Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Securing desktop against kids...

  1. #1
    Senior Member
    Join Date
    Feb 2002
    Posts
    518

    Question Securing desktop against kids...HELP

    Ive looked through the tuts and other threads breifly, and unless Im searchin wrong I didnt find much here or on google.
    I need to secure a winXP machine in a library. The administrator should have access to everything (normal access) and I want the user (books2) to have VERY restricted access. The problem I run into is Group policy seems to apply the changes to ALL the users on the computer, since the administrative templates (the part I really need restriction on) is a registry based change, and it applys (for some reason) to everyone, even though its SUPPOSED to be current user. Im confused. Anyone out there know how to do what Im trying to do? Id like to make a group (which Ive done) and apply the policy to JUST that group. Seems to me that Im in the right place but I cant change to the group... like select that group (public) and change just those users policy... any ideas?

    Thank you as always, and if there IS a thread in here please just point me there... I may be using the search wrong.

    Avenger
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  2. #2
    Junior Member
    Join Date
    Jun 2002
    Posts
    9
    To do what you really want to do, you need to install Active Directory, and this will allow you to apply a group policy to each Organizational Unit (OU) so you can have you administrators in one OU, and your restricted users in another OU. The problem is that to do this, you need to implement a windows 2k server. But other than implementing Active Directory, I don't believe there is a way to apply different Group Policies to a single computer.

    Hope this helps some.
    As I lay here on my bed, stareing up at the stars, I can\'t help but wonder.... what the hell happened to my ceiling??

  3. #3
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    I was gonna say the same thing that Flatline said..

    Ammo

    Hum, second thought, I think old style policies (poledit) still work with XP (at least I believe it still works with w2k...). You might want to give it a try...

    Ammo
    Credit travels up, blame travels down -- The Boss

  4. #4
    Junior Member
    Join Date
    Jun 2002
    Posts
    9
    Another thought... or maybe an expansion of my prevous thought...

    if you have only one computer in your library perhaps you could get rid of XP and install 2k server on it instead. That way you could use the Active Directory with the OUs, and just make sure that local users can log on to the server. That is unless you are attached to XP.
    As I lay here on my bed, stareing up at the stars, I can\'t help but wonder.... what the hell happened to my ceiling??

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    The 10 new machines ship with XP. The librarys server is a NT4.0 Box.
    The poledit is gpedit.msc in XP. it still is registry based editing and effects all users. I need to convince the library to buy one more machine as a AD machine and use the AD OU.
    Thats what I was afraid of, as it will be far easier said than done, but hey, **** happens.
    other than that they are gonna have shitty security.

    Avenger
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  6. #6
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Well if you are using a NT server (PDC), "legacy" policies should still work... They can be defined on a user/computer basis...

    Ammo
    Credit travels up, blame travels down -- The Boss

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    I ll look into that Ammo, thanks
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  8. #8
    Senior Member
    Join Date
    Jul 2002
    Posts
    386
    I'm probably posting this in the wrong place but the idea occurred to me from reading avenger's post. This is a security site and hacking and so forth is only one aspect of computer security. The other is personal safety, safety for our children not all of whom are wise to the ways of the Internet. People old and young are regularly being stalked online. Recently a man was killed in a city nearby who had found a woman on the Internet, became friendly with her and managed to find out where she lived. When he arrived unannounced and attacked her, she managed to get to her gun and shoot him.

    This may sound naive and it probably is, but "they" are out there, as anybody who regularly uses some of the instant messaging programs knows, and they're slick. Maybe a thread about personal security is in order, if there isn't already one. If there is, I apologize. I apparently overlooked it.

  9. #9
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Ammo -- any good links to "legacy policy" or how I implement it without AD?


    Avenger
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  10. #10
    Chuck56: make your own thread about it. Don't post off-topic in the middle of someone else's.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •