securing files in a public PC

Archived from groups: microsoft.public.win2000.security (More info?)

I'm installing a Win2k computer with a kiosk software in my restaurant and I
want to allow only printing. The kiosk handles IE pretty well security wise
but when opening Word docs from the browser I leave my Windows files wide
open for deletion. I also do not want to allow saving to the hard drive. I
looked into securing the computer using security permissions but got in way
over my head. I investigated software that 'hides' files and folders but
none panned out as effective because they mainly focus on hiding things like
the My Documents folder which to me is the least of my concerns. I know all
the registry hacks to hide desktop items, Control panel, etc...
Does anyone have a solution that is reasonably simple?

thanks
4 answers Last reply
More about securing files public
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    In Windows 2000 the guest account does not have a permanent profile and you
    can give the guest account a password and configure the account so that the
    password can not be changed other than by an administrator. The guest
    account by default would not be able to delete or write any permanent files
    on the computer as long as you double check that everyone/users have no more
    than read/list/execute permissions for the root /drive folder and to the all
    users/application data folder and subfolders. Of course enabling the guest
    account will allow network access to shares on the computer that have
    permissions for guests/guest/everyone user/groups. Group Policy [gpedit.msc]
    does only hide a lot of things and ultimately you need to rely on
    permissions. On a stand alone computer by default Group Policy settings will
    apply to all users. Be sure to check out all the settings under user
    configuration/administrative templates. --- Steve


    "Jell" <jell@a.com> wrote in message news:F9_Hd.10410$Vx2.2007@trndny01...
    > I'm installing a Win2k computer with a kiosk software in my restaurant and
    > I want to allow only printing. The kiosk handles IE pretty well security
    > wise but when opening Word docs from the browser I leave my Windows files
    > wide open for deletion. I also do not want to allow saving to the hard
    > drive. I looked into securing the computer using security permissions but
    > got in way over my head. I investigated software that 'hides' files and
    > folders but none panned out as effective because they mainly focus on
    > hiding things like the My Documents folder which to me is the least of my
    > concerns. I know all the registry hacks to hide desktop items, Control
    > panel, etc...
    > Does anyone have a solution that is reasonably simple?
    >
    > thanks
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Steven L Umbach wrote:
    > In Windows 2000 the guest account does not have a permanent profile
    > and you can give the guest account a password and configure the
    > account so that the password can not be changed other than by an
    > administrator. The guest account by default would not be able to
    > delete or write any permanent files on the computer as long as you
    > double check that everyone/users have no more than read/list/execute
    > permissions for the root /drive folder and to the all
    > users/application data folder and subfolders. Of course enabling the
    > guest account will allow network access to shares on the computer
    > that have permissions for guests/guest/everyone user/groups. Group
    > Policy [gpedit.msc] does only hide a lot of things and ultimately you
    > need to rely on permissions. On a stand alone computer by default
    > Group Policy settings will apply to all users. Be sure to check out
    > all the settings under user configuration/administrative templates.
    > --- Steve

    Just wondering - would a mandatory profile help?
    Also, there's got to be plenty of "internet cafe" software that can help
    with this stuff....
    >
    >
    > "Jell" <jell@a.com> wrote in message
    > news:F9_Hd.10410$Vx2.2007@trndny01...
    >> I'm installing a Win2k computer with a kiosk software in my
    >> restaurant and I want to allow only printing. The kiosk handles IE
    >> pretty well security wise but when opening Word docs from the
    >> browser I leave my Windows files wide open for deletion. I also do
    >> not want to allow saving to the hard drive. I looked into securing
    >> the computer using security permissions but got in way over my head.
    >> I investigated software that 'hides' files and folders but none
    >> panned out as effective because they mainly focus on hiding things
    >> like the My Documents folder which to me is the least of my
    >> concerns. I know all the registry hacks to hide desktop items,
    >> Control panel, etc...
    >> Does anyone have a solution that is reasonably simple?
    >>
    >> thanks
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    As I read it, the OP has already selected an "internet cafe"
    software and is finding shortcomings in it.

    --
    Roger
    "Lanwench [MVP - Exchange]"
    <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
    news:uA85xsWAFHA.2992@TK2MSFTNGP09.phx.gbl...
    > Steven L Umbach wrote:
    > > In Windows 2000 the guest account does not have a permanent profile
    > > and you can give the guest account a password and configure the
    > > account so that the password can not be changed other than by an
    > > administrator. The guest account by default would not be able to
    > > delete or write any permanent files on the computer as long as you
    > > double check that everyone/users have no more than read/list/execute
    > > permissions for the root /drive folder and to the all
    > > users/application data folder and subfolders. Of course enabling the
    > > guest account will allow network access to shares on the computer
    > > that have permissions for guests/guest/everyone user/groups. Group
    > > Policy [gpedit.msc] does only hide a lot of things and ultimately you
    > > need to rely on permissions. On a stand alone computer by default
    > > Group Policy settings will apply to all users. Be sure to check out
    > > all the settings under user configuration/administrative templates.
    > > --- Steve
    >
    > Just wondering - would a mandatory profile help?
    > Also, there's got to be plenty of "internet cafe" software that can help
    > with this stuff....
    > >
    > >
    > > "Jell" <jell@a.com> wrote in message
    > > news:F9_Hd.10410$Vx2.2007@trndny01...
    > >> I'm installing a Win2k computer with a kiosk software in my
    > >> restaurant and I want to allow only printing. The kiosk handles IE
    > >> pretty well security wise but when opening Word docs from the
    > >> browser I leave my Windows files wide open for deletion. I also do
    > >> not want to allow saving to the hard drive. I looked into securing
    > >> the computer using security permissions but got in way over my head.
    > >> I investigated software that 'hides' files and folders but none
    > >> panned out as effective because they mainly focus on hiding things
    > >> like the My Documents folder which to me is the least of my
    > >> concerns. I know all the registry hacks to hide desktop items,
    > >> Control panel, etc...
    > >> Does anyone have a solution that is reasonably simple?
    > >>
    > >> thanks
    >
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Since I doubt this computer is a member of an AD domain I don't think
    mandatory profile would be of much use though normally that is an excellent
    option. --- Steve


    "Lanwench [MVP - Exchange]"
    <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
    news:uA85xsWAFHA.2992@TK2MSFTNGP09.phx.gbl...
    > Steven L Umbach wrote:
    >> In Windows 2000 the guest account does not have a permanent profile
    >> and you can give the guest account a password and configure the
    >> account so that the password can not be changed other than by an
    >> administrator. The guest account by default would not be able to
    >> delete or write any permanent files on the computer as long as you
    >> double check that everyone/users have no more than read/list/execute
    >> permissions for the root /drive folder and to the all
    >> users/application data folder and subfolders. Of course enabling the
    >> guest account will allow network access to shares on the computer
    >> that have permissions for guests/guest/everyone user/groups. Group
    >> Policy [gpedit.msc] does only hide a lot of things and ultimately you
    >> need to rely on permissions. On a stand alone computer by default
    >> Group Policy settings will apply to all users. Be sure to check out
    >> all the settings under user configuration/administrative templates.
    >> --- Steve
    >
    > Just wondering - would a mandatory profile help?
    > Also, there's got to be plenty of "internet cafe" software that can help
    > with this stuff....
    >>
    >>
    >> "Jell" <jell@a.com> wrote in message
    >> news:F9_Hd.10410$Vx2.2007@trndny01...
    >>> I'm installing a Win2k computer with a kiosk software in my
    >>> restaurant and I want to allow only printing. The kiosk handles IE
    >>> pretty well security wise but when opening Word docs from the
    >>> browser I leave my Windows files wide open for deletion. I also do
    >>> not want to allow saving to the hard drive. I looked into securing
    >>> the computer using security permissions but got in way over my head.
    >>> I investigated software that 'hides' files and folders but none
    >>> panned out as effective because they mainly focus on hiding things
    >>> like the My Documents folder which to me is the least of my
    >>> concerns. I know all the registry hacks to hide desktop items,
    >>> Control panel, etc...
    >>> Does anyone have a solution that is reasonably simple?
    >>>
    >>> thanks
    >
    >
Ask a new question

Read More

Security Windows