Dan
asked on
locking down a profile on windows 7
How can I lock down a profile via GP to basically only allow one program to be used.
For example, I want the programs/features, control panel, etc... removed
Also want the games, actually the entire all programs removed.
Also want to remove all browsers as well.
I just need to create a shortcut on the desktop that points to an exe on the local C drive that runs an application, besides that, I don't want the user to have any other access.
Is that possible, and how would I do that?
The account doesn't have to be pushed out via GP, but it needs to be an Active Directory account, so I have different individuals use the same account.
For example, I want the programs/features, control panel, etc... removed
Also want the games, actually the entire all programs removed.
Also want to remove all browsers as well.
I just need to create a shortcut on the desktop that points to an exe on the local C drive that runs an application, besides that, I don't want the user to have any other access.
Is that possible, and how would I do that?
The account doesn't have to be pushed out via GP, but it needs to be an Active Directory account, so I have different individuals use the same account.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So I have pretty much made the changes that I want, but how do I now install the program for this restricted user account and add the shortcut to the desktop, because I prohibited all access to create items on the desktop.
ASKER
I am using windows 7 pro, on a domain
With pro, you could use software restriction policies. Those can use whitelists of allowed programs. https://technet.microsoft.com/en-us/library/hh831534.aspx?f=255&MSPPError=-2147217396 (article is for win8, but same for 7).
ASKER
Thanks everyone, I just used GP, as it seems to be the easiest way.
I wonder why you don't use Software restriction policies. Since it can whitelist, it surely comes closest to what you asked for.
ASKER
McKnife, I looked at the article, but it was a bit confusing. So I opened GP, under same GP object, and then created a software restriction policy, but I don't see how I can use this for what I want?
Do you know of a website that shows in step by step how to configure the software restriction policies?
Because the only thing I want any user to be able to do is run a program that is on the desktop, and nothing else, so my computer, all programs, devices and printers, control panel, everything is hidden, or removed and I don't see how I can do that with the software restriction policies.
Do you know of a website that shows in step by step how to configure the software restriction policies?
Because the only thing I want any user to be able to do is run a program that is on the desktop, and nothing else, so my computer, all programs, devices and printers, control panel, everything is hidden, or removed and I don't see how I can do that with the software restriction policies.
Next time, ask before closing the question :)
http://www.mechbgon.com/srp/ and http://www.windowsnetworking.com/articles-tutorials/netgeneral/Software-Restriction-Policies.html will serve you.
http://www.mechbgon.com/srp/ and http://www.windowsnetworking.com/articles-tutorials/netgeneral/Software-Restriction-Policies.html will serve you.
ASKER
my bad, I will do that next time. By the way, I briefly looked at the sites you suggested, but how is that any easier than using GP the way I've done it? It almost looks more complicated?
SRPs in short: Define a white list, set the rest to blocked. With other GPOs, you can't do that.
https://www.youtube.com/watch?v=gVySPtMcvmc
http://www.mahalo.com/how-to-use-the-app-locker-in-windows-7