oystercatcher Posted September 23, 2008 Share Posted September 23, 2008 greetings,I am supporting a small business with 3 winxp computers on copper dsl behinda linksys router. One computer runs the primary business application a database of sales, inventory and reporting. Another computer can accessthe database via vnc. Although the database unit has had its problems, themain issue is with the other two computers. After reinstalling winxp on bothunits, I have set up limited user accounts on the machines. From my testingit seems that the limited accounts can still download and install files, applicationsetc. I would like to change the security on the limited accounts to blockany downloads via firefox or internet explorer. What information I havebeen able to locate so far hasn't really worked (gpedit.msc) so I am looking for detailed documentation if it is available.Thanks for any help Link to comment Share on other sites More sharing options...
nitroshift Posted September 24, 2008 Share Posted September 24, 2008 I'm afraid that without a domain, further lock-downs are impossible. Link to comment Share on other sites More sharing options...
PC_LOAD_LETTER Posted September 24, 2008 Share Posted September 24, 2008 easiest method is to just freeze the machine state using steadystate(free) or deep freeze(paid)it wont prevent someone from making changes but itll save you from having to undo them if they do. Link to comment Share on other sites More sharing options...
oystercatcher Posted September 25, 2008 Author Share Posted September 25, 2008 Thanks, I downloaded the documentation pdf for steady state andappreciate the suggestion as had not heard of the product. easiest method is to just freeze the machine state using steadystate(free) or deep freeze(paid)it wont prevent someone from making changes but itll save you from having to undo them if they do. Link to comment Share on other sites More sharing options...
beats Posted September 25, 2008 Share Posted September 25, 2008 First, you can restrict users from installing software on one computer, by changing the permissions for the HKEY_LOCAL_MACHINE\SOFTWARE, HKEY_CURRENT_USER\SOFTWARE and HKEY_USERS\.DEFAULT\SOFTWARE registry keys. Run regedt32, and remove their Set Value and Create Subkey permissions in SOFTWARE. Change the Everyone group's permissions from Special Access to Read. Then, users in the group will have only Query Value, Enumerate Subkeys, Notify, and Read Control permissions.Second, you can implement a local software restriction policy using Group Policy to block specific executables or msi files from being run on the target user machine. You don't need a Domain for this.Third, you can block users from accessing the websites where they can download such software by configuring your firewall/proxy server (if those aren't available, you can use a HOST file). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now