W
William Gant
Hello,
I have two workstations on a small domain-less network in my
apartment. One of them is my primary workstation and can not be
accessed by anyone but me. However, the other one is in the den and is
used by my roommate continually.
Today, I found a significant amount (1+ GB) of porn stored in various
locations on the machine. I also found several programs that he
installed without my permission, expressly for the purpose of file
sharing (MP3s and probably his picture collection). Because there is a
distinct possibility of legal problems and viruses, I have reformatted
and want to absolutely lock the box down where he can't do much on it.
I'd like to lock everything down except solitaire and Microsoft Word.
No web browsing, no personal files (anything he wants to save needs to
be put on a floppy - I want his profile deleted on logoff, if
possible).
I don't want him going out to network neighborhood, or anywhere else.
I want to leave Word accessible in the hopes that he'll have the
opportunity to write a resume, get a job and make something of
himself. I also need Visual Source Safe, MSDE, and IIS to run in the
background as services. I obviously want to lock him out of them, and
I think that's already handled. He can still access the same programs
and his pr0n on his own machine - he's just using mine in case he gets
caught with something he shouldn't have.
I created a special user account for him (it was auto-logging on as
Administrator before because I was stupid enough to be trusting). I
created a group called Buttheads (okay, I called it something a bit
worse than that) and placed him in it. I then added the Deny
permissions for Program Files, Winnt, and other directories that I
don't want him messing with to the Buttheads group. I also want to
disable CTRL+ALT+DELETE and system shutdown from his account (so he
can't mess me up while I'm working in the other room). I want a system
shutdown to require a logon. His account should only be able to logon,
logoff, play solitaire, and run Word (the last two are really optional
at the moment - I want him to have to ask for everything he gets
access to).
Should I use Poledit to finish up the lockdown? If so, how do I apply
the policy?
Thanks,
Will Gant
(e-mail address removed)
I have two workstations on a small domain-less network in my
apartment. One of them is my primary workstation and can not be
accessed by anyone but me. However, the other one is in the den and is
used by my roommate continually.
Today, I found a significant amount (1+ GB) of porn stored in various
locations on the machine. I also found several programs that he
installed without my permission, expressly for the purpose of file
sharing (MP3s and probably his picture collection). Because there is a
distinct possibility of legal problems and viruses, I have reformatted
and want to absolutely lock the box down where he can't do much on it.
I'd like to lock everything down except solitaire and Microsoft Word.
No web browsing, no personal files (anything he wants to save needs to
be put on a floppy - I want his profile deleted on logoff, if
possible).
I don't want him going out to network neighborhood, or anywhere else.
I want to leave Word accessible in the hopes that he'll have the
opportunity to write a resume, get a job and make something of
himself. I also need Visual Source Safe, MSDE, and IIS to run in the
background as services. I obviously want to lock him out of them, and
I think that's already handled. He can still access the same programs
and his pr0n on his own machine - he's just using mine in case he gets
caught with something he shouldn't have.
I created a special user account for him (it was auto-logging on as
Administrator before because I was stupid enough to be trusting). I
created a group called Buttheads (okay, I called it something a bit
worse than that) and placed him in it. I then added the Deny
permissions for Program Files, Winnt, and other directories that I
don't want him messing with to the Buttheads group. I also want to
disable CTRL+ALT+DELETE and system shutdown from his account (so he
can't mess me up while I'm working in the other room). I want a system
shutdown to require a logon. His account should only be able to logon,
logoff, play solitaire, and run Word (the last two are really optional
at the moment - I want him to have to ask for everything he gets
access to).
Should I use Poledit to finish up the lockdown? If so, how do I apply
the policy?
Thanks,
Will Gant
(e-mail address removed)