Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Confirguring strict PC access control; (limiting user access to a specific application)

Posted on 2014-01-23
4
Medium Priority
?
382 Views
Last Modified: 2014-01-24
Experts!

Hello. I'm seeking advice on a task. I need to configure (on 300 laptops) the following scenario. The laptops will access one specific website (students will be taking on online exam). These laptops must be confirugred so that students cannot navigate away from that specific website. Students must be prevented from opening any other browser tabs, minimizing the browser, opening any other applications on the computer, ect. Things must be "nailed down" very strictly, so to speak.

Because of infrastructure and financial considerations, VMware is most likely not an option. We have 300 laptops that we plan to image with a master image. Just off the top of my head I'm thinking a hosts file and strict AD policies. If AD is an appropriate solution, I could use some help with creating those policies.

Any input or advice will be warmly welcomed!

Thank you
0
Comment
Question by:grindsmygeaqrs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39803562
You can definitly do this with AD and Group Policies. Under the default Administrative Templates for User Configuration.

Under Administrative Templates you will see...
- Control Panel
- Add/Remove Programs
- Display
- Desktop
etc

You can also set it up so that Internet Explorer launches unpon login and you can use full scrren window and remove address bar, back buttons etc.

Will.
0
 

Author Comment

by:grindsmygeaqrs
ID: 39806791
Hi Will. Thank you so much for the reply. Would be please provide a bit more info? Bear in mind you're dealing with a novice :)

What is the config setting to keep a window maximized? Is that possible? E.g. make it so that a student is unable to minimize or exit Firefox/IE? If you can provide any more specific config settings to achieve a "total lock", I would really appreciate that.

I was thinking to use a hosts file to restrict internet access. Besides the IPs specific to the testing portal.. are there any other addresses that I need to allow access to (that you can think of off hand)? What is the best config for a hosts file to allow access only to the sites/IPs/domains specified, and restrict anything else?

Finally, I wouldn't want to modify our existing group policy. If I were to create a new one, how would I assign new users to that Group Policy (rather than the default)?

Sorry, you're dealing with a novice! I've been doing some research and your guidance has really helped. If you can give me just a bit more help, I'll owe you a beer pal!

Thank you,
Mark
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39806872
To stop intenet access you could enable proxy setting from a GPO and point it to 127.0.0.1. they will then never be able to get out to the internet. You can then also set the home page to whatever you want. You can also force Full Screen Mode in IE.

All of the configuration settings are in Group Policy. You can do this either for the User or Computer. I would assume that you want to do this for the computer.

All of the options are under the following GPO Location
Computer Configuration>Admin Templates> Windows Components>Internet Explorer
Scrrenshot below...
GPO Settings
If the computers are using FireFox then you will need to download the Admin Template for this as it is not installed natively.

FireFox Admin Template

As for the New GPO, all you would need to do is create a Test OU, create a new Group Policy Object, Edit the settings on the new GPO (with all of the IE/lock down configs), Link the GPO to the Test OU, move your computers into the test OU. reference the link below for additional/full steps to create GPO's.

Create/Delete/Link GPO's

Will.
0
 

Author Closing Comment

by:grindsmygeaqrs
ID: 39807564
Many thanks Will! People like you make this site great!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question