Local security policy win2k

  • Thread starter Thread starter Behzad
  • Start date Start date
B

Behzad

Hi all.
I would like to set some restrictions to users who use
stations running
win2k in my netcafe (in a workgroup), so that users
cannot install programs or run trojans
on the computers. I set these restrictions in local
security policy but
after that the computers become unuseful and the user or
admin cannot do
even some ordinary tasks like running IE.

I appriciate any help or comment.

Cheers
Behzad
 
Hi Behzad

security and flexibility don't go well together. However, something you can
begin with is to put all your wks in a win2k domain and then use AD group
policy to apply the same policy to all of them .. as it easy to end up with
a mix when you have to apply the policies manually, on every wks.

My advice is to review carefully each policy and consider the (eventual)
tradeoffs you are making and then decide weather to apply it or not. You
have not given any info about the policilies applied so it is hard to give
you any useful advice.
 
IN addition, Behzad might want to look into mandatory profiles. Users
can make changes according the permissions they have on the
workstation, but they will not 'stick'.

Peter Kaufman
 
Keeping users in the regular user group is a good start. Preventing trojans and
viruses will also need the use of complex passwords, a properly configured
firewall, antivurus software that scans all email attachments, and keeping up
with critical updates. Make sure that ntfs permissions are restricted on the
root/drive share to be read/list/execute for everyone and users which may be
full control for the everyone group in a default installation. Local Group
Policy does apply to all users by default though there is an unsupported hack as
described in the link below that may help. Windows XP Pro would be a much better
solution because you can implement Software Restriction Policies with
hash/certificate/path rules that can really lock down a computer yet exempt
local administrators with the enforcement rule. --- Steve

http://www.jsiinc.com/sube/tip2400/rh2492.htm
http://support.microsoft.com/?kbid=310791
 
Back
Top