Lock Down Desktop Windows XP SA

Does anyone know how to completely lock down one user's desktop on Windows XP Pro stand alone. I want them to go straight to one application and nothing else when they log in. I tried setting up an OU like in 2000 / 2003 but it will not work in XP Pro. Ideas?http://www.tippinators.com/images/smiley/banghead.gif

 

You could use something like Microsoft Shared Desktop, which would be the only way to do it, without the added expense of learning how to setup a server with Active Directory such as Win2k3 Server.

 

Force the user to logon in a limited account, and use group policy editor to restrict their access to applications/programs. You can lock down just about everything.

http://www.tweakxp.com/article37591.aspx

RayG

 

Further links on using the group policy editor:

http://www.theeldergeek.com/group_policy_editor.htm
http://www.windowsnetworking.com/articles_tutorials/winxpgpe.html
http://www.techimo.com/articles/index.pl?photo=61

RayG

 

Thanks guys. Whenever I edit something it affects all users. Is there a way to make the changes user specific (like OU edits in 2003 server)? Am I missing a step? Am I attempting the impossible?

 

Microsoft Shared Toolkit is the easiest way to lock down just one user, doing it the other way, would lock everyone down.

 

Probably should have listened to you the first time you posted that. It cannot be done the way I was thinking of dong it. This is exactly what I need. Thanks

 

Controlling user access to applications/files can also be done using the built-in access control in Windows XP Professional.

http://www.microsoft.com/windowsxp/using/security/learnmore/accesscontrol.mspx
http://www.windowsnetworking.com/articles_tutorials/wxppfsec.html

RayG

 

That is true, but the Shared Computer Toolkit is foolproof and walks you through the steps in the order they need to be done.

 

I've not used the Shared Computer Toolkit, but it sounds like the cat's meow!

When I configured the computers at the local community center a couple years ago, I used WinXP's built-in access control and the group policy editor to lock down the systems, and that has worked quite well so far. Using the DeepFreeze program has also been quite effective, though it's not free.

http://www.faronics.com/html/deepfreeze.asp

RayG

 

Not sure if this has been stated or not, and if it has, please forgive me.

The Default user is where NEWLY created users are created from. So, ONE must RESTRCT this.

Also, if one wishes to restrict ones access, one must restrict ones shell.

But, once again, if this is trivial within this thread, then just ignore me.

I do also want to say, if one wishes to restrict ones machine, they need to discannect their floppy drive and cdrom. Those pesky MINI/PE disks can cause quite a bit of havock.....

 

That is true on disconnecting the disks. My mom's machine is the best secured machine that I have created, no CD-Rom, No Floppy, and runs FC3, and oh is not hooked up to the Internet.

But I never thought about the Defualt User account being the hook. I do go in and strip the menus from the 'All Users' group and then selectively move what I want into the other user's Start Menu.