Locking down a 2000 Pro computer 1

[DSLTech]

I have a small network running here, with a couple of computers set up for general public use: checking email, surfing the 'net, that sort of thing. What I'm looking to do is lock the computers down so tightly that all the general public can do is open internet explorer, but the administrator will be able to do anything that he/she wants to the machine in question.

Setting local policies should work, but it's darn annoying to have to go through each option and enable/disable them. Also, they don't allow the Admin access to do whatever he'd like to do. Any suggestions? Also, it would be nice if the cost was low/free.

Thanks

 

[Davetoo]

http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolicy.asp

 

[Shurik]

read about hisec.pol at the technet ... Alex,
Problem? No Problem!
Drink more beer...

 

[keith8266]

Use the security template to create one lock down policy and then apply it to the other machines.
Keith

 

[braddds]

thread616-479080

Your answers are here!

I was faced with this same problem dealing with a security computer...I wanted it to apprear "hardwired" - no messing with anything! Follow the link in the second post and the one wolluf posted. I was able to turn off and give the user access to only the programs and feature I allowed...no floppy, cd access turned of all features from command prompt to right click context menu. They could do nothing else except run two programs...period.

And as an added feature I was able to log on as administrator without any restrictions imposed on the 'user'. This little feat was accomplished by finding "gpt.ini". Then right click/properties/security select "deny" all selections. This will cause your admin account to ignore all the restrictions because it can't read the group policy file.

Following the above should give you what you want! Cheers

All responses are appreciated!