XP Desktop lock down best practices

  • Thread starter Thread starter Newbie
  • Start date Start date
N

Newbie

Hi,

I'd like to know if there are any guidelines I can follow to lock down some
XP desktop computers?

Thanks.
 
Newbie said:
Hi,

I'd like to know if there are any guidelines I can follow to lock down some
XP desktop computers?
Click to expand...

From who, and where?

Professional hackers in an isolated area, or the casual passerby in a public
(i.e., out in the open) area? Or, maybe, something in between?

Notan
 
I actually have the same question (I think).
I plan to deploy an XP box in a mission critical application.
So, I would like to disable (as in, cause not to be shown and/or
accessible) most functions on the computer, including START, Shutdown,
etc etc. The only thing I want them to be able to do is to use one
single application (OK maybe two) and restart the PC.
How to do this?
Thanks!
 
If you could be more specific then maybe someone could help as it certainly
can be done but there are so may ways and it depends on the end goal and
whether or not you are in an Active Directory domain or not in which case
Group Policy and Software Restriction Policies can help greatly. For any
environment using the principle of least privilege can be used that means
that users to not have any more rights or permissions to do than what is
needed to do their job. Such is managed by group membership, user right
assignments, and access control lists such as share and folder NTFS
permissions. For non domain computer the free Shared Computer Toolkit is
great in locking down non privileged users and more info is at the link
below. --- Steve

http://www.microsoft.com/windowsxp/sharedaccess/default.mspx --- Shared
Computer Tookit
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/luawinxp.mspx
--- applying principle of least privilege
 
See the link below to the Shared Computer Toolkit which comes with an
excellent users guide and has it's own dedicated newsgroup [sharedaccess].
Also make sure users are no more than regular users and then configure NTFS
permissions so that they can only execute authorized applications and keep
in mind that no permissions is an implicit deny. --- Steve

http://www.microsoft.com/windowsxp/sharedaccess/default.mspx
 
Back
Top