Question for IT Tech's

frank

frank

Suspended / Banned
Messages
2,498
Edit My Images
Yes
A local club I use is purchasing a new netbook with Win 8 and MS Office for the secretary of the club. It is for club use only by the secretary, club related emails only, personal emails are to be restricted, internet use. Main use is for the various documents and legal stuff he will need to handle, Excel & Word and however he wants to organize Outlook. Offline storage will be used too. He is not (by his own admission) very techy when it comes to computers. The netbook will be standalone and be used on mostly on his home internet setup, occasionally at club meetings as meeting place has wifi.

I have been asked to set this up for him but also set restrictions on access to vulnerable parts of the computer, registry etc.

I know there are some IT guys on this forum who do things like this for a living, what advice would you give on keeping him or his clever little kids out of vital areas of the computer. I don't mind getting my fingers mucky in the registry :)
 
Yup. Set the account up as a standard user and don't tell them the admin password.
 
You can do allsorts of cool & powerful stuff to Windows such as blocking registry access etc by amending a few settings in Local Group Policy.

Depends how mucky you want to get.....
 
Last edited:
ayjay80 said:
You can do allsorts of cool & powerful stuff to Windows such as blocking registry access etc by amending a few settings in Local Group Policy.

Depends how mucky you want to get.....
Click to expand...
Only on Pro and above for Win 7 I'm pretty sure 8 is the same.
 
GPO is a bit sledgehammerish anyway, might as well just block all admin tasks and have done with it.

which is exactly what i'll be doing to the OH laptop when i rebuild it tomorrow :|
 
And deffo only available on the Pro versions (I've checked ;))
 
arad85 said:
Only on Pro and above for Win 7 I'm pretty sure 8 is the same.
Click to expand...

Doh !!

Engage brain before speaking next time !! :thinking:

It is very Sledgehammerish and to the point, but if you want to prevent Windows behaving in a certain way, its very good....
 
Last edited:
So standard user gets denied to registry and other vulnerable area?

Sounds simple enough to implement.

cheers
 
The only issue with giving someone only standard user access (something I agree with I should add), is that some program's and utilities require the admin password for updates (poor design if you ask me), which makes the PC vulnerable to nasties until an admin can run the updates.
 
MarcM said:
The only issue with giving someone only standard user access (something I agree with I should add), is that some program's and utilities require the admin password for updates (poor design if you ask me), which makes the PC vulnerable to nasties until an admin can run the updates.
Click to expand...

But an "update" could be malicious in itself, so you don't want an user installing it. Especially if they got it from a link in an email telling them they needed to download it urgently because CNN had confirmed it was needed to combat a virus (do those emails still do the rounds?)

You really don't want a mechanism whereby software installed in a protected location can be overwritten without root permissions.
 
onomatopoeia said:
But an "update" could be malicious in itself, so you don't want an user installing it. Especially if they got it from a link in an email telling them they needed to download it urgently because CNN had confirmed it was needed to combat a virus (do those emails still do the rounds?)

You really don't want a mechanism whereby software installed in a protected location can be overwritten without root permissions.
Click to expand...

You are right, you do not want a user to HAVE to install any updates, but I want updates which as an administrator, I have as specified to update whilst the machine is being used by a USER.

The issue is that some updates ask for elevated privileges (Java for example), therefore do not update unless you enter admin credentials.
 
Last edited:
onomatopoeia said:
But an "update" could be malicious in itself, so you don't want an user installing it.
Click to expand...
I'd like to be able to pre-authorise. Malwarebytes for example is one that won't update without an admin password.
 
frank,

Google "Faronics Deep Freeze"

They do a standalone version that doesn't have to be deployed from a server via network etc.
 
You must log in or register to reply here.
Back
Top