User-level security policies without domain?

Julie · Sep 26, 2004

Hello all. Please excuse what is probably a hopelessly newbie question!
If any of my conclusions are wrong, let me know.

We're trying to get a secure locked-down machine running in a hotel lobby.
We want to do things like remove the Run command, control the Ctrl-Alt-Del,
etc. You know, the kind of stuff you'd want to do on a "public" terminal
intended only for internet access and maybe a couple of other applications.
(I presume these same requirements exist in libraries and prisons.)

When I saw what they had, it was running XP-Home. And as far as I can tell,
from fiddling with it and looking around on the 'net, this OS simply does not
permit any suitable security policy tinkering at the user level.

Windows 2000 Pro might be an option, except this is a standalone machine
without a domain controller. So I am assuming that it also will not permit any
security policies at the user level (unless you want to implement them for all
users, including the administrator.)

I don't have an XP-Pro machine where I am right now, so I thought I'd ask here
if this would be a workable solution. Does XP-Pro actually have security
policies at the user level?

Any other suggestions would be welcome too.

Thanks!

Julie

PsyB · Sep 26, 2004

Why not just implement Group Policies without a domain? You do not
require a SC to enforce Group Policy.

Simple software such as X-Teq (www.xteq.com) will allow you to restrict
things such as Regedit and Cmd/Command and the like as well, but group
policy is probably where you should enforce this.

-=[PsyB]=-

PsyB · Sep 26, 2004

You do not require a SC to enforce Group Policy.

should read:

You do not require a DC to enforce Group Policy.

-=[PsyB]=-

PsyB · Sep 26, 2004

This should help too.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/gpedit_start.mspx

-=[PsyB]=-

Julie · Sep 26, 2004

PsyB said:
Why not just implement Group Policies without a domain? You do not
require a SC to enforce Group Policy.

That was my question. Maybe I wasn't clear enough in my original post.

I know that you can secure a computer at the user level with group policies.
But Windows 2000 requires a domain controller to do this, and XP Home
doesn't have this ability. So my question is this: Does XP Pro allow user-level
security (via group policies) on a standalone machine without a domain controller?

PsyB · Sep 26, 2004

Windows XP can be secured at the user level with Group Policy,
standalone, without a domain controller.

Windows 2000 Pro *can* be secured at the user level with Group Policy,
standalone, without a domain controller (I have three systems within my
reach that are locked down without a DC)

-=[PsyB]=-

Torgeir Bakken \(MVP\) · Sep 27, 2004

Julie said:
Hello all. Please excuse what is probably a hopelessly newbie question!
If any of my conclusions are wrong, let me know.

We're trying to get a secure locked-down machine running in a hotel lobby.
We want to do things like remove the Run command, control the Ctrl-Alt-Del,
etc. You know, the kind of stuff you'd want to do on a "public" terminal
intended only for internet access and maybe a couple of other applications.
(I presume these same requirements exist in libraries and prisons.)

When I saw what they had, it was running XP-Home. And as far as I can tell,
from fiddling with it and looking around on the 'net, this OS simply does not
permit any suitable security policy tinkering at the user level.

Windows 2000 Pro might be an option, except this is a standalone machine
without a domain controller. So I am assuming that it also will not permit any
security policies at the user level (unless you want to implement them for all
users, including the administrator.)

I don't have an XP-Pro machine where I am right now, so I thought I'd ask here
if this would be a workable solution. Does XP-Pro actually have security
policies at the user level?

Any other suggestions would be welcome too.

Hi

You might want to e.g. take a look at the products below:

Doug's Windows XP Security Console
http://www.dougknox.com/xp/utils/xp_securityconsole.htm

1st Security Center
http://www.1securitycenter.com/

X-Setup Pro
http://www.x-setup.net/

Gordon · Sep 27, 2004

PsyB said:
Windows XP can be secured at the user level with Group Policy,
standalone, without a domain controller.

No, Home Edition (which the OP stated was on this machine) can't AFAIK -
Group policies only exist in Pro.

PsyB · Sep 28, 2004

That's right, no GP in Home without DC. She did mention she was using
Pro though.
-=[PsyB]=-

Greater in battle than the man who would conquer a thousand-thousand men
is he who would conquer just one - *himself*.

--Dhammapada--

Error Message when opening Local Security Policy	1	Jul 5, 2007
Disable Domain Policies	1	Jul 4, 2007
Domain Policies , Security Center and Windows Update	1	Mar 28, 2008
remove domain policies	1	Jun 14, 2007
Software restriction policies and Windows XP	3	Aug 30, 2006
Local Policies Disabled	1	Sep 13, 2006
can't modify local security settings	2	Dec 2, 2009
Block Windows Remote Shutdown on a Domain	10	Mar 15, 2007

User-level security policies without domain?

Julie

PsyB

PsyB

PsyB

Julie

PsyB

Torgeir Bakken \(MVP\)

Gordon

PsyB

Ask a Question

Similar Threads