This is almost like an IE kiosk mode thing. If you are willing to spend the time the NSA guidelines or the Microsoft group policy guides to lockdown a PC you can achieve a reasonable degree of lockdown. Have a look at the Software Restriction Policies.
If you can use 3rd party software, CISCO do some great software to lock down PC's in a network environment - that's a full blown enterprise solution, big $$$£££. Maybe look at Appsense - big in the SBC space. Part of that provides a list of authorised applications that I can be centrally controlled, a bit like Software Restriction Policies on steroids. This approach imho would be the most secure and the easiest to administer (on top of some basic MS templated GPO/NTFS/registry lockdowns)
Kind regards
Drew
-----Original Message-----
From: Mike Thaxton [mailto:mthaxton (at) britecomputers (dot) com [email concealed]]
Sent: 07 April 2005 21:18
To: Dominique Davis; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: I need some information on locking down pc's
Let me add a little more to this - these are xpsp2 boxes for a medical purpose they do not want anyone to be able to access anything but one webpage. Using fingerprint id to be able to access the pc, there is also a webcam, microphone, speakers, printer on these machines.
The webpage that loads needs to have java and windows media player access for the internet connectivitivty.
I hope that maybe this will help with what I want to do
Michael Thaxton
Brite Computers Helpdesk Support
585-758-0200 x183
585-758-0222 fax
mthaxton (at) britecomputers (dot) com [email concealed]
www.britecomputers.com
-----Original Message-----
From: Dominique Davis [mailto:DDavis (at) pivx (dot) com [email concealed]]
Sent: Thursday, April 07, 2005 4:12 PM
To: Mike Thaxton; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: I need some information on locking down pc's
http://www.pivx.com
Qwik fix
-----Original Message-----
From: Mike Thaxton [mailto:mthaxton (at) britecomputers (dot) com [email concealed]]
Sent: Thursday, April 07, 2005 12:21 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: I need some information on locking down pc's
I have the need to lockdown a pc so tight that the only thing they can do is access a website, have access to media player and java runtime environment. Can anybody recommend anything or a way to do this on a machine.
This is almost like an IE kiosk mode thing. If you are willing to spend the time the NSA guidelines or the Microsoft group policy guides to lockdown a PC you can achieve a reasonable degree of lockdown. Have a look at the Software Restriction Policies.
If you can use 3rd party software, CISCO do some great software to lock down PC's in a network environment - that's a full blown enterprise solution, big $$$£££. Maybe look at Appsense - big in the SBC space. Part of that provides a list of authorised applications that I can be centrally controlled, a bit like Software Restriction Policies on steroids. This approach imho would be the most secure and the easiest to administer (on top of some basic MS templated GPO/NTFS/registry lockdowns)
Kind regards
Drew
-----Original Message-----
From: Mike Thaxton [mailto:mthaxton (at) britecomputers (dot) com [email concealed]]
Sent: 07 April 2005 21:18
To: Dominique Davis; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: I need some information on locking down pc's
Let me add a little more to this - these are xpsp2 boxes for a medical purpose they do not want anyone to be able to access anything but one webpage. Using fingerprint id to be able to access the pc, there is also a webcam, microphone, speakers, printer on these machines.
The webpage that loads needs to have java and windows media player access for the internet connectivitivty.
I hope that maybe this will help with what I want to do
Michael Thaxton
Brite Computers Helpdesk Support
585-758-0200 x183
585-758-0222 fax
mthaxton (at) britecomputers (dot) com [email concealed]
www.britecomputers.com
-----Original Message-----
From: Dominique Davis [mailto:DDavis (at) pivx (dot) com [email concealed]]
Sent: Thursday, April 07, 2005 4:12 PM
To: Mike Thaxton; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: RE: I need some information on locking down pc's
http://www.pivx.com
Qwik fix
-----Original Message-----
From: Mike Thaxton [mailto:mthaxton (at) britecomputers (dot) com [email concealed]]
Sent: Thursday, April 07, 2005 12:21 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: I need some information on locking down pc's
I have the need to lockdown a pc so tight that the only thing they can do is access a website, have access to media player and java runtime environment. Can anybody recommend anything or a way to do this on a machine.
Thank You
Michael Thaxton
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]