RE: Locking down a stand-alone 2000 Server with Group Policy

["Donald Voss" <voss () albany edu>]

Do some reading on mandatory profiles [google is your friend]

Ignore the use of network share to store profile .. store locally in a read
only area.

/don


 "When you get too old to set bad examples, you start giving good advice."

-----Original Message-----
From: Al Cook [mailto:cookas () msn com]
Sent: Monday, September 29, 2003 10:59 AM
To: security-basics () securityfocus com
Subject: Locking down a stand-alone 2000 Server with Group Poicy


Apologies if this is slightly off topic, but I have a stand-alone laptop
running windows 2000 and it will be used for training external customers.
I've setup a user account which they will use to log in to the machine and
run our company application. I need to ensure that this user account can't
do anything on the laptop other than run the application. Things like the
run command, task manager, explorer, control panel etc all must be disabled.

I was wondering what would be the best way to achieve this without
purchasing external software, I've played around with the group policy
editor snap in, but all the setting then apply to the administrator account
also.  Has anyone got any suggestions, I found windows help pretty confusing
and geared towards group policy for domains rather than stand-alone
machines.

Many thanks, Al

_________________________________________________________________
Stay in touch with absent friends - get MSN Messenger
http://www.msn.co.uk/messenger


---------------------------------------------------------------------------
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------