Least Privilege

G

Guest

I am VERY anxious to find out how to actually get a windows xp (and 2000)
computer setup with least privilege.

I setup all my computers to start with as an adminitrator, and then give
them out to users to run. I want to be able to install what I need for them
to work, and then basically give the users no right whatsoever to the
computer as a user, other than the ability to run already installed programs.
I do not want them installing any program, changing or even seeing any
network, display, etc. settings.

I don't even want them saving files to the hard drive from Word or Excel
etc. as they have their own specific user directories on a backed up,
mapped network drive.

I also want them to be able to browse the internet and their web based
email, but not be able to install ANY chat software or ANY software
whatsoever.

Is this possible with Windows 2000 or XP? Is there anywhere I can chat
with administrators with the same concerns?

Thanks very much!
 
K

Kerry Brown

Mark B said:
I am VERY anxious to find out how to actually get a windows xp (and 2000)
computer setup with least privilege.

I setup all my computers to start with as an adminitrator, and then give
them out to users to run. I want to be able to install what I need for
them
to work, and then basically give the users no right whatsoever to the
computer as a user, other than the ability to run already installed
programs.
I do not want them installing any program, changing or even seeing any
network, display, etc. settings.

I don't even want them saving files to the hard drive from Word or Excel
etc. as they have their own specific user directories on a backed up,
mapped network drive.

I also want them to be able to browse the internet and their web based
email, but not be able to install ANY chat software or ANY software
whatsoever.

Is this possible with Windows 2000 or XP? Is there anywhere I can chat
with administrators with the same concerns?
Click to expand...

Are using active directory? If you are try using group policy to lock out
specific things like changing display settings, where they can save files,
installing programs etc.

Kerry
 
K

Kerry Brown

Mark B said:
Active Directory is a server function, not Win2K or XP
Click to expand...

Active Directory is a network service. All computers, users, and devices on
the network can use it. It runs on a server or servers.

http://www.microsoft.com/windows2000/server/evaluation/features/dirlist.asp

I was assuming you were an administrator for a network. If the network uses
AD you can use group policies so the W2k and XP machines do what you want.
The link is for Server 2003 but most of it applies to Server 2000 as well.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/featured/gp/default.mspx

If they are in a work group you can use group policies on the XP Pro
machines but you have to manually set the policies on each machine.

http://www.theeldergeek.com/group_policy_for_windows_xp_prof.htm

If you have more than a few machines networked together you should be
looking at implementing some form of management. AD and group policy is the
Microsoft way. There are other methods for Linux and Novell servers which
may or may not involve Active Directory.

Kerry
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Amazon Login Location Different 4
Least User Priviledges for Network Administrators 8
permissions 1
minimum privilege for network config? 1
Starting a Systemwide App on boot? 4
Protecting powerpoint query 3
ASUS Z390 Motherboards Automatically Push Software into Your Windows Installation 1
admin rights 3

Top