locking down a profile on windows 7

How can I lock down a profile via GP to basically only allow one program to be used.
For example, I want the programs/features, control panel, etc... removed
Also want the games, actually the entire all programs removed.
Also want to remove all browsers as well.

I just need to create a shortcut on the desktop that points to an exe on the local C drive that runs an application, besides that, I don't want the user to have any other access.

Is that possible, and how would I do that?  

The account doesn't have to be pushed out via GP, but it needs to be an Active Directory account, so I have different individuals use the same account.
DanNetwork EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph MoodyBlogger and wearer of all hats.Commented:
The easiest way is to specify a custom user interface for that user in Group Policy. You would set that interface to be the program that should be launched.

http://deployhappiness.com/group-policy-kiosk-mode-locking-down/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
For what you are looking for you will need to create a GPO specifically for User Policies. From the User Configuration Policy you can lock down everything. See the screenshot below.
gpo.JPG
Also there is a System Folder as well in the scrrenshot you can use this to lockdown further settings.

You can then use Group Policy Preferences to add the shortcut to the users desktop.

Will.
0
David Johnson, CD, MVPOwnerCommented:
Which version of Windows 7? Enterprise or Ultimate can use Applocker
https://www.youtube.com/watch?v=gVySPtMcvmc
http://www.mahalo.com/how-to-use-the-app-locker-in-windows-7
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

DanNetwork EngineerAuthor Commented:
So I have pretty much made the changes that I want, but how do I now install the program for this restricted user account and add the shortcut to the desktop, because I prohibited all access to create items on the desktop.
0
DanNetwork EngineerAuthor Commented:
I am using windows 7 pro, on a domain
0
McKnifeCommented:
With pro, you could use software restriction policies. Those can use whitelists of allowed programs. https://technet.microsoft.com/en-us/library/hh831534.aspx?f=255&MSPPError=-2147217396 (article is for win8, but same for 7).
0
DanNetwork EngineerAuthor Commented:
Thanks everyone, I just used GP, as it seems to be the easiest way.
0
McKnifeCommented:
I wonder why you don't use Software restriction policies. Since it can whitelist, it surely comes closest to what you asked for.
0
DanNetwork EngineerAuthor Commented:
McKnife, I looked at the article, but it was a bit confusing.  So I opened GP, under same GP object, and then created a software restriction policy, but I don't see how I can use this for what I want?

Do you know of a website that shows in step by step how to configure the software restriction policies?

Because the only thing I want any user to be able to do is run a program that is on the desktop, and nothing else,  so my computer, all programs, devices and printers, control panel, everything is hidden, or removed and I don't see how I can do that with the software restriction policies.
0
McKnifeCommented:
0
DanNetwork EngineerAuthor Commented:
my bad, I will do that next time. By the way, I briefly looked at the sites you suggested, but how is that any easier than using GP the way I've done it?  It almost looks more complicated?
0
McKnifeCommented:
SRPs in short: Define a white list, set the rest to blocked. With other GPOs, you can't do that.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.