User defined security options

[Joshua Beaumont]

I am looking to create a 4 user local machine, operating
Windows 2000 professional. I want 2 administrators one
supervisor and a base user. I wish the user however to be
limited to execute only those applications I so choose and
the ablility to log off. We are talking no access to the
3 1/2 drive, no CD rom, not even the ability to shut down
the computer short of hard booting the PC itself (which
will be in a sealed locked ventelated enclosure). I
currently have the Windows 2000 professional Bible on
order but am curious if there is any other source of
information that would provide this level of training.
Thanks,
Joshua Beaumont

 

[Steven Umbach]

What you want to accomplish is best done in a domain which can apply different
Group Policy settings to users logging onto the same computer. On a stand alone
machine, Group Policy via gpedit.msc will apply equally to all users though
there is a KB link below that has a workaround that may work. To prevent access
to drives, you may want to use a computer case that has a locking front panel
to block access to the drives. Keep in mind that USB ports are a security risk
and you may want to disable them in cmos and password protect cmos settings. It
is harder to lock down a regular user than one may think because in a default
configuration they may have excessive permissions to the root/drive folder and
will have full control to their profile folder under documents and settings. You
can set permissions on the drive folder to be only read/list/execute for
everyone and users on that folder. To restrict the user from running
applications, you can remove their ntfs permissions or give them deny ntfs
permissions to the application folder. Se the link below for more info on
hat. --- Steve

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q293655&
http://support.microsoft.com/default.aspx?scid=kb;en-us;308418 similar for W2K