M
Mick
We are converting our Library PCs from 2K to XP and as part of that process
I would like to do a better job than my predecessor at reducing the ongoing
work required to keep these machines clear of trojans, porn, spyware, etc.
We have a Windows 2000 domain and there is currently no proxy as we are not
allowed to restrict content, just a CISCO PIX. We use Norton AV.
We currently get members of the public installing all sorts of things from
the net that end up changing the home page, adding extra things to IE,
programs get installed in WINNT and added to Run= in the registry, icons get
added to the desktop, etc. The latest is they are bringing memory sticks in,
so I need to disable that also.
I intend to use GPMC and am starting with the MS "Implementing Common
Desktop Management Scenarios with the GPMC" document. I will have to go
with modified KIOS settings as well allow more than just IE, but I intend to
use the allowed run feature.
I want to make sure I can also lock down IE, but I still need to allow
people to download attachments from Hotmail/Yahoo which requires file
download and cookies.
Also need to restrict access to registry areas such as Run and prevent
modify access to \windows, etc.
After I double-check the licensing I would like to put add blocking, perhaps
the Google Tool bar, also interested in any other strategies to keep the
machine clear of junk (eg Window Washer, ???).
So I would appreciate any good suggestions you have.
Thanks in advance ...
I would like to do a better job than my predecessor at reducing the ongoing
work required to keep these machines clear of trojans, porn, spyware, etc.
We have a Windows 2000 domain and there is currently no proxy as we are not
allowed to restrict content, just a CISCO PIX. We use Norton AV.
We currently get members of the public installing all sorts of things from
the net that end up changing the home page, adding extra things to IE,
programs get installed in WINNT and added to Run= in the registry, icons get
added to the desktop, etc. The latest is they are bringing memory sticks in,
so I need to disable that also.
I intend to use GPMC and am starting with the MS "Implementing Common
Desktop Management Scenarios with the GPMC" document. I will have to go
with modified KIOS settings as well allow more than just IE, but I intend to
use the allowed run feature.
I want to make sure I can also lock down IE, but I still need to allow
people to download attachments from Hotmail/Yahoo which requires file
download and cookies.
Also need to restrict access to registry areas such as Run and prevent
modify access to \windows, etc.
After I double-check the licensing I would like to put add blocking, perhaps
the Google Tool bar, also interested in any other strategies to keep the
machine clear of junk (eg Window Washer, ???).
So I would appreciate any good suggestions you have.
Thanks in advance ...