Secure Tools

  • Thread starter Thread starter old volunteer
  • Start date Start date
O

old volunteer

I support several PC's for a volunteer library. The PC's are open for the
public to use. The PC's are networked and use WN2000 and IE6. I have
"admin" security and they log on as "guest" so they can't add or delete
programs. The problem is they are constantly getting into Tools, Internet
Options in IE6 and changing settings. Is there any way for me to secure the
Tools area as Administrator so they can't make changes?
 
old volunteer said:
I support several PC's for a volunteer library. The PC's are open for the
public to use. The PC's are networked and use WN2000 and IE6. I have
"admin" security and they log on as "guest" so they can't add or delete
programs. The problem is they are constantly getting into Tools, Internet
Options in IE6 and changing settings. Is there any way for me to secure the
Tools area as Administrator so they can't make changes?
Click to expand...


Take a look at the gpedit.msc

<excerpt date="November 30, 2007">
Ref: "Using Group Policy to Manage Internet Explorer"

http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx#EBCAC

Hint: the article will help you drill down through the Group Policy tree
to find settings which apply to Internet Explorer.

</excerpt>

I haven't revisited that article to see if it is still there.

For other tips about Group Policy use I suggest you try a different newsgroup.
This one is almost totally focused on the end user.


HTH

Robert Aldwinckle
 
The reply I received from Mr. Aldwinckle indicates I didn't explain myself
clearly enough. The 7 PC's I support in the library do NOT go through a
central server - each one is configured separately. The only thing they have
in common is that they go through a common router to the Internet. I cleanup
each PC separately and am fustrated when users change tool settings in IE6.
Having Admin access to each PC is there any way I can secure the settings
from users logging in as "guest?"
 
It looks interesting, but our library PC's are configured with Win2000 not
XP. The site indicates the product is only good for XP or Vista?
 
old volunteer said:
The reply I received from Mr. Aldwinckle indicates I didn't explain myself
clearly enough.
Click to expand...


Or that you didn't read the page I pointed you to with sufficient objectivity
or understanding? Did you try any of the things the article mentions?

Oh. Apparently the anchor link I provided has changed?
So, perhaps you didn't even bother to try to find the new one? ; }

Using Group Policy to Manage Internet Explorer
http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx#ESCAC

<quote>
You can use Administrative Template policy settings located in
Administrative Templates\Windows Components\Internet Explorer.
For example, you can use policy settings to manage Internet Explorer security options.
These are the same options that you see in the Internet Explorer UI when you click Tools,
point to Internet Options, and then click Security. There are more than 500 policy settings
delivered by the Inetres.adm file, which is included by default in the operating system.
For more information about managing Internet Explorer with registry-based policy,
see Managing Windows XP Service Pack 2 Features Using Group Policy.

</quote>


So I think gpedit.msc *can* be used on a standalone machine to set group policy on it
by an administrator. I agree that some of the wording of articles linked imply
that *deployment* of it requires a domain server but there is this at least
which may provide an incentive to at least experiment with the idea:

http://technet2.microsoft.com/windo...6bc3-4dfa-b884-dd4b6c6b99941033.mspx?mfr=true

<quotes>
Internet Explorer Maintenance Extension Logical Architecture Components

Local GPO

Contains Group Policy settings for the local computer,
including potential Internet Explorer Maintenance policies.
</quotes>


I don't particularly want to experiment with my machine to prove this though. ; )
However, if I were to try it I would use ProcMon to check that gpedit.msc
would apply the registry changes as expected and that when IE was subsequently
used by a target user that those settings were queried and respected by IE
as intended.


BTW this is not the best newsgroup for getting help with admin practices
or help with understanding how to use group policy to restrict what features
you want users to have.


Good luck

Robert
---
 
Back
Top