General discussion

  • Creator
    Topic
  • #2129380

    lockdown a workstation

    Locked

    by chipw ·

    I would like to lock down my workstation so nobody can access it at all. On the network, anyone with a network login can log onto any workstation. I want mine locked down so nobody, even the other sys-admin, cannot access my pc. Is this possible? Needs to work when they try the network login or the local login. Just changing my password isn’t good enough, no one else knows it anyway. IOW, I want to disable all login attempts from everyone except myself. Is this possible in NT4sp6a?

All Comments

  • Author
    Replies
    • #3422674

      lockdown a workstation

      by ann777 ·

      In reply to lockdown a workstation

      Try some of these regestry edits. The links at the bottom of this first page, takes you to other tips for secureing your workstation:

      http://www.jsiinc.com/SUBA/tip0000/rh0050.htm

    • #3439051

      lockdown a workstation

      by timwalsh ·

      In reply to lockdown a workstation

      Okay, my initial question would be what are you trying to hide?
      Second, there is a difference between logging onto a computer and connecting to shared resources over a network. Do you have file and print sharing turned on? If so, are any of your drives/folders shared? You can always turn of file and print sharing! While NT does automatically create hidden, administrative shares at bootup, there are registry hacks that can prevent this.
      Third, if your hard drive(s) is/are formatted NTFS, you can setup permissions on a by file or folder basis.
      Lastly, if you’re that paranoid, physically disconnect from the network!

    • #3447582

      lockdown a workstation

      by chipw ·

      In reply to lockdown a workstation

      Over the network isn’t a problem, there is nothing shared or accessible. I just would like to have a screen pop up that says something like ‘you’re not authorized to log onto this workstation’. I’ve looked at quite a number of 3rd party apps that supposedly do this, but they all allow authenticated network logins. Why is it so difficult to just have an app that allows one user – myself – to log in? No network authenticated, no local, no anybody, just my own account. It doesn’t seem like such a big deal, but apparently it is?

    • #3448537

      lockdown a workstation

      by rdunn ·

      In reply to lockdown a workstation

      If you have admin rights on the NT box, you can set it up so that your id only has the ability to log into the box. You must use usrmgr.exe to do this.

      1. Open up your user manager, click on policies> user rights. When the user rights policy box shows up, find “Log on locally” and remove everyone’s name but yours.

      2. Next, in that same dialog, find “Access this computer from the network” and do the same thing as step 1.

      That should lock it down quite a bit without having to resort to registry hacks…

      You may be throwing up a flag to the admins, tho’ especially if you run SMS in your environment. Just be aware of this as you make these changes!

      Good luck! disclaimer: I don’t claim any responsibility if you produce undesirable results! 🙂

      • #3448534

        lockdown a workstation

        by rdunn ·

        In reply to lockdown a workstation

        Hmm… I just re-read what you had posted, and you could try this…

        From user manager again, go to the ‘users’ group, and remove “Domain Users/Authenticated Users” etc. from the group…

        This may help.

      • #3448466

        lockdown a workstation

        by chipw ·

        In reply to lockdown a workstation

        That worked, thanks. Now if I could just replace the alert box ‘Logon Message’ with a cool graphic, that would be the frosting on the cake.
        I searched the registry for anything that pointed to it but came up with nothing.
        If you have any furthor suggestions please feel free to email me directly (since rating this acceptable also closes it).
        I think we’ve all seen, in the movies, the person trying to access a computer, they log in and get some skull-and-crossbones graphic, or a devil head, or some such thing.
        This whole thing started out of curiosity to see if that is possible on NT.
        (I tried to send this message once already but don’t see it on the list, seems that if I don’t choose one of the ratings from the box above it will notbe posted.)

    • #3448463

      lockdown a workstation

      by chipw ·

      In reply to lockdown a workstation

      This question was closed by the author

Viewing 4 reply threads