Windows 2000 Prof only Internet Explorer is running as an applicat

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello together,

I do have the following problem. I want for my Intranet Webpages that the
Internet Explorer is the only application that is possible to run on this
machine.
A user should not have the posibility to open an Explorer and to add or
delete Files.
It should be a desktop machine where always a Internet Explorer Window is
open and nothing else like in an internet cafe. (Everything else is blocked.)
Does anybody know how to make this possible?
 
Certainly not bullet proof but you can set the Reg_Sz string value of;
"Shell"="Explorer.exe"
to the full path of the program you wish to start by default. found at
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

For example to start the command interpreter;
"Shell"="C:\winnt\system32\cmd.exe"

You may be able to define this per user at;
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hello together,
|
| I do have the following problem. I want for my Intranet Webpages that the
| Internet Explorer is the only application that is possible to run on this
| machine.
| A user should not have the posibility to open an Explorer and to add or
| delete Files.
| It should be a desktop machine where always a Internet Explorer Window is
| open and nothing else like in an internet cafe. (Everything else is
blocked.)
| Does anybody know how to make this possible?
 
Thank you it works nice, even for defined Users.

The only security whole is that the user is able to open the Task Manager
and is allowed to start new Tasks.

Is there a posibillity to prevent this?
 
Go to Start >Run type mmc and hit enter then File>add/Remove Snap-in the hit
the Add button and double click Local computer policy select close and then
OK. Expand the User Configuration tree, expand the Administrative Templates
tree, select the Start Menu and Taskbar container and find the one that says
remove access to context menus for the taskbar and enable it. Then go down
to the System container and select Ctrl+Alt+Del Options and enable the
Remove Task Manager option.

--
Regards,

Jerry M. Gartner
Mathias Bischoff said:
Thank you it works nice, even for defined Users.

The only security whole is that the user is able to open the Task Manager
and is allowed to start new Tasks.

Is there a posibillity to prevent this?


Dave Patrick said:
Certainly not bullet proof but you can set the Reg_Sz string value of;
"Shell"="Explorer.exe"
to the full path of the program you wish to start by default. found at
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

For example to start the command interpreter;
"Shell"="C:\winnt\system32\cmd.exe"

You may be able to define this per user at;
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hello together,
|
| I do have the following problem. I want for my Intranet Webpages that
the
| Internet Explorer is the only application that is possible to run on
this
| machine.
| A user should not have the posibility to open an Explorer and to add or
| delete Files.
| It should be a desktop machine where always a Internet Explorer Window
is
| open and nothing else like in an internet cafe. (Everything else is
blocked.)
| Does anybody know how to make this possible?
Click to expand...
Click to expand...
 
See Jerry's reply. Just be careful you don't lock yourself out.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Thank you it works nice, even for defined Users.
|
| The only security whole is that the user is able to open the Task Manager
| and is allowed to start new Tasks.
|
| Is there a posibillity to prevent this?
 
Good point, Dave. Ideally you can apply those restrictions to specific user
groups through Group Policy Management from your DC if you authenticate to a
2000 or 2003 server. NT Server 4 has a more limited ability to propagate
the restrictions too using poledit - I think that poledit is on a resource
disk or you can find it on the MS web site. (BTW: if you are authenticating
to an NT 4 PDC, it's time to upgrade!) Using the described method in the
prior post could hamper you abilities as an administrator if you universally
remove access to the task manager and the run function, although, you could
just type "c:" into the IE address bar for access to the c drive.
 
Back
Top