Solved

Confirguring strict PC access control; (limiting user access to a specific application)

Posted on 2014-01-23
4
353 Views
Last Modified: 2014-01-24
Experts!

Hello. I'm seeking advice on a task. I need to configure (on 300 laptops) the following scenario. The laptops will access one specific website (students will be taking on online exam). These laptops must be confirugred so that students cannot navigate away from that specific website. Students must be prevented from opening any other browser tabs, minimizing the browser, opening any other applications on the computer, ect. Things must be "nailed down" very strictly, so to speak.

Because of infrastructure and financial considerations, VMware is most likely not an option. We have 300 laptops that we plan to image with a master image. Just off the top of my head I'm thinking a hosts file and strict AD policies. If AD is an appropriate solution, I could use some help with creating those policies.

Any input or advice will be warmly welcomed!

Thank you
0
Comment
Question by:grindsmygeaqrs
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39803562
You can definitly do this with AD and Group Policies. Under the default Administrative Templates for User Configuration.

Under Administrative Templates you will see...
- Control Panel
- Add/Remove Programs
- Display
- Desktop
etc

You can also set it up so that Internet Explorer launches unpon login and you can use full scrren window and remove address bar, back buttons etc.

Will.
0
 

Author Comment

by:grindsmygeaqrs
ID: 39806791
Hi Will. Thank you so much for the reply. Would be please provide a bit more info? Bear in mind you're dealing with a novice :)

What is the config setting to keep a window maximized? Is that possible? E.g. make it so that a student is unable to minimize or exit Firefox/IE? If you can provide any more specific config settings to achieve a "total lock", I would really appreciate that.

I was thinking to use a hosts file to restrict internet access. Besides the IPs specific to the testing portal.. are there any other addresses that I need to allow access to (that you can think of off hand)? What is the best config for a hosts file to allow access only to the sites/IPs/domains specified, and restrict anything else?

Finally, I wouldn't want to modify our existing group policy. If I were to create a new one, how would I assign new users to that Group Policy (rather than the default)?

Sorry, you're dealing with a novice! I've been doing some research and your guidance has really helped. If you can give me just a bit more help, I'll owe you a beer pal!

Thank you,
Mark
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39806872
To stop intenet access you could enable proxy setting from a GPO and point it to 127.0.0.1. they will then never be able to get out to the internet. You can then also set the home page to whatever you want. You can also force Full Screen Mode in IE.

All of the configuration settings are in Group Policy. You can do this either for the User or Computer. I would assume that you want to do this for the computer.

All of the options are under the following GPO Location
Computer Configuration>Admin Templates> Windows Components>Internet Explorer
Scrrenshot below...
GPO Settings
If the computers are using FireFox then you will need to download the Admin Template for this as it is not installed natively.

FireFox Admin Template

As for the New GPO, all you would need to do is create a Test OU, create a new Group Policy Object, Edit the settings on the new GPO (with all of the IE/lock down configs), Link the GPO to the Test OU, move your computers into the test OU. reference the link below for additional/full steps to create GPO's.

Create/Delete/Link GPO's

Will.
0
 

Author Closing Comment

by:grindsmygeaqrs
ID: 39807564
Many thanks Will! People like you make this site great!
0

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now