Win XP restrictions (guest account options)

[mohaughn]

Googling for GPO login scripts and just login scripts returns the following sites. You will have to modify what they have to get what you need, but this will give you the idea...

http://www.petri.co.il/tools.htm
http://www.serverwatch.com/tutorials...le.php/1474241


your script will be extremely simple.. basically you will put this-


echo off
echo "This is what you want to pop up on the screen."
pause


Login scripts are assigned on the Profile tab of a user account in active directory(users and computers) and local users(computer management for a local account). You can also apply a group policy object that will run a login script for all users that you assign. I would recommend going and getting yourself a good WinXP and AD book, and read up on group policy objects and login scripts as both topics are a bit to large to properly cover in this forum.

[s4b3r]

Try right clicking on the drive, then selecting "sharing and security", that might help

[pooh sun tzu]

Try right clicking on the drive, then selecting "sharing and security", that might help

He can't, not fully at least, because his system is on FAT32. You see, here are the differences:

http://www.theeldergeek.com/ntfs_or_...ile_system.htm
http://www.microsoft.com/windowsxp/u...october01.mspx
http://www.spcug.org/reviews/bl0401.htm


NTFS is much faster in regards to file handling and offers a much greater level of security to folders and files. You can restrict entire folders from a certain user or group, or grant access to only one user or group. Either way, NTFS is going to be the root of not only increasing system preformance but also giving a 'simple' way to control what the guest account can and can not access.

For FAT32 to NTFS conversion:

http://www.microsoft.com/technet/pro...onvertfat.mspx

[Irongeek]

It may look prettier if you use a .VBS (Visual Basic Script) file instead of a Batch file to do the message part.
Code for Message.vbs:

Code:

msgbox "This is your Message" & vbcrlf & "This is the 2nd line"

[Panther2000sd]

Thanks a lot for all the information on the subject you guys, it helped me a lot

Sincerely,
Steve Demers

[Tiger Shark]

*Cough*

Guys and gals.... We got him as far as gpedit.msc so why don't we show him how to use it?

Under Computer Configuration - Windows Settings - Security Settings - Local policies - Security Options you will find two settings:-

1. Interactive Logon: Message text for users attempting to log on
2. Interactive Logon: Message title for users attempting to log on

They do what they say.... They produce a large grey box before the login prompt with the title you put in the second key, (for example "***** WARNING *****"), and the text you wrote in the first key, (for example: "If you are logging into this computer under the GUEST account please have a virus free floppy disk available to save your work. As a Guest you do not have rights to save any files to this computer so your work will be lost if you do not save it to the floppy before exiting. Thank you and enjoy your experience.").

As a side note this is also a useful thing to use for such things as Terminal services machines that are publicly available. You can display the warning you want every time someone hit's the login prompt and, as a side benefit it's an extra step an attacker has to go through if he tries a brute force attack on a login name..... Nothing special but his tool won't work unless it accounts for the addidional input and it slows down his transaction rate....

There... all rather simple really.....

[Edit]

Steve, I would caution against signing your real name at the bottom of your posts. It may not bother you today but it may in 2 years time and this stuff won't go away.

You never know who comes here no what their intent may be - that may bite you in the future......

[/Edit]