XP "Kiosk" settings with no AntiVirus

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have about 200 laptops that I need to deploy in a lab envirnoment. All the
computers need to do is access the web to access an online program
(Macromedia, Shockwave).

Stating the obvious we will have:
User accounts: One admin for the tech and one guest account for the students.
Updates: Via GPO workstations will receive approval from a WSUS server to
download via Microsoft.

Other than that are the hi-sec templates worth looking at? Can certain
Services can be turned off?
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

You might look at the Shared Computer Toolkit...

http://www.microsoft.com/windowsxp/sharedaccess/default.mspx

- --

Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.3 (Build 2932) - not licensed for commercial use:
www.pgp.com

iQIVAwUBQ8OY27PijxranxReAQhPvA/8DOT9/rop80nSNgRMSrppjL5Kz0Pg6w/S
aPsBIXIye9l6nEpc7A42TQFo7j7v8DBt+uXP28WwUO2bruRiOTx9QQA5VFJbVSZi
Vzmd2mfaPumhQU1BkfLQ8ww8QQGyFFmGLoZF1DKH7PGOBCKKuM2k3X7USpIbpmLz
AM0OH1f0LYdtVV7LCtdTO0JN/g/F+zEV/u9EtDB3aC93a+QC6q5ScIJscmVzuqIC
LeJobqqeVfNGYz6X+s/Z18iyIt1SJTjZiPi7+mo6oBTxG2FucxsFBqpX5ov8fOx/
awTjQE8q0eZul7F//P59ihLKVTjrwamcomcIrl5O8uZaHFiVGBWsnemWkmuJ408Q
SHUoCz/vtkrFOHiiJr2tp4bsh01wx18/NhSuRuET+XH+q3sVMKFInsF2HDhAJfbT
ppxG66sQIvxgf2uF/rPyN+IdQaeg8ppbZgBBxxr5aJI19dUu6d4icZhbfzLzflZ1
zTChZAJydpgQRg5clknXQHJz8rwpIurXn8YyK4/oZ32JnJ7n7ZkQBphTUtP66rzK
IN3KxwB9+q1fRX0Ud18KeI7LR0qcLq5J87YVBQlBIpJvJNxs5jXZjinPrn8RHcbF
5gBzXzYpKTOpXaAmS4buTfFWwfqqXbXhwFsNP6Q0RSMgOldTunWfjpLPPZ4Dr8p/
LSdkraPJPJk=
=dBL2
-----END PGP SIGNATURE-----
 
Other way of approaching this is to disable loading of the desktop
altogether, and have the browser open at startup instead of Explorer. This
should of course be combined with filesystem controls, etc. for best
security.

Also, most definitely use a secure browser, not Internet Explorer.

http://mylogon.net might be of some help.
 
I would look at using Software Restriction Policies with a default security
setting of disallowed and then define the allowed exceptions starting with a
test computer. SRP are very powerful and a lot of users get tripped up
configuring them because shortcuts are also restricted by SRP by default and
allowances need to be made for authorized shortcuts. The link below explains
more on SRP and local administrators by default are exempt from SRP.

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx

Yes there are a lot of services that can be turned off starting with the
server service if you do not need to manage those computers remotely via
Computer Management or you can tweak the user right for access this computer
from the network to allow only administrators to access shares on the
computer and configure the Windows Firewall to only allow remote
administration/share access from the IP addresses of admin workstations. The
free Windows XP Security Guide would be an excellent read to find out what
services would be needed or not and how to configure other security
settings. I can't recommend a particular security template without knowing a
lot more but you can create your own based off of information in the
security guide. --- Steve

http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/default.mspx
-- XP Security Guide
http://www.microsoft.com/technet/security/topics/serversecurity/tcg/tcgch00.mspx
--- Threats and Countermeasures Guide
 
Back
Top