securing files in a public PC
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
I'm installing a Win2k computer with a kiosk software in my restaurant and I
want to allow only printing. The kiosk handles IE pretty well security wise
but when opening Word docs from the browser I leave my Windows files wide
open for deletion. I also do not want to allow saving to the hard drive. I
looked into securing the computer using security permissions but got in way
over my head. I investigated software that 'hides' files and folders but
none panned out as effective because they mainly focus on hiding things like
the My Documents folder which to me is the least of my concerns. I know all
the registry hacks to hide desktop items, Control panel, etc...
Does anyone have a solution that is reasonably simple?
thanks
I'm installing a Win2k computer with a kiosk software in my restaurant and I
want to allow only printing. The kiosk handles IE pretty well security wise
but when opening Word docs from the browser I leave my Windows files wide
open for deletion. I also do not want to allow saving to the hard drive. I
looked into securing the computer using security permissions but got in way
over my head. I investigated software that 'hides' files and folders but
none panned out as effective because they mainly focus on hiding things like
the My Documents folder which to me is the least of my concerns. I know all
the registry hacks to hide desktop items, Control panel, etc...
Does anyone have a solution that is reasonably simple?
thanks
More about : securing files public
Archived from groups: microsoft.public.win2000.security (More info?)
In Windows 2000 the guest account does not have a permanent profile and you
can give the guest account a password and configure the account so that the
password can not be changed other than by an administrator. The guest
account by default would not be able to delete or write any permanent files
on the computer as long as you double check that everyone/users have no more
than read/list/execute permissions for the root /drive folder and to the all
users/application data folder and subfolders. Of course enabling the guest
account will allow network access to shares on the computer that have
permissions for guests/guest/everyone user/groups. Group Policy [gpedit.msc]
does only hide a lot of things and ultimately you need to rely on
permissions. On a stand alone computer by default Group Policy settings will
apply to all users. Be sure to check out all the settings under user
configuration/administrative templates. --- Steve
"Jell" <jell@a.com> wrote in message news:F9_Hd.10410$Vx2.2007@trndny01...
> I'm installing a Win2k computer with a kiosk software in my restaurant and
> I want to allow only printing. The kiosk handles IE pretty well security
> wise but when opening Word docs from the browser I leave my Windows files
> wide open for deletion. I also do not want to allow saving to the hard
> drive. I looked into securing the computer using security permissions but
> got in way over my head. I investigated software that 'hides' files and
> folders but none panned out as effective because they mainly focus on
> hiding things like the My Documents folder which to me is the least of my
> concerns. I know all the registry hacks to hide desktop items, Control
> panel, etc...
> Does anyone have a solution that is reasonably simple?
>
> thanks
>
In Windows 2000 the guest account does not have a permanent profile and you
can give the guest account a password and configure the account so that the
password can not be changed other than by an administrator. The guest
account by default would not be able to delete or write any permanent files
on the computer as long as you double check that everyone/users have no more
than read/list/execute permissions for the root /drive folder and to the all
users/application data folder and subfolders. Of course enabling the guest
account will allow network access to shares on the computer that have
permissions for guests/guest/everyone user/groups. Group Policy [gpedit.msc]
does only hide a lot of things and ultimately you need to rely on
permissions. On a stand alone computer by default Group Policy settings will
apply to all users. Be sure to check out all the settings under user
configuration/administrative templates. --- Steve
"Jell" <jell@a.com> wrote in message news:F9_Hd.10410$Vx2.2007@trndny01...
> I'm installing a Win2k computer with a kiosk software in my restaurant and
> I want to allow only printing. The kiosk handles IE pretty well security
> wise but when opening Word docs from the browser I leave my Windows files
> wide open for deletion. I also do not want to allow saving to the hard
> drive. I looked into securing the computer using security permissions but
> got in way over my head. I investigated software that 'hides' files and
> folders but none panned out as effective because they mainly focus on
> hiding things like the My Documents folder which to me is the least of my
> concerns. I know all the registry hacks to hide desktop items, Control
> panel, etc...
> Does anyone have a solution that is reasonably simple?
>
> thanks
>
Archived from groups: microsoft.public.win2000.security (More info?)
Steven L Umbach wrote:
> In Windows 2000 the guest account does not have a permanent profile
> and you can give the guest account a password and configure the
> account so that the password can not be changed other than by an
> administrator. The guest account by default would not be able to
> delete or write any permanent files on the computer as long as you
> double check that everyone/users have no more than read/list/execute
> permissions for the root /drive folder and to the all
> users/application data folder and subfolders. Of course enabling the
> guest account will allow network access to shares on the computer
> that have permissions for guests/guest/everyone user/groups. Group
> Policy [gpedit.msc] does only hide a lot of things and ultimately you
> need to rely on permissions. On a stand alone computer by default
> Group Policy settings will apply to all users. Be sure to check out
> all the settings under user configuration/administrative templates.
> --- Steve
Just wondering - would a mandatory profile help?
Also, there's got to be plenty of "internet cafe" software that can help
with this stuff....
>
>
> "Jell" <jell@a.com> wrote in message
> news:F9_Hd.10410$Vx2.2007@trndny01...
>> I'm installing a Win2k computer with a kiosk software in my
>> restaurant and I want to allow only printing. The kiosk handles IE
>> pretty well security wise but when opening Word docs from the
>> browser I leave my Windows files wide open for deletion. I also do
>> not want to allow saving to the hard drive. I looked into securing
>> the computer using security permissions but got in way over my head.
>> I investigated software that 'hides' files and folders but none
>> panned out as effective because they mainly focus on hiding things
>> like the My Documents folder which to me is the least of my
>> concerns. I know all the registry hacks to hide desktop items,
>> Control panel, etc...
>> Does anyone have a solution that is reasonably simple?
>>
>> thanks
Steven L Umbach wrote:
> In Windows 2000 the guest account does not have a permanent profile
> and you can give the guest account a password and configure the
> account so that the password can not be changed other than by an
> administrator. The guest account by default would not be able to
> delete or write any permanent files on the computer as long as you
> double check that everyone/users have no more than read/list/execute
> permissions for the root /drive folder and to the all
> users/application data folder and subfolders. Of course enabling the
> guest account will allow network access to shares on the computer
> that have permissions for guests/guest/everyone user/groups. Group
> Policy [gpedit.msc] does only hide a lot of things and ultimately you
> need to rely on permissions. On a stand alone computer by default
> Group Policy settings will apply to all users. Be sure to check out
> all the settings under user configuration/administrative templates.
> --- Steve
Just wondering - would a mandatory profile help?
Also, there's got to be plenty of "internet cafe" software that can help
with this stuff....
>
>
> "Jell" <jell@a.com> wrote in message
> news:F9_Hd.10410$Vx2.2007@trndny01...
>> I'm installing a Win2k computer with a kiosk software in my
>> restaurant and I want to allow only printing. The kiosk handles IE
>> pretty well security wise but when opening Word docs from the
>> browser I leave my Windows files wide open for deletion. I also do
>> not want to allow saving to the hard drive. I looked into securing
>> the computer using security permissions but got in way over my head.
>> I investigated software that 'hides' files and folders but none
>> panned out as effective because they mainly focus on hiding things
>> like the My Documents folder which to me is the least of my
>> concerns. I know all the registry hacks to hide desktop items,
>> Control panel, etc...
>> Does anyone have a solution that is reasonably simple?
>>
>> thanks
Archived from groups: microsoft.public.win2000.security (More info?)
As I read it, the OP has already selected an "internet cafe"
software and is finding shortcomings in it.
--
Roger
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:uA85xsWAFHA.2992@TK2MSFTNGP09.phx.gbl...
> Steven L Umbach wrote:
> > In Windows 2000 the guest account does not have a permanent profile
> > and you can give the guest account a password and configure the
> > account so that the password can not be changed other than by an
> > administrator. The guest account by default would not be able to
> > delete or write any permanent files on the computer as long as you
> > double check that everyone/users have no more than read/list/execute
> > permissions for the root /drive folder and to the all
> > users/application data folder and subfolders. Of course enabling the
> > guest account will allow network access to shares on the computer
> > that have permissions for guests/guest/everyone user/groups. Group
> > Policy [gpedit.msc] does only hide a lot of things and ultimately you
> > need to rely on permissions. On a stand alone computer by default
> > Group Policy settings will apply to all users. Be sure to check out
> > all the settings under user configuration/administrative templates.
> > --- Steve
>
> Just wondering - would a mandatory profile help?
> Also, there's got to be plenty of "internet cafe" software that can help
> with this stuff....
> >
> >
> > "Jell" <jell@a.com> wrote in message
> > news:F9_Hd.10410$Vx2.2007@trndny01...
> >> I'm installing a Win2k computer with a kiosk software in my
> >> restaurant and I want to allow only printing. The kiosk handles IE
> >> pretty well security wise but when opening Word docs from the
> >> browser I leave my Windows files wide open for deletion. I also do
> >> not want to allow saving to the hard drive. I looked into securing
> >> the computer using security permissions but got in way over my head.
> >> I investigated software that 'hides' files and folders but none
> >> panned out as effective because they mainly focus on hiding things
> >> like the My Documents folder which to me is the least of my
> >> concerns. I know all the registry hacks to hide desktop items,
> >> Control panel, etc...
> >> Does anyone have a solution that is reasonably simple?
> >>
> >> thanks
>
>
As I read it, the OP has already selected an "internet cafe"
software and is finding shortcomings in it.
--
Roger
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:uA85xsWAFHA.2992@TK2MSFTNGP09.phx.gbl...
> Steven L Umbach wrote:
> > In Windows 2000 the guest account does not have a permanent profile
> > and you can give the guest account a password and configure the
> > account so that the password can not be changed other than by an
> > administrator. The guest account by default would not be able to
> > delete or write any permanent files on the computer as long as you
> > double check that everyone/users have no more than read/list/execute
> > permissions for the root /drive folder and to the all
> > users/application data folder and subfolders. Of course enabling the
> > guest account will allow network access to shares on the computer
> > that have permissions for guests/guest/everyone user/groups. Group
> > Policy [gpedit.msc] does only hide a lot of things and ultimately you
> > need to rely on permissions. On a stand alone computer by default
> > Group Policy settings will apply to all users. Be sure to check out
> > all the settings under user configuration/administrative templates.
> > --- Steve
>
> Just wondering - would a mandatory profile help?
> Also, there's got to be plenty of "internet cafe" software that can help
> with this stuff....
> >
> >
> > "Jell" <jell@a.com> wrote in message
> > news:F9_Hd.10410$Vx2.2007@trndny01...
> >> I'm installing a Win2k computer with a kiosk software in my
> >> restaurant and I want to allow only printing. The kiosk handles IE
> >> pretty well security wise but when opening Word docs from the
> >> browser I leave my Windows files wide open for deletion. I also do
> >> not want to allow saving to the hard drive. I looked into securing
> >> the computer using security permissions but got in way over my head.
> >> I investigated software that 'hides' files and folders but none
> >> panned out as effective because they mainly focus on hiding things
> >> like the My Documents folder which to me is the least of my
> >> concerns. I know all the registry hacks to hide desktop items,
> >> Control panel, etc...
> >> Does anyone have a solution that is reasonably simple?
> >>
> >> thanks
>
>
Archived from groups: microsoft.public.win2000.security (More info?)
Since I doubt this computer is a member of an AD domain I don't think
mandatory profile would be of much use though normally that is an excellent
option. --- Steve
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:uA85xsWAFHA.2992@TK2MSFTNGP09.phx.gbl...
> Steven L Umbach wrote:
>> In Windows 2000 the guest account does not have a permanent profile
>> and you can give the guest account a password and configure the
>> account so that the password can not be changed other than by an
>> administrator. The guest account by default would not be able to
>> delete or write any permanent files on the computer as long as you
>> double check that everyone/users have no more than read/list/execute
>> permissions for the root /drive folder and to the all
>> users/application data folder and subfolders. Of course enabling the
>> guest account will allow network access to shares on the computer
>> that have permissions for guests/guest/everyone user/groups. Group
>> Policy [gpedit.msc] does only hide a lot of things and ultimately you
>> need to rely on permissions. On a stand alone computer by default
>> Group Policy settings will apply to all users. Be sure to check out
>> all the settings under user configuration/administrative templates.
>> --- Steve
>
> Just wondering - would a mandatory profile help?
> Also, there's got to be plenty of "internet cafe" software that can help
> with this stuff....
>>
>>
>> "Jell" <jell@a.com> wrote in message
>> news:F9_Hd.10410$Vx2.2007@trndny01...
>>> I'm installing a Win2k computer with a kiosk software in my
>>> restaurant and I want to allow only printing. The kiosk handles IE
>>> pretty well security wise but when opening Word docs from the
>>> browser I leave my Windows files wide open for deletion. I also do
>>> not want to allow saving to the hard drive. I looked into securing
>>> the computer using security permissions but got in way over my head.
>>> I investigated software that 'hides' files and folders but none
>>> panned out as effective because they mainly focus on hiding things
>>> like the My Documents folder which to me is the least of my
>>> concerns. I know all the registry hacks to hide desktop items,
>>> Control panel, etc...
>>> Does anyone have a solution that is reasonably simple?
>>>
>>> thanks
>
>
Since I doubt this computer is a member of an AD domain I don't think
mandatory profile would be of much use though normally that is an excellent
option. --- Steve
"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:uA85xsWAFHA.2992@TK2MSFTNGP09.phx.gbl...
> Steven L Umbach wrote:
>> In Windows 2000 the guest account does not have a permanent profile
>> and you can give the guest account a password and configure the
>> account so that the password can not be changed other than by an
>> administrator. The guest account by default would not be able to
>> delete or write any permanent files on the computer as long as you
>> double check that everyone/users have no more than read/list/execute
>> permissions for the root /drive folder and to the all
>> users/application data folder and subfolders. Of course enabling the
>> guest account will allow network access to shares on the computer
>> that have permissions for guests/guest/everyone user/groups. Group
>> Policy [gpedit.msc] does only hide a lot of things and ultimately you
>> need to rely on permissions. On a stand alone computer by default
>> Group Policy settings will apply to all users. Be sure to check out
>> all the settings under user configuration/administrative templates.
>> --- Steve
>
> Just wondering - would a mandatory profile help?
> Also, there's got to be plenty of "internet cafe" software that can help
> with this stuff....
>>
>>
>> "Jell" <jell@a.com> wrote in message
>> news:F9_Hd.10410$Vx2.2007@trndny01...
>>> I'm installing a Win2k computer with a kiosk software in my
>>> restaurant and I want to allow only printing. The kiosk handles IE
>>> pretty well security wise but when opening Word docs from the
>>> browser I leave my Windows files wide open for deletion. I also do
>>> not want to allow saving to the hard drive. I looked into securing
>>> the computer using security permissions but got in way over my head.
>>> I investigated software that 'hides' files and folders but none
>>> panned out as effective because they mainly focus on hiding things
>>> like the My Documents folder which to me is the least of my
>>> concerns. I know all the registry hacks to hide desktop items,
>>> Control panel, etc...
>>> Does anyone have a solution that is reasonably simple?
>>>
>>> thanks
>
>
Related ressources:
- Forumsecuring files in a public PC
- ForumPublic Access WIFI Security
- Forumsecuring laptop for public WiFi spots
- ForumHow to set up a free public wireless network
- ForumSecuring / Locking down _Outlook 2000_ using GPO...
- ForumIs sensitive info secure in public places?
- ForumPublic FTP access to my computer
- ForumPublic ? Your Beta is Arriving
- ForumFrom 1 to 5 public IPs, what do I do now?
- ForumPublic keys encryption [ urgent ]
- ForumNAT is not a mechanism for securing a network.. but.. HELP!
- ForumPublic non MSI applications. ZAP files
- ForumFile security - public access points
- ForumFinding the right public IP
- ForumWindows Vista NO DirectX 10 in first public release......
- ForumParallel and com ports not appearing in device manager
- ForumCannot install activeX under Downloaded Program Files
- ForumSecuring Remote Registry Service
- ForumBackup the event viewer files via command line?
- Forumstopping .bat and .reg files running?
- More resources
!
