Setting up a secure set of restrictions for company user...

ChadRT

New member
Local time
3:31 PM
Messages
1
I am setting up some new laptops that will travel to dispatchers homes for them to work from home. But we are concerned about how to keep them from screwing things up too terribly. I used to use controls back in the day to limit things like right clicking on the desktop, accessing "All Programs" and to remove many things from the start menu.

My goal is:
Icons on Desktop for programs they need. IE, Firefox, Mapping and the program to manage the towing company.

Nearly total lockdown of the Start Menu - I have done this but only because I used Right Click on Start Button > Properties but since this can be changed just as easily to put it all back I need to restrict that. I can always install new programs and then manually put a link on their desktop!

No changing Clock, accessing any resolution settings etc. But I still need them to be able to join a wireless network at will. I dont want to have to give out a password or to travel to their homes to setup the wireless networks.

Thank you guys for anything you can lend to my little dilemma here. I was able to find the Group Policy Editor, but if I use that I have to grant admin level privs to their user name? Or is there a way to tell the GP Editor to apply the setting to a specified user?

Chad
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Acer
OS
Windows 7 Ultimate x64
What operating systems will these laptops use? Your best option is to combine Local Security Policy and Group Policy. This thread may be of some help to you.
 

My Computer My Computer

At a glance

Windows 7 Pro x64Intel Core i7 920Corsair XMS3 12GB (3x2GB) DDR3 1333EVGA GTX 470 1280MB GDDR5 DX11
Computer Manufacturer/Model Number
Me
OS
Windows 7 Pro x64
CPU
Intel Core i7 920
Motherboard
ASUS P6T Deluxe V2
Memory
Corsair XMS3 12GB (3x2GB) DDR3 1333
Graphics Card(s)
EVGA GTX 470 1280MB GDDR5 DX11
Monitor(s) Displays
ASUS VW246H | ACER AL2216W
Screen Resolution
3600x1080
Hard Drives
1x Corsair Vertex 3 SSD (120GB)
1x Corsair Vertex 2 SSD (60GB)
2x Western Digital Black (500GB/1TB)
1x External WD Green eSATA (1TB)
PSU
Corsair 850HX
Case
Velocity Micro FullTower
Keyboard
Logitech G110
Mouse
Logitech G500
Internet Speed
http://www.speedtest.net/result/1226664359.png
Antivirus
MSE
Browser
Chrome
Other Info
Logitech Z-5500 5.1 Surround Sound
Logitech C260 Webcam
Creative Fatal1ty Headset
Most of those things are also possible by using standard user accounts, that directly prevent any writing to system critical areas, but still can execute programs and connect to wifi networks. In the event of anything requiring admin permissions, UAC will popup, asking for a password that the user will not know, unable to proceed. Also, a firewall with strict settings, specially for outgoing connections may help in reducing authorized usage, and an antivirus is obviously a must, helping too in case something sneaks in.

The only problem I think you can have is that, the people having physical access to the machine, it's entirely possible to boot with an external OS, making possible to access everything, and even deleting an admin password (incredibly easy with Windows), thus getting full control of the OS.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64Intel Core i7-740QM8 GB DDR3NVIDIA GeForce 330GT
Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba Sattelite A665-S6092
OS
Windows 7 Ultimate x64
CPU
Intel Core i7-740QM
Memory
8 GB DDR3
Graphics Card(s)
NVIDIA GeForce 330GT
Screen Resolution
1366x768
Hard Drives
Samsung 840 SSD 500GB
1TB USB3 external HD
Cooling
Coolermaster Notepal U3 notebook cooling pad
Internet Speed
3mbps ASDL
Antivirus
ClamWin 0.98.7
Browser
Opera 12.17 x86 (main), Firefox 38 (sec), IE11 (last resort)
Back
Top