Feb 24, 2012

Locking down windows vista

Yes, it's Windows Vista. I know, I know... believe me, it has caused me more than enough pain. But the customer had already bought the product and so I grudgingly have to go in and configure this beast. So here are a few tips for others who find themselves in my predicament (and some of these tips can be used for Windows 7 and later).

This is not an exhaustive list of what you can do, but hopefully this guide can point you in the right direction...

Runing only specific applications (or not)

  1. Open up gpedit.msc
  2. Navigate to User Configuration -> Administrative Templates -> System -> Run only specified Windows Applications
  3. Enable this setting and add the executables you wish to restrict such as winword.exe, calc.exe, firefox.exe, outlook.exe, paint.exe, and notepad.exe (NOTE: If you don't include gpedit.msc and other sysadmin applications, this policy will LOCK you out of everything!)
  4. Apply the setting.
  5. Alternatively, there is another setting available that acts as a blacklist of programs

Disable the command prompt

  1. Open up gpedit.msc (through the run command)
  2. Navigate to User Configuration -> Administrative Templates -> System -> Prevent access to command prompt
  3. Enable this setting. You can also disable command prompt scipt processing

Prevent editing of the Registry

  1. Open up gpedit.msc (through the run command)
  2. Navigate to User Configuration -> Administrative Templates -> System -> Prevent access to registry editing tools
  3. Enable this setting. You can also stop regedit from running silently in the background.

Edit the actions of Ctrl+Alt+Del

  1. Open up gpedit.msc (through the run command)
  2. Navigate to User Configuration -> Administrative Templates -> System -> Ctrl+Alt+Del
  3. Enable or disable your desired options. These include whether the user can change their password, lock the computer, open up task manager or logg off.

Restrict Control Panel Access

  1. Open up gpedit.msc (through the run command)
  2. Navigate to User Configuration -> Administrative Templates -> Control Panel
  3. Under the Programs sub-menu you can hide pages such as the Windows Marketplace, Features, Installed Updates, and Program Defaults.
  4. You can also force the classic control panel look and even prohibit access to the control panel.

Clean up the start menu

  1. Open up gpedit.msc (through the run command)
  2. Navigate to User Configuration -> Administrative Templates -> Start Menu and Task Bar
  3. From this directory you can remove links and items, force the classic start menu, and prevent users from rearranging the taskbar.

References

Posted by at
Labels: ,

No comments:

Post a Comment

Thanks for contributing!! Try to keep on topic and please avoid flame wars!!

Subscribe to: Post Comments (Atom)