Announcement

Collapse
No announcement yet.

internet pc only

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • internet pc only

    Hello

    I need to install 3 PCs that will be connect to the internet and messenger only, how can I remove every thing from that computer that no one could do anything to that computer not change settings or delete files from the computer {there will be no server in the place so I cant use the GPO option} how can I do it without the gpo?

    Thx for Ur help.

  • #2
    You can use GPEDIT.MSC to set many local policy options. However beware, anything you do there also effects the local administrator, don't lock yourself out!
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      ok , so how can i Avoid it from lock the admin , and all the users lock?

      Comment


      • #4
        Well, that's a good question. There is a way to do it, but unless you're knowing exactly what you're doing you can ruin your computer. No offence, but I'm not sure that this is the case with you...

        Cheers,

        Daniel Petri
        Microsoft Most Valuable Professional - Active Directory Directory Services
        MCSA/E, MCTS, MCITP, MCT

        Comment


        • #5
          THX for the support...

          Comment


          • #6
            Well then, if that's what you want, be my guest. You CAN avoid being locked out by your own local GPO by editing the "C:\WINDOWS\system32\GroupPolicy" folder and setting the NTFS permissions in such a way that the local administrator will have READ ACCESS DENIED on that folder.
            Cheers,

            Daniel Petri
            Microsoft Most Valuable Professional - Active Directory Directory Services
            MCSA/E, MCTS, MCITP, MCT

            Comment


            • #7
              I've seen alot of computers set up with blank "Administrator" passwords. Make sure the account has a password.

              Just a heads up....
              ________
              SexualControl
              Last edited by syncme; 23rd April 2011, 06:55.

              Comment


              • #8
                Originally posted by danielp
                Well then, if that's what you want, be my guest. You CAN avoid being locked out by your own local GPO by editing the "C:\WINDOWS\system32\GroupPolicy" folder and setting the NTFS permissions in such a way that the local administrator will have READ ACCESS DENIED on that folder.
                Just a quick point on this, you will need to change the permissions back to change them. Then change them back to stop the admin being affected again.

                Server 2000 MCP
                Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

                ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                Comment


                • #9
                  o.k. I removed the read permission from the administrators and then try to change some settings in the GPO, I was still effected buy it, but when I did deny from the read permission and then press on apply these permissions to objects and container, I cant open the gpedit at all, I get an access is denied, what I need to do to correct the problem, or maybe there is a 3rd party tool?

                  Comment


                  • #10
                    Originally posted by avipenina
                    o.k. I removed the read permission from the administrators and then try to change some settings in the GPO, I was still effected buy it, but when I did deny from the read permission and then press on apply these permissions to objects and container, I cant open the gpedit at all, I get an access is denied, what I need to do to correct the problem, or maybe there is a 3rd party tool?
                    You may want to set the permission after you're done with the editing the policy.
                    ________
                    FRIEND ADVICE DICUSSION
                    Last edited by syncme; 23rd April 2011, 06:55.

                    Comment


                    • #11
                      i cant do it , when i take off the read permissions i cant enter the GPO edit
                      i get an access in denied , i talk to Microsoft in Israel and they cant help me with that , they sent me to gitronics i spoke with them to and they say that its impassable to separate the administrator form the GPO when u change the USER CONFIGURATION in the GPO , i need help to solve that problem PLZ , maybe there is a tool that do that , not by Microsoft ?


                      help help help

                      Comment


                      • #12
                        well,

                        i can't follow it anymore, but if you're looking for a third party solution, then look at res PowerFuse.
                        http://www.respowerfuse.com/
                        its a desktop replacer, setting up great policies, per user/group/ou based.

                        but, i can't understand anymore where it goes wrong with the solutions they offers you...
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment


                        • #13
                          When i take off the read permissions and set it to denied from the group policy directory under the administrator user , the computer doesn't let me in to the gpedit anymore i get an access is denied
                          , what i do wrong?

                          Comment


                          • #14
                            nothing..
                            that's great... still don't know what's wrong then

                            if you want to edit the policy, you should set the permissions to allowed..
                            if the administrator (the policy editor) can't read it, he can't change it right? so if you want to edit the policy, set allow permissions for the adminstrator, and when you're finished, remove those permissions.

                            but, are you sure you want to do this?
                            Marcel
                            Technical Consultant
                            Netherlands
                            http://www.phetios.com
                            http://blog.nessus.nl

                            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                            "No matter how secure, there is always the human factor."

                            "Enjoy life today, tomorrow may never come."
                            "If you're going through hell, keep going. ~Winston Churchill"

                            Comment

                            Working...
                            X