Need lockdown advice

[Tony]

Hi All,

I need the group's advice.

I am in a situation where I need to create a safer
environment than that provided by anti-malware,
firewall, and common sense. I am dealing with
someone whose judgment was impaired following
a serious injury. He is currently using M$
XP-Pro-SP2. (His brains need to heal up a
bit more before his common sense kicks back in.)

Currently the user's computer is hosed to
the point where it is going to have to be
kicked back to the initial factory install.
So, I have a clean slate to start with.

If I do not do something drastic to the
system, he will be back in the soup in about
three weeks. (Antivirus programs scream and
run when this guy enters the room! He can not
resist the "pitches" that malware makes and
actively seeks them out.)

1) Is there a way to block him from installing
any new software without a secret password that
only I and his caretaker will know?

2) Is there a way to block him running any
software that is not on an "approved" list?

3) Any other advice?

Many thanks,
--Tony

 

[Jim]

Create a new account on the machine and make him a restricted user.
Then only you and whoever else knows teh admin password can install
anything. He can still surf the net and everything he needs to, he
just can't make many changes to the system.

 

[Carey Frisch [MVP]]

Install and configure this:

Microsoft Shared Computer Toolkit for Windows XP
http://www.microsoft.com/downloads/...56-e3da-42ea-857d-92b716077a84&displaylang=en

How to turn on or turn off the firewall in Windows XP
http://support.microsoft.com/kb/283673/en-us

Install Avast! antivirus program (FREE)
http://www.avast.com/eng/down_home.html

Antivirus software: Frequently asked questions
http://www.microsoft.com/athome/security/protect/antivirus.mspx

Microsoft Windows AntiSpyware
http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

Here's what you can do to enhance the security on your PC
http://www.microsoft.com/athome/security/protect/windowsxpsp2/Default.mspx

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

-------------------------------------------------------------------------------------------

:

| Hi All,
|
| I need the group's advice.
|
| I am in a situation where I need to create a safer
| environment than that provided by anti-malware,
| firewall, and common sense. I am dealing with
| someone whose judgment was impaired following
| a serious injury. He is currently using M$
| XP-Pro-SP2. (His brains need to heal up a
| bit more before his common sense kicks back in.)
|
| Currently the user's computer is hosed to
| the point where it is going to have to be
| kicked back to the initial factory install.
| So, I have a clean slate to start with.
|
| If I do not do something drastic to the
| system, he will be back in the soup in about
| three weeks. (Antivirus programs scream and
| run when this guy enters the room! He can not
| resist the "pitches" that malware makes and
| actively seeks them out.)
|
| 1) Is there a way to block him from installing
| any new software without a secret password that
| only I and his caretaker will know?
|
| 2) Is there a way to block him running any
| software that is not on an "approved" list?
|
| 3) Any other advice?
|
| Many thanks,
| --Tony

 

[Plato]

a serious injury. He is currently using M$
XP-Pro-SP2. (His brains need to heal up a

Please explain what M$ means. Thanks in advance.

 

[Tony]

Please explain what M$ means. Thanks in advance.

M$ is an abbreviation for Microsoft

 

[Tony]

Create a new account on the machine and make him a restricted user.
Then only you and whoever else knows teh admin password can install
anything. He can still surf the net and everything he needs to, he
just can't make many changes to the system.

Hi Jim,

Will I have to log out and log back in as Administrator
to install things, or is there a way for Windows to
prompt me (like Apple OSX does) for the password inside the
restricted account?

Many thanks
--Tony

 

[Richard Urban]

Not in my book!

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Tony]

Not in my book!

Do you have a favorite abbreviation?

 

[Richard Urban]

MS is the abbreviation for Microsoft.

The so called M$, is a derogatory abbreviation used by those who have an
extreme "hate" affair with Microsoft. It is used by many who feel that they
should be able to get the operating system (or any other Microsoft software)
for free, because Microsoft has made so much money off of their products.

Wouldn't you want to make a profit from your efforts?

Let the fun begin!

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Tony]

MS is the abbreviation for Microsoft.

The so called M$, is a derogatory abbreviation used by those who have an
extreme "hate" affair with Microsoft. It is used by many who feel that they
should be able to get the operating system (or any other Microsoft software)
for free, because Microsoft has made so much money off of their products.

Wouldn't you want to make a profit from your efforts?

Let the fun begin!

Richard! You are jumping to conclusions. The "$" is to
imply success. It also looks like an "S". It is not
meant to be derogatory. I also find most people recognize
it.

--Tony
p.s. I resell a lot of M$ products. And, yes, I do expect
to be paid for them.

 

[Richard Urban]

It was first used by certain third rate websites that are "very" critical of
Microsoft's success.

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Malke]

Richard! You are jumping to conclusions. The "$" is to
imply success. It also looks like an "S". It is not
meant to be derogatory. I also find most people recognize
it.

On Usenet, M$ is rude. If you want to be rude that's your business;
although the Microsoft-hosted newsgroups tend to be fairly polite, this
*is* Usenet after all. But then of course you have to be prepared for
the flames. Probably you should just let it go now. Or go *all* the way
and do a *nix troll thing and call it "Windoze" since there isn't any
point in flaming half-way.

Malke

 

[Tony]

It was first used by certain third rate websites that are "very" critical of
Microsoft's success.

Hmmm. It has probably been generally adopted and lost
its original intent. "Yankee" was also originally meant
as an insult.

 

[RJK]

....not in mine either !

regards, Richard

Not in my book!

--


Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Tony]

On Usenet, M$ is rude. If you want to be rude that's your business;
although the Microsoft-hosted newsgroups tend to be fairly polite, this
*is* Usenet after all. But then of course you have to be prepared for
the flames. Probably you should just let it go now. Or go *all* the way
and do a *nix troll thing and call it "Windoze" since there isn't any
point in flaming half-way.

Malke

Hi Malke,

It wasn't meant to be rude.

You raise an interesting point. Since I do a lot of Linux
work as well as Windows work (I am no purest: I use what
fits my customer's needs best). I probably picked it up
from one of their newsgroups. If it was used as a
derogative at one time, its pervasive usage now has
removed that intent.

By the way, the crowd that wants M$'s products
for free, also wants my/your labor for free too. And,
in my experience, the never give Linux or the other
legitimately free products a second glance. They also
tend to steel the music industry blind as well.

I steer clear of them: if they will steel from M$, etc.,
they will steel from you/me too. (It really pisses them
off when you remind them that it is "Though shalt not
steel", not "Though shalt not steel, unless it is really,
really easy, and I really, really want it.")

--Tony

 

[Tony]

...not in mine either !

regards, Richard

Gee Wiz guys! Does this mean I will have to be
more "sensitive"

--Tony

 

[RJK]

YES ! <grin>
....I always find the view that because something is very successful, it
should either be cheaper or free, to be not quite right, ....somehow !
That's not to say that I wouldn't like it to be free ....jeez double
negative in there somewhere !
Software products, ( whether it's application software or the OS itself ),
are unique in that they are easily stolen from mid-air ...or should that be
mid-ether ...net LOL !!! Conversely, try grabbing a copy of XP from your
local computer store and running out of the store without paying for it and
see what happens !

....btw I'm not pretending to be an angel ....I've spent more than just a few
minutes looking for "cracks" for apps. that I could never have afforded to
buy ! ...and I'm not ashamed to admit it !

regards, Richard

 

[Tony]

Gee Wiz guys! Does this mean I will have to be

RJK wrote:
YES ! <grin>

No! No! Tell me it isn't so! :-D

...I always find the view that because something is very successful, it
should either be cheaper or free, to be not quite right, ....somehow !
That's not to say that I wouldn't like it to be free ....jeez double
negative in there somewhere !
Software products, ( whether it's application software or the OS itself ),
are unique in that they are easily stolen from mid-air ...or should that be
mid-ether ...net LOL !!! Conversely, try grabbing a copy of XP from your
local computer store and running out of the store without paying for it and
see what happens !

These same guys do feel that they should have to pay their
bills either.

Of interest, since they think the legitimately free stuff
and the stolen stuff should both be free, they still choose
Microsoft's stuff. (I figure I will just spell Microsoft
out for now -- I even capitalized it!) Microsoft should
take that as a compliment. (Not from someone you really want
one from, but a compliment none the less.)

--Tony

 

[Bob I]

No it's not, it's the administrative share of the M: drive.

 

[curtwulf]

Ah, nothing like a good highjacking...

Apart from the use of MS or M$, I use neither. I just type Microsoft.

However, to your issue. I recommend the Microsoft Shared Computer
Toolkit. I believe it's still a little buggy, but it does the trick.
You can configure your user's computer to be nothing but a desktop of
icons that only you want.

There is one feature I recommend you look into. I forget the actual
term for it, but it's a method of locking the harddrive down in a way
that prevents him from making any changes. It works by storing a
complete copy of the OS on a hidden partition of the drive. When your
user logs in, that partition is loaded into the visible one, and any
changes he makes (software, settings, cookies, internet history, etc.)
are all stored normally in the visible partition.

Here's where the cool part comes in. When the user is done, he shuts
down. At this point, the entire visible partition is dumped. Next time
he boots up, the hidden partition is loaded and he's back to a computer
that's virus-free, malware free, etc-free even if he loaded it to the
seams on his last use.

You can set aside an area for the user to save things to that is
retained between reboots. Fear not, however, he shouldn't be able to
install software there since the toolkit can prevent him from running
ANY *.exe file.

If you have any questions, drop me an email.

Enjoy.

- wulf