Restricting access to guests

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I wish to make a PC available to members of the public. I will setup a guest
account but I want to restrict their access to the system. I am OK letting
them use MS Works, Office and Internet explorer but i want to stop them
gaining access to run, control panel, and other areas.

If I right click on the start menu that stops some of the access but someone
with a little knowledge can soon switch it back on. Any ideas on how I do it?
 
It is easier to do with XP Pro,but you can get the basics of what you want
in XP home by setting the BIOS to boot from hard drive only and password
protect it, place strong passwords on all accounts except Guest,and make
sure you boot to safe mode and place a strong password on the hidden
administrator account.

--
Customers in the U.S. and Canada can receive technical support from
Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for
support calls that are associated with security updates
Larry Samuels Associate Expert
MS-MVP (2001-2005)
Unofficial FAQ for Windows Server 2003 at
http://pelos.us/SERVER.htm
Expert Zone-
 
Today Larry Samuels commented courteously on the subject at
hand
It is easier to do with XP Pro,but you can get the basics
of what you want in XP home by setting the BIOS to boot
from hard drive only and password protect it, place strong
passwords on all accounts except Guest,and make sure you
boot to safe mode and place a strong password on the hidden
administrator account.
Hmmm. Need to turn on a limit for incorrect PW attempts, PW
expiration, and a few other things including killing anything
remotely akin to Internet access. Also, unplugging the floppy
drive (if any), CD drives (if any) etc. etc. etc. 5-year-olds
are computer savvy enough these days - and love the challenge
of cracking an adult's restrictions - so how would the OP stop
a determined child, much less a malicious user who might only
want to mess the whole thing up just for grins?

Incidently, is it still possible to take a PC cover off,
disconnect the mobo batter to kill the BIOS memory, restart,
and you're off to the races?

I dabbled rather poorly for 5 1/2 years as the so-called
engineering info security manager at the company I am retired
of and used to demonstrate all this stuff to the unbelievers,
who included my boss who I got past a locked office and all
that PW nonsense, minorly messed up his PC, and put a fake
picture of his face on a Harley biker dude's fat body (he had
a Harley) one night. It was a major hoot watching him turn all
red in the face from screaming at me to tell him how I did it.
Answer: "I'll never tell, now get serious about supporting me
to management!"

I'm not being a smart aleck here, I would personally like to
know how easy or hard it really is on a modern PC to get past
all this stuff. Thanks.
 
As for the floppy and cd, most of the good tools need to be booted, hence
the boot from HD only. Guest doesn't have permission to install apps nor
change system files, so it is relatively safe to leave the drives
functional.

If your guests are disassembling your pc,you have a bigger problem than the
damage they might cause<G>

Why disable internet access--they can only do limited damage.

I actually have an internet kiosk set up in my store where I let anyone play
with full admin access for testing programs, reading emails(and clicking on
attachments <G>),etc. Why am I not worried? I have the PC isolated from the
rest of the network, and a prebuilt Ghost image on a hidden partition that
takes about 2 minutes to restore the pc to it's preconfigured state. It is
reimaged at least once per day,and more often if needed.

As in all cases, if anyone has unrestricted physical access all bets are
off. There is a reason servers are kept in locked closets and only the
system admin has the keys.

--
Customers in the U.S. and Canada can receive technical support from
Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for
support calls that are associated with security updates
Larry Samuels Associate Expert
MS-MVP (2001-2005)
Unofficial FAQ for Windows Server 2003 at
http://pelos.us/SERVER.htm
Expert Zone-
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Back
Top