Locking down XP machines on a peer to peer network

[Chris Swinney]

Hi,

We have a small XP network on a peer-to-peer basis that is going to be used
as an open access suite. I want to lock down these machines (such as
removing access to the control panel and restricting access to the C drive)
which I thought could be fairly simply done using the Local Computer Policy
via gpedit.msc.

However, I am used to working in a domain environment so being able to apply
different policies to different users or groups. We also want some users
(such as administrators) to be able to log on and access all features. It
seems that if I apply a Local Computer Policy, I cannot differentiate
between users. Is there a way to save a policy file (one with features
turned on, or one with them turned off) so that they can be simply applied
by an administrator, or is there a better way to do this?

In addition, I can remember vaguely that Microsoft used to provide example
settings of Group Policy for machines in certain situations; however, I can't
remember the link to the pages. Does anyone know the whereabouts of these
examples and if they can be applied out of a domain controlled environment?

Many Thanks

Chris

 

[Lanwench [MVP - Exchange]]

Hi,

We have a small XP network on a peer-to-peer basis that is going to
be used as an open access suite. I want to lock down these machines
(such as removing access to the control panel and restricting access
to the C drive) which I thought could be fairly simply done using the
Local Computer Policy via gpedit.msc.

However, I am used to working in a domain environment so being able
to apply different policies to different users or groups. We also
want some users (such as administrators) to be able to log on and
access all features. It seems that if I apply a Local Computer
Policy, I cannot differentiate between users. Is there a way to save
a policy file (one with features turned on, or one with them turned
off) so that they can be simply applied by an administrator, or is
there a better way to do this?
In addition, I can remember vaguely that Microsoft used to provide
example settings of Group Policy for machines in certain situations;
however, I can't remember the link to the pages. Does anyone know the
whereabouts of these examples and if they can be applied out of a
domain controlled environment?
Many Thanks

Chris

Group policy isn't an option if you aren't using AD, and you really don't
want to muck around with a bunch of local policies (it's maddening and you
can all too easily lock your keys in the car, as it were). You're correct
that a local policy applies to all users, anyway.

Check out Windows Steady State for kiosk-type setups, and/or Doug Knox's
Security Console (google for both)

 

[Chris Swinney]

Thanks,

that stuff looks like it will fit the bill very well.

Chris

"Lanwench [MVP - Exchange]"

 

[Lanwench [MVP - Exchange]]

Thanks,

that stuff looks like it will fit the bill very well.

Chris

Glad to help- best o' luck.

"Lanwench [MVP - Exchange]"

Group policy isn't an option if you aren't using AD, and you really
don't want to muck around with a bunch of local policies (it's
maddening and you can all too easily lock your keys in the car, as
it were). You're correct that a local policy applies to all users,
anyway. Check out Windows Steady State for kiosk-type setups, and/or Doug
Knox's Security Console (google for both)