can you make a doghouse in Windows XP?

  • Thread starter Thread starter Larry
  • Start date Start date
L

Larry

Hi... realized while I was at work the other day that Windows XP Pro has
at least most of the features you would need to create a group that will put
a user in the doghouse. Don't know if legalities would be an issue, though,
and don't know for sure how it would work. Has this been considered? It is
possible in Linux to use this feature to limit users to just a word
processor and printer, maybe a background, whatever single features you want
to give them... I'm pasting a message about this from the RH Linux
newsgroup:
In the original UNIX, it was possible to build a user group that allowed a
system admininstrator to "put a user in the doghouse". The basic steps I
remember learning about involved creating a smaller directory and copying
limited commands into it; i.e. - just the features you want those users to
have access to. The user was typically "locked" into their own home
directory by means or permissions and normally given access then to just a
simple file or two to use for their background. The description suggested
a basic text editor like "vi" would be supplied. What I'm interested in
is supplying basic features to children whereby they have access to a
couple of games, maybe a basic word processor like KWrite or something,
but not internet or chat, and no ability to install anything more on their
own. Is it still possible, or is modern Linux so cross integrated that
you NEED a lot of features from the system and wouldn't be able to do this
any more?
Click to expand...

simple:

mkdir /rbin
ln -s /usr/bin/ssh /rbin/ssh
cp /bin/bash /bin/rbash

create user
add the user shell to be /bin/rbash
edit .bash_profile; change line to: PATH=/rbin

create links to commands they can use in /rbin
 
HOW TO: Create and Configure User Accounts in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;279783&Product=winxp

HOW TO: Set, View, Change, or Remove Special Permissions for Files and Folders in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;308419&Product=winxp

Description of the Software Restriction Policies in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310791&Product=winxp

HOW TO: Use the Group Policy Editor to Manage Local Computer Policy in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;307882&Product=winxp

Doug's Windows XP Security Console
http://www.dougknox.com/xp/utils/xp_securityconsole.htm

[Courtesy of MS-MVP Doug Knox]

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

----------------------------------------------------------------------------------------------


| Hi... realized while I was at work the other day that Windows XP Pro has
| at least most of the features you would need to create a group that will put
| a user in the doghouse. Don't know if legalities would be an issue, though,
| and don't know for sure how it would work. Has this been considered? It is
| possible in Linux to use this feature to limit users to just a word
| processor and printer, maybe a background, whatever single features you want
| to give them... I'm pasting a message about this from the RH Linux
| newsgroup:
|
| >
| > In the original UNIX, it was possible to build a user group that allowed a
| > system admininstrator to "put a user in the doghouse". The basic steps I
| > remember learning about involved creating a smaller directory and copying
| > limited commands into it; i.e. - just the features you want those users to
| > have access to. The user was typically "locked" into their own home
| > directory by means or permissions and normally given access then to just a
| > simple file or two to use for their background. The description suggested
| > a basic text editor like "vi" would be supplied. What I'm interested in
| > is supplying basic features to children whereby they have access to a
| > couple of games, maybe a basic word processor like KWrite or something,
| > but not internet or chat, and no ability to install anything more on their
| > own. Is it still possible, or is modern Linux so cross integrated that
| > you NEED a lot of features from the system and wouldn't be able to do this
| > any more?
|
| simple:
|
| mkdir /rbin
| ln -s /usr/bin/ssh /rbin/ssh
| cp /bin/bash /bin/rbash
|
| create user
| add the user shell to be /bin/rbash
| edit .bash_profile; change line to: PATH=/rbin
|
| create links to commands they can use in /rbin
 
Back
Top