Account policies for indavidual users

  • Thread starter Thread starter William
  • Start date Start date
W

William

I have a stand alone box that I do not want on the
network. It has a DSL connection. I have only two log-in
accounts setup on it, administration, and customer. I need
to lock down the customer account without locking down the
administration account. I wanted to create a seperate
policy set just for the customer but Windows XP will not
seem to allow to create new policyies or to assign to a
user or group. It does not seem posible to creat OU's in
windows XP so I seem to be lost how to lock down one
account but not the other. Any idea?
 
I don't know if you are using Home or Pro - big diferrence between the two.
Assuming you are using Pro, be sure customer account is regular user. You
can use ntfs permissions to control access to folder/files, however do not
modify permissions on \windows folder as bad things can happen if you goof
up there and permissions are already reasonably secure. OU's are only in an
AD domain, so that is definitley out. EFS encryption can be used to in
addition to ntfs to keep data confidential, but do not use EFS until you
read all about it including the necessity to back up your EFS
certificate/private key. Software Restriction Policies can be very helpful
in locking down a user and the enforcement rule can be used to exempt local
administrators. You could try implementing Local Group Policy and then using
a hack to deny yourself ntfs permissions to the \windows\system32\group
policy\users folder. If you lock yourself out, you could always manage Group
Policy remotely from another computer on the network via mmc snapin, then
select Group Policy/another machine. --- Steve

http://support.microsoft.com/?kbid=310791
http://is-it-true.org/nt/nt2000/atips/atips24.shtml
http://www.jsifaq.com/sube/tip2400/rh2492.htm
 
See www.dougknox.com, Win XP Utilities, Windows XP Security Console.
Version 1.4 is currently available, and version 2 is on its way with even
more restrictions that can be put in place on a per user basis.
 
Hi William. Everything I mentioned will work on a stand alone machine. If you are
using XP Pro, then Software Restriction Policies would definitely be something to
look into. I would also change the ntfs permissions on the desktop folder for the
customer account to read/list/execute which will not allow them to change the
desktop. If you do that, be sure to take ownership of that folder. See link below for
great tutorial of Software Restriction policies which can be configured to exempt
local administrators.. --- Steve

http://www.microsoft.com/technet/tr...et/prodtechnol/winxppro/maintain/rstrplcy.asp
http://tinyurl.com/rweh -- same link as above, shorter.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Account policies for individual user 2
Windows SteadyState Setup in XP SP3 5
Question about group policy and user created admin accounts. 2
Group policy in windows2003 1
Admin user account locked out - need help! 3
Security Settings for Password Policy and User properties 6
Applying local policies to a specific account on a workgroup in XP 7
Group Policy question 12

Back
Top