Jump to content

Super limited user!


Recommended Posts

Hi, I want to restrict a Windows user account to only run one single program.

Let's say I create a user called Bob.

Bob is not a member of any group, not even Users.

He is simply a Nobody!

Still, I'm able to successfully run Firefox as Bob, using the following command:

runas /user:Bob "%PROGRAMFILES%\Mozilla Firefox\firefox.exe"

How is that possible?

What fundamental part the Windows security model am I missing?

Please explain!


Link to comment
Share on other sites

  • 2 weeks later...

There are a few options here. Basically, you want to look at group policy settings. There is a setting to set the Shell to something other than explorer.exe. Group policy can also disable the task manager, disable the run dialog, etc. Do some googling. The user must still be a member of a group, but you can restrict the heck out of that user. There is also a firefox extension called Rkiosk, which can impose restrictions on the firefox window.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Create New...