Archived from groups: microsoft.public.win2000.group_policy (
More info?)
Ok, quick google search turned up this:
http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Miscellaneous/LockdownbygroupusingLocalComputerPolicywithoutActiveDirectory.html
Shows the details needed to lock down a Windows 2000 system using local
policy and changing the needed permissions to lock out specific user
accounts and allow full access to others.
This should cover everything you're looking for.
--
--
Mike Shepperd
MCSE NT4, 2000, 2003
NewFuture Consulting
Seattle, Washington
"Mike Shepperd" <mikesmobile_|_gmail> wrote in message
news:SrudndjdcP8wKFPfRVn-ig@comcast.com...
> Many of the Group Policy settings are available for the local policy on
> Windows 2000 Professional. The information is geared towards the
> enterprise, but can be very helpful in showing the changes that need to be
> made on a standalone machine.
>
> The suggestion I had given previously was incomplete regarding the
> alternate shell but the Microsoft docs showed the proper syntax of
> "iexplore.exe -k" which you should be able to set manually in the
> registry, or maybe through local policy.
>
> Unfortunately, I don't have a 2000 machine to play with here, so I can't
> put it together for you, but using the info on that page might get you the
> results you're looking for.
>
> Good luck,
>
> --
> --
> Mike Shepperd
> MCSE NT4, 2000, 2003
> NewFuture Consulting
> Seattle, Washington
>
>
> <nospam@nospam.com> wrote in message
> news:dalvob$f5v$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
>>> try this link
>>>
>>>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/csws2003.mspx
>>
>> Thanks for the info - as its a Windows 2000 Pro machine with no domains,
>> etc, the link above really isn't suitable for a single two user account
>> pc - its all aimed at enterprise wide scenarios. Plus when I installed
>> the gpmc it told me to log in using a domain admin account, which
>> obviously I don't have...
>>
>> But thanks for the suggestions - a kiosk user with the ability to log off
>> and connect to internet to run ie is all I need, so I'll keep fishing
>> about.
>>
>
>