make it so that a student is unable to minimize or exit Firefox/IE? If you can provide any more specific config settings to achieve a "total lock", I would really appreciate that.

I was thinking to use a hosts file to restrict internet access. Besides the IPs specific to the testing portal.. are there any other addresses that I need to allow access to (that you can think of off hand)? What is the best config for a hosts file to allow access only to the sites/IPs/domains specified, and restrict anything else?

Finally, I wouldn't want to modify our existing group policy. If I were to create a new one, how would I assign new users to that Group Policy (rather than the default)?

Sorry, you're dealing with a novice! I've been doing some research and your guidance has really helped. If you can give me just a bit more help, I'll owe you a beer pal!

Thank you,
Mark
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39806872
To stop intenet access you could enable proxy setting from a GPO and point it to 127.0.0.1. they will then never be able to get out to the internet. You can then also set the home page to whatever you want. You can also force Full Screen Mode in IE.

All of the configuration settings are in Group Policy. You can do this either for the User or Computer. I would assume that you want to do this for the computer.

All of the options are under the following GPO Location
Computer Configuration>Admin Templates> Windows Components>Internet Explorer
Scrrenshot below...
GPO Settings
If the computers are using FireFox then you will need to download the Admin Template for this as it is not installed natively.

FireFox Admin Template

As for the New GPO, all you would need to do is create a Test OU, create a new Group Policy Object, Edit the settings on the new GPO (with all of the IE/lock down configs), Link the GPO to the Test OU, move your computers into the test OU. reference the link below for additional/full steps to create GPO's.

Create/Delete/Link GPO's

Will.
0
 

Author Closing Comment

by:grindsmygeaqrs
ID: 39807564
Many thanks Will! People like you make this site great!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question