JohnMK Posted October 4, 2007 Share Posted October 4, 2007 (edited) Hello folks,I'm trying to set up a computer for my company so that only two web sites are accessible. They'd also like it so that executables can't be run, even mundane programs such as calc, notepad, etc. This also means that the system configuration would have to be locked unless you have the administrator password, so that the rules can't be changed behind our backs.Now, being a neophyte to this kind of request, I don't know where else to turn. You folks know your stuff so please share your ideas. Thanks folks!-John Edited October 4, 2007 by JohnMK Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted October 4, 2007 Share Posted October 4, 2007 So basically the computer will only be used for browsing those two websites? I've said it before: SiteKiosk.You can also check out Microsoft Windows SteadyState (formerly known as the Shared Computer Toolkit). This is a free alternative, but I don't know if it will let you lock down as much as SiteKiosk does.SiteKiosk is $200USD for the Plus Bundle version (includes the SiteCoach Internet content filter and a few other addons). It's $149USD for the basic version. Link to comment Share on other sites More sharing options...
JohnMK Posted October 4, 2007 Author Share Posted October 4, 2007 Thank you!Windows SteadyState looks promising. I'm looking at the handbook right now. Do you know if it has an option to allow only certain websites to be accessed? Link to comment Share on other sites More sharing options...
Idontwantspam Posted October 5, 2007 Share Posted October 5, 2007 If you're using an AD domain, use active directory. You can restrict almost anything, though I don't know about the websites thing. I've seen at my public library that they restrict you to only the library website on a few of the computers. Maybe it has something to do with DNS, or maybe there's a policy somewhere. If you're not on a domain, it's still possible to restrict using GP, but you'll have to do it the registry route. Link to comment Share on other sites More sharing options...
jcarle Posted October 5, 2007 Share Posted October 5, 2007 Why so complicated? Use OpenDNS. It supports filtering and blocking and all that jazz. And it's free. Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted October 5, 2007 Share Posted October 5, 2007 You still have to be able to effectively lockdown the workstation so that they can't run anything else. This is MUCH more time consuming (and quirky) to do with Group Policies than it is with Windows SteadyState* or something like SiteKiosk.*Disclaimer: I've never used SteadyState personally. We purchased a license for SiteKiosk years ago before the Shared Computer Toolkit was available. Link to comment Share on other sites More sharing options...
Tripredacus Posted October 5, 2007 Share Posted October 5, 2007 Why so complicated? Use OpenDNS. It supports filtering and blocking and all that jazz. And it's free.Yes, why so complicated? IE's security features can do this! Link to comment Share on other sites More sharing options...
JohnMK Posted October 5, 2007 Author Share Posted October 5, 2007 Actually it seems OpenDNS cannot do this. I've looked around their forum and this question's been asked at least twice. The answer is no. If they allow this ever, it'll probably be a premium feature that you pay for.Using IE's Content Advisor looks to be a reasonable alternative. Give it the most restrictive settings, including those that block all sites not rated, and you pretty much can navigate only the sites you add to the white list. Link to comment Share on other sites More sharing options...
MrCobra Posted October 8, 2007 Share Posted October 8, 2007 Thanks for the reference to Steady State. That'll come in handy for a family member that just can't keep from gunking up his PC. I guess I'll start charging him so he gets the message not to do the things he does. Gets old. Link to comment Share on other sites More sharing options...
cluberti Posted October 9, 2007 Share Posted October 9, 2007 If you can force the usage of IE, you can configure IE to use a proxy autoconfiguration script that does exactly this. Link to comment Share on other sites More sharing options...
SecretNinja Posted October 9, 2007 Share Posted October 9, 2007 Ok, restricting to 2 sites is dead simple. squid. set it up as a transparent proxy for those computers and you can limit it to 2 sites no problem. With regard to limiting the programs that you can run, i know we use ready state for our library pc's (though don't know how far we lock those down) and if you want you can do it with GPO's, though i suspect it would be time consuming locking it down totally that way. Link to comment Share on other sites More sharing options...
rav0 Posted October 20, 2007 Share Posted October 20, 2007 I'm trying to set up a computer for my company so that only two web sites are accessible. They'd also like it so that executables can't be run, even mundane programs such as calc, notepad, etc. This also means that the system configuration would have to be locked unless you have the administrator password, so that the rules can't be changed behind our backs.Opera's Kiosk Mode will do exactly that. Link to comment Share on other sites More sharing options...
PC_LOAD_LETTER Posted October 20, 2007 Share Posted October 20, 2007 I recently had 3 of these dropped off at my office (a number cruncher with the word 'director' in her title thought that because the sales people were knowledgeable, she didn't need to ask IT before purchasing equipment)http://www.kis-kiosk.com/standard-thinman.htmlof course they had no software with them except the windows xp install by dell on the dimension 620 bolted into them and the company pointed me at sitekiosk. so i checked into that and found out my budget for this project was exactly zero dollars and zero cents. YAY!locked system down with GP editorset autologin for default user and demoted user to lowest possible levelhttp://www.deepfreeze.com/ (already had this)ubuntu server + apt-get install dansguardian (already had this)firefox pointed at proxy serverhttps://addons.mozilla.org/en-US/firefox/addon/1659firefox in startup groupnotes:I got lucky and the included kiosk keyboard had no F keys or windows keys so i didnt have to lock them out to keep a user from hitting alt+f4, WIN+D (but even if they did they just get a blank desktop)user can still hit Ctrl+Esc to display start menu (but the only options are restart/logoff) -left that enabled on purpose so i can logout and log in to my admin account locally to update things like flash player / adobe pdf and the like Link to comment Share on other sites More sharing options...
rav0 Posted October 20, 2007 Share Posted October 20, 2007 (edited) --- Edited October 20, 2007 by rav0 Link to comment Share on other sites More sharing options...
Idontwantspam Posted October 21, 2007 Share Posted October 21, 2007 You could also use gp to force firefox as the user's shell. Then no start menu whatsoever. Pressing ctrl+alt+del (you DO have change password, lock computer, and task manager disabled, right?) will allow you to log off. In fact, if you also want to stop them from shutting down the computer, do that, too, and disable shutdown from the logon screen. Then you can only shut it down while logged in as the admin. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now