Re: Locking down a stand-alone 2000 Server with Group Poicy

[Phillip McCollum <pmccollum () sanmanuel com>]

Hi Al,

Since Local Machine Policy applies to all local users, the best way to go 
about this is through a login script.   First create a security template, 
and then apply this template in the logon script (using secedit.exe) for 
the required users.

Hope this helps,
Phillip

At 07:59 AM 9/29/2003, you wrote:
> Apologies if this is slightly off topic, but I have a stand-alone laptop 
> running windows 2000 and it will be used for training external customers.
> I've setup a user account which they will use to log in to the machine and 
> run our company application. I need to ensure that this user account can't 
> do anything on the laptop other than run the application. Things like the 
> run command, task manager, explorer, control panel etc all must be disabled.
>
> I was wondering what would be the best way to achieve this without 
> purchasing external software, I've played around with the group policy 
> editor snap in, but all the setting then apply to the administrator 
> account also.  Has anyone got any suggestions, I found windows help pretty 
> confusing and geared towards group policy for domains rather than 
> stand-alone machines.
>
> Many thanks, Al
>
> _________________________________________________________________
> Stay in touch with absent friends - get MSN Messenger 
> http://www.msn.co.uk/messenger
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

Phillip McCollum
MCP/CNA/A+
Network Technician II
San Manuel Band of Mission Indians
pmccollum () sanmanuel com  



---------------------------------------------------------------------------
----------------------------------------------------------------------------