Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Creating an ULTRA-DUMMY account 2

Status
Not open for further replies.
NormRumac

NormRumac

Programmer
Sep 4, 2003
41
0
0
CA
Hi.

I need to setup a desktop computer system in a retail store. This system will be accessible to the general public (i.e. anyone can use it).

The purpose of this system is to allow users to access one single custom made database application that will run on Windows XP Pro persistantly 24 hours a day, 7 days a week.

Since anyone is allowed access to the computer, there are obviously a number of potentially dangerous security risks (this computer will be connected to a local network).
But, if we can assume that the database application and its asscociated resources are secure, what are the steps we need to take in order to virtually elimiate any possible damage that can be done by malicious (or curious) users?

Basically, I just want to have the database application running all the time. If possible, users shouldn't even know that Windows XP is the OS behind the application. They should not be able to kill the application process, minimize/close the application window, start any new applications, read any files, access the internet...install/run any other programs...nothing....they should only be able to use this one intended application. Note that this application requires access to SQL server, and a local instance of this service will need to run on this computer, so i understand that I will need to turn on the MSSQL service locally.

Can anyone give me step by step instructions on how to lock down the system so it does what I want? I need to elminate as many potential security holes as possible.

Thanks,
--Norm
 
Sort by date Sort by votes
Download the group policy common scenarios at microsoft.com. There is one template called "kiosk."

Kiosk
Use this scenario in a public area, such as in an airport where passengers check in and view their flight information. Because the computer is normally unattended, it needs to be highly secure.
The Kiosk scenario has the following characteristics:
* Is a public workstation.
* Runs only one application.
* Uses only one user account and automatically logs on. The system automatically resets to a default state at the start of each session.

This policy can be applied to a machine OU at the server level...if this is the only station you intend, then you will only have the one machine in this OU.

Alex
 
Upvote 0 Downvote
A star for AlexIT.

But perhaps he can provide a direct download link. It escaped me when I searched, although I know it exists.

Bill
 
Upvote 0 Downvote
o.k. I checked the microsoft website and in order to use this group policy common scenarios, we must install a tool called GPMC which, according to Microsoft "runs on Windows XP Professional machines with Service Pack 1 and the Microsoft .NET Framework".

I dont understand the 2nd criteria that it must run on the .NET framework. What does this mean?

--Norm
 
Upvote 0 Downvote
The new "Group Policy Management Console" is very cool stuff for AD Domains under Win2k or Windows 2003 as a
DC, but it is slightly tricky to install for Windows XP as client.

Daniel Petri wrote a great article on "HowTo" make this work:
 
Upvote 0 Downvote
wow, this GPMC thing seems to be creating a lot more issues than I anticipated.

For one thing, all the computers in the retail store are simply connected as part of a Workgroup. There are no domains created, no primary domain controllers etc.

I didn't really want to have to reconfigure all the machines, creating domains, user policies and so on.

Is this really going to take some effort? Or is there a simple way of accomplishing what I originally wanted...creating a kiosk-like computer running Windows XP in the background with limited priviledges.

Thanks,
--Norm
 
Upvote 0 Downvote
Each machine also has a local group policy that you can set. Group policy can be accessed in the mmc console. Go to
start-run-type "mmc"-hit enter
go to add/remove snap-in, select to add a snap-in, and add the group policy snap-in.
From the group policy snap-in, you can make most if not all of the settings changes that are shown in the common scenerio that AlexIT suggested(great resource Alex).

This will allow you to control things without needing a domain.

Good luck!
 
Upvote 0 Downvote
Thanks vanb. I tried that, but when I try to add the group policy management snap-in, i am told again that I must login as a *domain* user account in order to use the group policy manager.

I dont mind creating a single, seperate domain for this one computer if necessary, so long as other computers that will remain under the regular workgroup, can continue to access the instance of SQL server that this single kiosk computer will be running.

This may be a stupid question, but if I have to create a new domain for this computer, how do I do that without reinstalling XP?
 
Upvote 0 Downvote
Norm,

If you have a budget:
They have a kiosk OS/interface that would be perfect.

I used them in 150 retail locations on a project. You can control exactly what gets run.

I'm pleased to see these guys still in biz. Thought for sure they would be dotcom casualties.

--ACE
 
Upvote 0 Downvote
Thanks AceJupiter,

I had actually already stumbled on that software during my search for a solution to this problem. I requested a free trial of their software, so I will try it out when they give me a link to download it.

Scary thing is they don't mention the price of this software on their website. That means it must be high.

Another strange thing is that there seems to be a good easy-to-use software solution for Linux, provided by KDE, the Desktop developer. Too bad the application I need to use was developed for a M$ platform.

--Norm
 
Upvote 0 Downvote
Norm,

I recall it's being quite expensive, well over $150 per w/s, which really added up for me. But it's a browser based software that's braindead to setup. Very easy.

I have no idea what it is $$$wise now. ACE
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

VicM
  • Locked
  • Question
Change name not showing in user account 1
Replies
13
Views
304
guitarzan
guitarzan
DSaba10
  • Locked
  • Question
Creating a log of SFTP Uploads
Replies
0
Views
64
DSaba10
DSaba10
Nikoval
  • Locked
  • Question
Trying to upgrade from Windows 7 - Windows 10 keep getting an error.
Replies
6
Views
155
xwb
xwb
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
494
Flinx
Flinx
hikermann
  • Locked
  • Question
WordPerfect 12 and Windows 10 Fighting
Replies
1
Views
116
Mike Lewis
Mike Lewis

Part and Inventory Search

Sponsor

Back
Top