classroom/kiosk type security

Archived from groups: microsoft.public.windowsxp.configuration_manage,microsoft.public.windowsxp.security_admin (More info?)

hi all.

I'm looking into securing xp workstations in a classroom lab that are being
shared by the students (AD domain users). Epecially that I found out they
can install Gaim/chat applications, as well as being able to freely creating
folders under the c:\ drive.

On one machine, i'm experimenting by removing "everyone" access to the c:\
drive, also removed the local "Users" group, this is so that no students who
login can create a folder under the C:\ drive, and force them to save files
and create folders only under their own profile.

--- isn't this a good idea? or isn't what I just did more or less a standard
approach to prevent login users to pile up their own personal files under
the c:\ drive?

Or is there like a group policy template that you can apply so that the
machine can quickly be configured as a public kiosk?

Any ideas I appreciate, thankx!

joe
3 answers Last reply
More about classroom kiosk type security
  1. Archived from groups: microsoft.public.windowsxp.configuration_manage,microsoft.public.windowsxp.security_admin (More info?)

    I would use a kiosk software and push put INI files as needed using AD/WSH.

    There's a lot to modify and registry entries, the kiosk software is pretty
    much point, click, and go. Modifications are fairly easy and updates can be
    pushed via AD/GPOs.

    Here's a good kiosk s/w I've used to secure a manufacturing facility from
    day laborers:
    http://www.softheap.com/newadmin.html

    "joe haydn" wrote:

    > hi all.
    >
    > I'm looking into securing xp workstations in a classroom lab that are being
    > shared by the students (AD domain users). Epecially that I found out they
    > can install Gaim/chat applications, as well as being able to freely creating
    > folders under the c:\ drive.
    >
    > On one machine, i'm experimenting by removing "everyone" access to the c:\
    > drive, also removed the local "Users" group, this is so that no students who
    > login can create a folder under the C:\ drive, and force them to save files
    > and create folders only under their own profile.
    >
    > --- isn't this a good idea? or isn't what I just did more or less a standard
    > approach to prevent login users to pile up their own personal files under
    > the c:\ drive?
    >
    > Or is there like a group policy template that you can apply so that the
    > machine can quickly be configured as a public kiosk?
    >
    > Any ideas I appreciate, thankx!
    >
    > joe
    >
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi Joe,

    Thanks for posting!

    My understanding on the issue is: you want to prevent domain users from
    installing software and creating folders in drive C. If I have
    misunderstood your concerns, please feel free to let me know.

    By default, standard domain user will be a member of Local User on the
    domain machine. You may prevent domain user from installing software and
    creating folders and files. I would like to provide you the following
    method for your reference:

    Right-click C: -> click Properties item-> click Security tab -> click Users
    ->click Advanced button-> click Permissions -> remove

    Name Permission
    Users Create files/Write data
    Users Create folders/Append data

    Note: Do not remove local "Users" group.

    Please note that the partner managed newsgroups provide assistance to
    resolve break/fix issues. We also recommend Microsoft Advisory Services, a
    remotely-delivered, consultative support option that adds the element of
    proactive support, providing a comprehensive result beyond your break-fix
    product maintenance needs. More information on this service here:
    http://support.microsoft.com/gp/advisoryservice

    Thanks & Regards,

    Jason Tan
    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
  3. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    Hi Joe,

    Thanks for posting!

    I notice that you have posted the same question 27574998 in our
    microsoft.public.windowsxp.security_admin newsgroup, to which I have
    already responded. I will follow up your issue on that thread.

    For your convenience, I have included my reply as follows:
    ==================================================================
    Hi Joe,

    Thanks for posting!

    My understanding on the issue is: you want to prevent domain users from
    installing software and creating folders in drive C. If I have
    misunderstood your concerns, please feel free to let me know.

    By default, standard domain user will be a member of Local User on the
    domain machine. You may prevent domain user from installing software and
    creating folders and files. I would like to provide you the following
    method for your reference:

    Right-click C: -> click Properties item-> click Security tab -> click Users
    ->click Advanced button-> click Permissions -> remove

    Name Permission
    Users Create files/Write data
    Users Create folders/Append data

    Note: Do not remove local "Users" group.

    Please note that the partner managed newsgroups provide assistance to
    resolve break/fix issues. We also recommend Microsoft Advisory Services, a
    remotely-delivered, consultative support option that adds the element of
    proactive support, providing a comprehensive result beyond your break-fix
    product maintenance needs. More information on this service here:
    http://support.microsoft.com/gp/advisoryservice

    Thanks & Regards,

    Jason Tan
    Microsoft Online Partner Support

    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
Ask a new question

Read More

Configuration Security Microsoft Windows XP