Discussion:
Secure Tools
(too old to reply)
old volunteer
2008-07-11 01:06:01 UTC
Permalink
I support several PC's for a volunteer library. The PC's are open for the
public to use. The PC's are networked and use WN2000 and IE6. I have
"admin" security and they log on as "guest" so they can't add or delete
programs. The problem is they are constantly getting into Tools, Internet
Options in IE6 and changing settings. Is there any way for me to secure the
Tools area as Administrator so they can't make changes?
Robert Aldwinckle
2008-07-11 21:58:11 UTC
Permalink
Post by old volunteer
I support several PC's for a volunteer library. The PC's are open for the
public to use. The PC's are networked and use WN2000 and IE6. I have
"admin" security and they log on as "guest" so they can't add or delete
programs. The problem is they are constantly getting into Tools, Internet
Options in IE6 and changing settings. Is there any way for me to secure the
Tools area as Administrator so they can't make changes?
Take a look at the gpedit.msc

<excerpt date="November 30, 2007">
Ref: "Using Group Policy to Manage Internet Explorer"

http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx#EBCAC

Hint: the article will help you drill down through the Group Policy tree
to find settings which apply to Internet Explorer.

</excerpt>

I haven't revisited that article to see if it is still there.

For other tips about Group Policy use I suggest you try a different newsgroup.
This one is almost totally focused on the end user.


HTH

Robert Aldwinckle
---

(Last posted:
Friday, March 28, 2008 23:57)
old volunteer
2008-07-13 15:56:02 UTC
Permalink
The reply I received from Mr. Aldwinckle indicates I didn't explain myself
clearly enough. The 7 PC's I support in the library do NOT go through a
central server - each one is configured separately. The only thing they have
in common is that they go through a common router to the Internet. I cleanup
each PC separately and am fustrated when users change tool settings in IE6.
Having Admin access to each PC is there any way I can secure the settings
from users logging in as "guest?"
Post by Robert Aldwinckle
Post by old volunteer
I support several PC's for a volunteer library. The PC's are open for the
public to use. The PC's are networked and use WN2000 and IE6. I have
"admin" security and they log on as "guest" so they can't add or delete
programs. The problem is they are constantly getting into Tools, Internet
Options in IE6 and changing settings. Is there any way for me to secure the
Tools area as Administrator so they can't make changes?
Take a look at the gpedit.msc
<excerpt date="November 30, 2007">
Ref: "Using Group Policy to Manage Internet Explorer"
http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx#EBCAC
Hint: the article will help you drill down through the Group Policy tree
to find settings which apply to Internet Explorer.
</excerpt>
I haven't revisited that article to see if it is still there.
For other tips about Group Policy use I suggest you try a different newsgroup.
This one is almost totally focused on the end user.
HTH
Robert Aldwinckle
---
Friday, March 28, 2008 23:57)
PA Bear [MS MVP]
2008-07-14 07:51:23 UTC
Permalink
Windows SteadyState would be ideal for your situation! See this discussion:
http://aumha.net/viewtopic.php?t=27570
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Post by old volunteer
The reply I received from Mr. Aldwinckle indicates I didn't explain myself
clearly enough. The 7 PC's I support in the library do NOT go through a
central server - each one is configured separately. The only thing they
have in common is that they go through a common router to the Internet. I
cleanup each PC separately and am fustrated when users change tool
settings
in IE6. Having Admin access to each PC is there any way I can secure the
settings from users logging in as "guest?"
Post by Robert Aldwinckle
Post by old volunteer
I support several PC's for a volunteer library. The PC's are open for the
public to use. The PC's are networked and use WN2000 and IE6. I have
"admin" security and they log on as "guest" so they can't add or delete
programs. The problem is they are constantly getting into Tools, Internet
Options in IE6 and changing settings. Is there any way for me to secure
the Tools area as Administrator so they can't make changes?
Take a look at the gpedit.msc
<excerpt date="November 30, 2007">
Ref: "Using Group Policy to Manage Internet Explorer"
http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx#EBCAC
Hint: the article will help you drill down through the Group Policy tree
to find settings which apply to Internet Explorer.
</excerpt>
I haven't revisited that article to see if it is still there.
For other tips about Group Policy use I suggest you try a different
newsgroup. This one is almost totally focused on the end user.
HTH
Robert Aldwinckle
---
Friday, March 28, 2008 23:57)
old volunteer
2008-07-14 15:53:01 UTC
Permalink
It looks interesting, but our library PC's are configured with Win2000 not
XP. The site indicates the product is only good for XP or Vista?
Post by PA Bear [MS MVP]
http://aumha.net/viewtopic.php?t=27570
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Post by old volunteer
The reply I received from Mr. Aldwinckle indicates I didn't explain myself
clearly enough. The 7 PC's I support in the library do NOT go through a
central server - each one is configured separately. The only thing they
have in common is that they go through a common router to the Internet. I
cleanup each PC separately and am fustrated when users change tool
settings
in IE6. Having Admin access to each PC is there any way I can secure the
settings from users logging in as "guest?"
Post by Robert Aldwinckle
Post by old volunteer
I support several PC's for a volunteer library. The PC's are open for the
public to use. The PC's are networked and use WN2000 and IE6. I have
"admin" security and they log on as "guest" so they can't add or delete
programs. The problem is they are constantly getting into Tools, Internet
Options in IE6 and changing settings. Is there any way for me to secure
the Tools area as Administrator so they can't make changes?
Take a look at the gpedit.msc
<excerpt date="November 30, 2007">
Ref: "Using Group Policy to Manage Internet Explorer"
http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx#EBCAC
Hint: the article will help you drill down through the Group Policy tree
to find settings which apply to Internet Explorer.
</excerpt>
I haven't revisited that article to see if it is still there.
For other tips about Group Policy use I suggest you try a different
newsgroup. This one is almost totally focused on the end user.
HTH
Robert Aldwinckle
---
Friday, March 28, 2008 23:57)
Robert Aldwinckle
2008-07-14 16:58:15 UTC
Permalink
Post by old volunteer
The reply I received from Mr. Aldwinckle indicates I didn't explain myself
clearly enough.
Or that you didn't read the page I pointed you to with sufficient objectivity
or understanding? Did you try any of the things the article mentions?

Oh. Apparently the anchor link I provided has changed?
So, perhaps you didn't even bother to try to find the new one? ; }

Using Group Policy to Manage Internet Explorer
http://technet2.microsoft.com/windowsserver/en/technologies/featured/gp/faq.mspx#ESCAC

<quote>
You can use Administrative Template policy settings located in
Administrative Templates\Windows Components\Internet Explorer.
For example, you can use policy settings to manage Internet Explorer security options.
These are the same options that you see in the Internet Explorer UI when you click Tools,
point to Internet Options, and then click Security. There are more than 500 policy settings
delivered by the Inetres.adm file, which is included by default in the operating system.
For more information about managing Internet Explorer with registry-based policy,
see Managing Windows XP Service Pack 2 Features Using Group Policy.

</quote>


So I think gpedit.msc *can* be used on a standalone machine to set group policy on it
by an administrator. I agree that some of the wording of articles linked imply
that *deployment* of it requires a domain server but there is this at least
which may provide an incentive to at least experiment with the idea:

http://technet2.microsoft.com/windowsserver/en/library/2904be16-6bc3-4dfa-b884-dd4b6c6b99941033.mspx?mfr=true

<quotes>
Internet Explorer Maintenance Extension Logical Architecture Components

Local GPO

Contains Group Policy settings for the local computer,
including potential Internet Explorer Maintenance policies.
</quotes>


I don't particularly want to experiment with my machine to prove this though. ; )
However, if I were to try it I would use ProcMon to check that gpedit.msc
would apply the registry changes as expected and that when IE was subsequently
used by a target user that those settings were queried and respected by IE
as intended.


BTW this is not the best newsgroup for getting help with admin practices
or help with understanding how to use group policy to restrict what features
you want users to have.


Good luck

Robert
---

Loading...