General discussion

Locked

Locking down users abilities and rights on the local machine

By david.allott ·
Hello,

I have a new manager who loves buzz phrases like ?best practice? though is not forth coming with what defines ?best practice? ? I often think it is ?industry standard? though this doesn?t quite fit the situation. We are a firm of 100 people.

I currently lock the users? access to features of windows and their rights to perform certain tasks using policies attached to their OU; this has been in place for 7 years, vastly reducing the support calls due to machines failing because user tinkering.

The lock down in plain English is:
Users
? Prevent changing Microsoft Firewall policy rules,
? Restrict users from access all components of the control panel except for display
? Restrict users ability to modify the general environment of the Windows Desktop
o Background
o Screensaver
o Mouse pointers
? Restrict users from installing applications
? Restricting users mapping additional network drives.
? 10 Minute lock ? applied to users outside of Sales and Trading
? Ability to change Explorer settings (file listing default ? currently not available in locked mode
? Right mouse button ? currently not available in locked mode
? Tabs available in Internet explorer
? Web browsing directed to Message labs control


Desktop
? Windows updates by central resource - allowed
? Antivirus definitions update by central resource - allowed
? Application installation by central resource - allowed
? Do not show user credentials in the login box from previous sessions
? Local firewall disabled


Laptop
? Local Microsoft Firewall enabled
? Windows updates via the internet - enabled
? Antivirus definitions updates via the internet ? enabled
? Application installation by central resource - allowed
? Do not show user credentials in the login box from previous sessions


Does anybody have a document and/or policy that is used in their environment showing another firms lock down policy? This would help me demonstrate what ?best practice? is and if we are in line with it?

Thanks

David

This conversation is currently closed to new comments.

0 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Back to Networks Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums