RE: Locking down a stand-alone 2000 Server with Group Poicy

[Meidinger Chris <chris.meidinger () badenit de>]

your subject line said that it is a 2000 server, are you running a server
OS?

you can create a mini active directory, and make an OU and add that user to
the OU. then apply your GPOs only to that OU.

There is no reason your computer can't be a domain, is there?

> -----Original Message-----
> From: Al Cook [mailto:cookas () msn com] 
> Sent: Monday, September 29, 2003 4:59 PM
> To: security-basics () securityfocus com
> Subject: Locking down a stand-alone 2000 Server with Group Poicy
>
>
> Apologies if this is slightly off topic, but I have a 
> stand-alone laptop 
> running windows 2000 and it will be used for training 
> external customers.  
> I've setup a user account which they will use to log in to 
> the machine and 
> run our company application. I need to ensure that this user 
> account can't 
> do anything on the laptop other than run the application. 
> Things like the 
> run command, task manager, explorer, control panel etc all 
> must be disabled.
>
> I was wondering what would be the best way to achieve this without 
> purchasing external software, I've played around with the 
> group policy 
> editor snap in, but all the setting then apply to the 
> administrator account 
> also.  Has anyone got any suggestions, I found windows help 
> pretty confusing 
> and geared towards group policy for domains rather than stand-alone 
> machines.
>
> Many thanks, Al
>
> _________________________________________________________________
> Stay in touch with absent friends - get MSN Messenger 
> http://www.msn.co.uk/messenger
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------