• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Best method to locking down WinXP PC's?

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

Mr. Chambers

Member
Joined
Feb 25, 2001
Location
Iowa
I'm sure there are multiple solutions to this fairly broad question, so I'll just post my current situation and we'll see if anyone has any suggestions:

Currently we're in need of 4-6 "Guest PC's". We've purchased a 5-license pack of a product similar to Deep Freeze, called Centurion Guard, which seems to work well - it essentially instantly reimages the PC's upon rebooting.

My problem is how to get a unified image in the first place, and one that is sufficiently locked-down. Currently I have played around with Local Policies, however after applying ones such as removal of the command prompt, do I completely lose access to it, even from an admin account? That's what it looks like so far in testing, unless I'm not doing something right.

My other need is that users are unable to logout or lock the PC, however if I should ever need to perform maintenance on the PC's, I would most likely need to be able to logout of the "guestPC" accounts and login to an admin one.

Sorry for the long post, but I wasn't sure how else to phrase it. Thanks for any replies!
 
In your local policies just restrict the Guest account leave an admin with access.
A program I use @ my work is called Net Support . It lets me take over and control the PC's on my network .

Maybe runing a domain might be easest for you . That way you can set the policlies that you want to be running but also have the option to log into the local PC ( vs the domain) to do your Admin work .
 
I guess I should have supplied more info! These machines must not connect to the domain for security reasons. The domain consists of over 3,000 PC's & Servers - and these PC's are strictly to be used for Internet access for patients.

Currently I have all communication disabled except TCP/IP of course, so they cannot browse/access the network.

As for using Local Policies to disable a single account, I'll have to read up more on that, I didn't see that option, albeit I'm new to configuring local policies.
 
Another vote for local security policies, they'll pretty much allow you to do anything you want on there.. you could even allow admin to have automatic remote login i beleive.

If you wanna have a look with security policies just type secpol.msc into the run box :D
 
Back