Locking down users abilities and rights on the local machine - TechRepublic
General discussion
May 26, 2010 at 11:28 PM
david.allott

Locking down users abilities and rights on the local machine

by david.allott . Updated 16 years, 1 month ago

Hello,

I have a new manager who loves buzz phrases like ?best practice? though is not forth coming with what defines ?best practice? ? I often think it is ?industry standard? though this doesn?t quite fit the situation. We are a firm of 100 people.

I currently lock the users? access to features of windows and their rights to perform certain tasks using policies attached to their OU; this has been in place for 7 years, vastly reducing the support calls due to machines failing because user tinkering.

The lock down in plain English is:
Users
? Prevent changing Microsoft Firewall policy rules,
? Restrict users from access all components of the control panel except for display
? Restrict users ability to modify the general environment of the Windows Desktop
o Background
o Screensaver
o Mouse pointers
? Restrict users from installing applications
? Restricting users mapping additional network drives.
? 10 Minute lock ? applied to users outside of Sales and Trading
? Ability to change Explorer settings (file listing default ? currently not available in locked mode
? Right mouse button ? currently not available in locked mode
? Tabs available in Internet explorer
? Web browsing directed to Message labs control

Desktop
? Windows updates by central resource – allowed
? Antivirus definitions update by central resource – allowed
? Application installation by central resource – allowed
? Do not show user credentials in the login box from previous sessions
? Local firewall disabled

Laptop
? Local Microsoft Firewall enabled
? Windows updates via the internet – enabled
? Antivirus definitions updates via the internet ? enabled
? Application installation by central resource – allowed
? Do not show user credentials in the login box from previous sessions

Does anybody have a document and/or policy that is used in their environment showing another firms lock down policy? This would help me demonstrate what ?best practice? is and if we are in line with it?

Thanks

David

This discussion is locked

All Comments