Users' rights management

[Guest]

I am a dummy administrator...I would the users in my ethernet LAN (that
doesn't use Active Directory) can execute a set of selected programs and
generate files only by this programs to deny copying/deleting/generating of
not authorized files on harddisk (such as worms, games and other programs
that don't attach Windows registry file).
Note: I use Windows XP Professional SP2 and I've tried to use gpedit.msc
but...

 

[Steven L Umbach]

Probably your best bet in a non AD environment is to look at using the free
Shared Computer Toolkit from Microsoft to lock down users. Of course if at
all possible make sure that the users are not local administrators or power
users. Other options are to use Software Restriction Policies to restrict
what applications a user can run/install and to modify NTFS folder
permissions to make sure that uses have only the needed access to a folder
file. If a user has no permissions to a folder either as their account or
via group membership then they have an implicit deny. The links below should
get you started. Be very careful with deny permissions and try not to use
them in most cases. For instance a deny to users/everyone will also impact
administrator accounts.

Steve

http://www.microsoft.com/windowsxp/sharedaccess/default.mspx --- Shared
Computer Toolkit
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
--- SRP. Note that desktop shortcuts are by default in the list that can
be restricted.
http://support.microsoft.com/default.aspx?scid=kb;en-us;308418