Sign in with
Sign up | Sign in
Your question

securing files in a public PC

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
January 21, 2005 5:54:29 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I'm installing a Win2k computer with a kiosk software in my restaurant and I
want to allow only printing. The kiosk handles IE pretty well security wise
but when opening Word docs from the browser I leave my Windows files wide
open for deletion. I also do not want to allow saving to the hard drive. I
looked into securing the computer using security permissions but got in way
over my head. I investigated software that 'hides' files and folders but
none panned out as effective because they mainly focus on hiding things like
the My Documents folder which to me is the least of my concerns. I know all
the registry hacks to hide desktop items, Control panel, etc...
Does anyone have a solution that is reasonably simple?

thanks

More about : securing files public

Anonymous
a b 8 Security
January 21, 2005 7:29:46 PM

Archived from groups: microsoft.public.win2000.security (More info?)

In Windows 2000 the guest account does not have a permanent profile and you
can give the guest account a password and configure the account so that the
password can not be changed other than by an administrator. The guest
account by default would not be able to delete or write any permanent files
on the computer as long as you double check that everyone/users have no more
than read/list/execute permissions for the root /drive folder and to the all
users/application data folder and subfolders. Of course enabling the guest
account will allow network access to shares on the computer that have
permissions for guests/guest/everyone user/groups. Group Policy [gpedit.msc]
does only hide a lot of things and ultimately you need to rely on
permissions. On a stand alone computer by default Group Policy settings will
apply to all users. Be sure to check out all the settings under user
configuration/administrative templates. --- Steve


"Jell" <jell@a.com> wrote in message news:F9_Hd.10410$Vx2.2007@trndny01...
> I'm installing a Win2k computer with a kiosk software in my restaurant and
> I want to allow only printing. The kiosk handles IE pretty well security
> wise but when opening Word docs from the browser I leave my Windows files
> wide open for deletion. I also do not want to allow saving to the hard
> drive. I looked into securing the computer using security permissions but
> got in way over my head. I investigated software that 'hides' files and
> folders but none panned out as effective because they mainly focus on
> hiding things like the My Documents folder which to me is the least of my
> concerns. I know all the registry hacks to hide desktop items, Control
> panel, etc...
> Does anyone have a solution that is reasonably simple?
>
> thanks
>
Anonymous
a b 8 Security
January 23, 2005 2:04:41 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Steven L Umbach wrote:
> In Windows 2000 the guest account does not have a permanent profile
> and you can give the guest account a password and configure the
> account so that the password can not be changed other than by an
> administrator. The guest account by default would not be able to
> delete or write any permanent files on the computer as long as you
> double check that everyone/users have no more than read/list/execute
> permissions for the root /drive folder and to the all
> users/application data folder and subfolders. Of course enabling the
> guest account will allow network access to shares on the computer
> that have permissions for guests/guest/everyone user/groups. Group
> Policy [gpedit.msc] does only hide a lot of things and ultimately you
> need to rely on permissions. On a stand alone computer by default
> Group Policy settings will apply to all users. Be sure to check out
> all the settings under user configuration/administrative templates.
> --- Steve

Just wondering - would a mandatory profile help?
Also, there's got to be plenty of "internet cafe" software that can help
with this stuff....
>
>
> "Jell" <jell@a.com> wrote in message
> news:F9_Hd.10410$Vx2.2007@trndny01...
>> I'm installing a Win2k computer with a kiosk software in my
>> restaurant and I want to allow only printing. The kiosk handles IE
>> pretty well security wise but when opening Word docs from the
>> browser I leave my Windows files wide open for deletion. I also do
>> not want to allow saving to the hard drive. I looked into securing
>> the computer using security permissions but got in way over my head.
>> I investigated software that 'hides' files and folders but none
>> panned out as effective because they mainly focus on hiding things
>> like the My Documents folder which to me is the least of my
>> concerns. I know all the registry hacks to hide desktop items,
>> Control panel, etc...
>> Does anyone have a solution that is reasonably simple?
>>
>> thanks
Related resources
Anonymous
a b 8 Security
January 24, 2005 3:26:24 PM

Archived from groups: microsoft.public.win2000.security (More info?)

As I read it, the OP has already selected an "internet cafe"
software and is finding shortcomings in it.

--
Roger
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:uA85xsWAFHA.2992@TK2MSFTNGP09.phx.gbl...
> Steven L Umbach wrote:
> > In Windows 2000 the guest account does not have a permanent profile
> > and you can give the guest account a password and configure the
> > account so that the password can not be changed other than by an
> > administrator. The guest account by default would not be able to
> > delete or write any permanent files on the computer as long as you
> > double check that everyone/users have no more than read/list/execute
> > permissions for the root /drive folder and to the all
> > users/application data folder and subfolders. Of course enabling the
> > guest account will allow network access to shares on the computer
> > that have permissions for guests/guest/everyone user/groups. Group
> > Policy [gpedit.msc] does only hide a lot of things and ultimately you
> > need to rely on permissions. On a stand alone computer by default
> > Group Policy settings will apply to all users. Be sure to check out
> > all the settings under user configuration/administrative templates.
> > --- Steve
>
> Just wondering - would a mandatory profile help?
> Also, there's got to be plenty of "internet cafe" software that can help
> with this stuff....
> >
> >
> > "Jell" <jell@a.com> wrote in message
> > news:F9_Hd.10410$Vx2.2007@trndny01...
> >> I'm installing a Win2k computer with a kiosk software in my
> >> restaurant and I want to allow only printing. The kiosk handles IE
> >> pretty well security wise but when opening Word docs from the
> >> browser I leave my Windows files wide open for deletion. I also do
> >> not want to allow saving to the hard drive. I looked into securing
> >> the computer using security permissions but got in way over my head.
> >> I investigated software that 'hides' files and folders but none
> >> panned out as effective because they mainly focus on hiding things
> >> like the My Documents folder which to me is the least of my
> >> concerns. I know all the registry hacks to hide desktop items,
> >> Control panel, etc...
> >> Does anyone have a solution that is reasonably simple?
> >>
> >> thanks
>
>
Anonymous
a b 8 Security
January 24, 2005 5:53:25 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Since I doubt this computer is a member of an AD domain I don't think
mandatory profile would be of much use though normally that is an excellent
option. --- Steve


"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:uA85xsWAFHA.2992@TK2MSFTNGP09.phx.gbl...
> Steven L Umbach wrote:
>> In Windows 2000 the guest account does not have a permanent profile
>> and you can give the guest account a password and configure the
>> account so that the password can not be changed other than by an
>> administrator. The guest account by default would not be able to
>> delete or write any permanent files on the computer as long as you
>> double check that everyone/users have no more than read/list/execute
>> permissions for the root /drive folder and to the all
>> users/application data folder and subfolders. Of course enabling the
>> guest account will allow network access to shares on the computer
>> that have permissions for guests/guest/everyone user/groups. Group
>> Policy [gpedit.msc] does only hide a lot of things and ultimately you
>> need to rely on permissions. On a stand alone computer by default
>> Group Policy settings will apply to all users. Be sure to check out
>> all the settings under user configuration/administrative templates.
>> --- Steve
>
> Just wondering - would a mandatory profile help?
> Also, there's got to be plenty of "internet cafe" software that can help
> with this stuff....
>>
>>
>> "Jell" <jell@a.com> wrote in message
>> news:F9_Hd.10410$Vx2.2007@trndny01...
>>> I'm installing a Win2k computer with a kiosk software in my
>>> restaurant and I want to allow only printing. The kiosk handles IE
>>> pretty well security wise but when opening Word docs from the
>>> browser I leave my Windows files wide open for deletion. I also do
>>> not want to allow saving to the hard drive. I looked into securing
>>> the computer using security permissions but got in way over my head.
>>> I investigated software that 'hides' files and folders but none
>>> panned out as effective because they mainly focus on hiding things
>>> like the My Documents folder which to me is the least of my
>>> concerns. I know all the registry hacks to hide desktop items,
>>> Control panel, etc...
>>> Does anyone have a solution that is reasonably simple?
>>>
>>> thanks
>
>
!