leo135
asked on
Limiting XP User Permissions for Security (OS to become only a shell for RDP)
Hello all,
Given that XP support ended over a year ago, I'd like to know what suggestions you may have to increase security on them so that we can use them to remote onto other machines only, with all other permissions removed.
What permissions would you suggest removing from a user group, after which we will put all users in that group (only).
How secure actually is this?
Thanks for taking the time to read
Given that XP support ended over a year ago, I'd like to know what suggestions you may have to increase security on them so that we can use them to remote onto other machines only, with all other permissions removed.
What permissions would you suggest removing from a user group, after which we will put all users in that group (only).
How secure actually is this?
Thanks for taking the time to read
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There are no other ways in now that XP ended support? <-- A good deal of security protection is built into the operating system - not always an add on. So there is not much you can do with an operating more than a year out of support and with no updates.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
"So if the firewall is on with no exceptions and the user cannot use any software other than rdp, it should be secure? There are no other ways in now that XP ended support?"
If I boot xp (firewall on), start the RDP client and connect, then nothing bad will ever happen. It depends on what else you plan to do on that xp machine. If "nothing at all" would be your answer, then you may do it and feel secure.
If however, your users tend to do all kinds of things apart from RDP, sure, there are many potential risks.
If I boot xp (firewall on), start the RDP client and connect, then nothing bad will ever happen. It depends on what else you plan to do on that xp machine. If "nothing at all" would be your answer, then you may do it and feel secure.
If however, your users tend to do all kinds of things apart from RDP, sure, there are many potential risks.
ASKER
Ok I think I have all the answers I need. I may create a special group and give it only access to the RDP file and client and nothing else, but it will take a bit of experimenting and may not work. If so, then I doubt they can be trusted to do nothing else so may have to go with the first recommendations of abandoning XP, although that kind of decision isn't necessarily in my control. Thanks everyone for your answers!
Love being here at EE
Love being here at EE
ASKER
Everything I needed to know
Just another hint,
If you really only want the users to access the RDP you also could use a linux system with a RDP client, if no money should be spent for upgrading old PCs to a current version of Windows.
If you really only want the users to access the RDP you also could use a linux system with a RDP client, if no money should be spent for upgrading old PCs to a current version of Windows.
That's true. You should not have to use an outdated OS just for an RDP client. Many free linux system (even live systems like knoppix) offer rdesktop.
ASKER
It's still not free as we'd have to charge for the work but I will definitely take it into consideration. Thanks for still answering even after the accepted answer stage.
The internet is both a place of the best and worst of people and here is an example of it being the best.
The internet is both a place of the best and worst of people and here is an example of it being the best.
Securing the XP boxes is also work, and mybe more than just hand out a boot cd to the users and removing the ahrddisk from the machine ;)
All depends on your setup, your security requirements, users, (e.g. if it would pose a problem that users have root on such a cd booted PC), etc. pp.
Many users here are not here for points many of us just like the challenge to solve problems, to help others and to learn new things. The points are just a nice addon nad make it more fun and EE free to use, 3000pt each month are very easy to earn)
All depends on your setup, your security requirements, users, (e.g. if it would pose a problem that users have root on such a cd booted PC), etc. pp.
Many users here are not here for points many of us just like the challenge to solve problems, to help others and to learn new things. The points are just a nice addon nad make it more fun and EE free to use, 3000pt each month are very easy to earn)
ASKER