Announcement

Collapse
No announcement yet.

User Lockdown Policy

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • User Lockdown Policy

    Hi guys,

    I am hoping someone will be able to give me some advice.

    In the past our organisation has had no lockdown policy for user desktops. In fact, there have been very few policies at all that restrict users when working on a PC. This has meant that users have been able to:

    Install programs
    Download Spyware
    Customise windows settings
    Save files to their desktop (instead of the mapped user folder)
    AND MOST ANNOYING OF ALL Put picture of Brad Pitt and David Beckham on their desktop. All jokes aside, this has lead to incredibly so profile loads.



    Ive managed to restrict them messing about with windows settings and play with about with internet explorer all through Group Policy.

    I was wondering how to prevent users from installing programs (including spyware). I would also like to know how to prevent users from saving files to their desktops. Currently many of the users have several documents saved on the desktop and these will need to be moved to their users folder.

    Any help would be great

    Thanks
    Andy

    Oh, were on a 2000 domain and all the PCs are on XP pro. Users have a roamin profile.

  • #2
    Re: User Lockdown Policy

    First of all, only users with Power User or Admin status of the local machine will be able to install programs. So check to see what type of user your users are. Additionally, if you are trying for a GPO here are some settings you can modify to limit user abilities:

    1) Computer Configuration\Windows Settings\Administrative Templates\Windows Components\Windows Installer\"Prohibit User Installs" set to Enabled and User install behavior set to "Prohibit User Installs"

    2) User Configuration\Windows Settings\Administrative Templates\Desktop\Active Desktop\
    a) "Enable Active Desktop" set to Disabled
    b) "prohibit adding items" set to Enabled
    c) "prohibit changes" set to Enabled
    d) "prohibit editing items" set to Enabled

    Another way to do that would be to use folder redirection to point users to a network share for their desktop and then set security on the share to read & execute only. This way they would always get the same icons and only administrators would be able to change the icons. It would also prohibit any documents being placed on the desktop... thus forcing them to use their user specified folder.

    Hope that helps...

    Tim Fort
    IT Administrator
    EMJ Corporation

    Comment


    • #3
      Re: User Lockdown Policy

      Also you can use:

      User Configuration\Administrative Templates\Control Panel\Display\

      1) Set "Hide Desktop Tab" to Enabled (prevents from even viewing options)
      2) Set "Prevent Changing Wallpaper" to Enabled

      Hope that also helps....

      Tim Fort
      IT Administrator
      EMJ Corporation

      Comment


      • #4
        Re: User Lockdown Policy

        Thanks for the Help. Think i've got it sorted using the policies you gave me.

        Cheers

        Andy

        Comment


        • #5
          How can I find something inside this Board by synonym words ?

          I Can't figure out that How can I find something inside this Board by synonym words instead of exact words.
          I searched for synonym words in http://www.google.com and
          http://www.boardexplorer.com and I found this Board.
          However inside the site I could not find any smart search. you should know exact words to find similar topics
          any recommendation?

          Comment


          • #6
            Re: User Lockdown Policy

            Hi,

            This does work to a point but it still is not bullet proof. There are several ways around it as we have recently found out the hard way. Can you suggest any other ways to tie down the desktop wallpaper?


            Dale


            Originally posted by emjtech
            Also you can use:

            User Configuration\Administrative Templates\Control Panel\Display\

            1) Set "Hide Desktop Tab" to Enabled (prevents from even viewing options)
            2) Set "Prevent Changing Wallpaper" to Enabled

            Hope that also helps....

            Tim Fort
            IT Administrator
            EMJ Corporation

            Comment

            Working...
            X