|
Posted by Roger Abell on August 8, 2005, 1:25 am
If you were Registered and logged in, you could reply and use other advanced thread options
What OS ? This is more approachable with XP Pro than it is with
Windows 2000, mostly due to the addition of Software Restriction
Policy in XP and later.
However, local policy (i.e. stand-alone) is always applied equally
to all accounts. User and group selectivity is a domain feature.
There is a workaround, a very tedious workaround, for which one
must plan carefully what policies are to be in effect for which accounts.
In general I do not recommend it.
Also, most things effected by local policy can be done with registry
settings - and there are third-party tools to assist. You might want to
look at Doug's little app for this (www.dougknox.com).
Finally, from what you have said it almost sound like what you could
do is to change the default shell from Explorer for the couple accounts
that are to be restricted to only accessing the bank web sites.
--
Roger Abell
Microsoft MVP (Windows Security)
> My machine is a standalone machine without any AD setting.
> I am planning to set different user groups with different security
settings
> and windows environment.
> From gpedit.msc, there are only Windows Setting->Local
> Policies->UserRightAssignments and Windows Setting->Local
Policies->Security
> Options working with User Groups. The other policies affecting all users.
> I need the very tight security user group for working only with one or two
> banking web sites, no other application runs, no application can be
install,
> and no communication to other sites. Limited ports. The cleaning process
> should run during login and logout. The point is to avoid the backdoor and
> keylogger.
> Another user group for general usage, like accessing chatroom site, ICQ,
> YIM, game.
>
> How can I do this?
> Any suggestion on setting user groups to acheive security?
> Thanx a lot
>
>
| 
XML site map