Home
Forums
New posts
Search forums
Articles
Latest reviews
Search resources
Members
Current visitors
Newsgroups
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Home
Forums
Newsgroups
Windows XP
Windows XP Security
Deny Interactive Logon but Allow Runas
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
[QUOTE="HEMI-Powered, post: 11227985"] Steven L Umbach added these comments in the current discussion du jour ... At the company I am retired from, they first implemented draconian rules for Windows 2000 and now XP that completely stops ordinary users from installing/uninstalling anything, modifying/deleting system files, nothing at all. This is done centrally when a user logs into what once was a Novell NOS and is now Windows Server, I think. Each department has a single or multiple number of designated dept. admins appointed by the manager who does have the permission to change systems. Once these rules were implemented after we finally moved off Windows 95 - not even 98 - virtually all user-error problems disappeared. Now, this sort of Big Brother application of central rule works well in a very large company with the resources to use built-in security in the O/S or NOS, buy utilities to do it, as you suggest above, or write code in Visual C++, Java, whatever that will custom alter end-user systems to accomplish management's goals. I left the company barely 6 months after 9/11 and beginning in late 2002 and more into 2003-2005 or so, I know they've clamped down more and more to not only save internal customer support manpower but also in a company-wide effort to reduce hacking, malicious sabotage, malware, whatever. And, the entire network sits behind multiple proxy servers to protect the "clean" side from the "dirty" side. I gave up being a Registered MS Basher some time back, but I think most folks even moderately savvy about XP's so-called security know that it is just plain marketing hype and bullshit. No, I repeat, NO secure software would allow a user to bypass system administrator rules by booting into Safe Mode any more than it would allow an end-user to change system PWs, BIOS settings, and all the other things that can cause heartburn to a large support staff. Now, do the users like this? Not hardly! But, my company, like most large corporations, has an old- fashioned, somewhat romantic notion that they're in business to make money and PCs are an important tool to accomplish business plans, but they are NOT toys nor hobbyist playthings. Sole proprietarship companies either do their own tech support or higher it done. Big companies have IT staffs to do it. It is from the "mom and pop" size very small firms, to small, to mid-size companies that are in the most trouble because their managements either do not understand what it really takes to run a complex network or they cannot or will not allocate manpower or financial resources. That's a tough row to hoe, and one that the OP hasn't give much insight as to what his management's direction(s) are. I'm running off at the mouth here mainly because the general problem described in this thread that is often summarized by some OP as "how do I restrict folders or apps or installs or even individual files other than via account?". This is seen here and in many other peer-to-peer help NGs and I have yet to see a fully implementable way to do all of this with XP unless some special means are taken - read: spend some money. [/QUOTE]
Verification
Post reply
Home
Forums
Newsgroups
Windows XP
Windows XP Security
Deny Interactive Logon but Allow Runas
Top
