|
|
|
|
|
|||||||
 |
Computer Security - how to create limited windows account? |
|
|
Thread Tools | Search this Thread |
11-22-2007, 09:40 AM
|
#1 |
how to create limited windows account?
I need a windows 2003 account, which could only run Notepad, nothin more. Account should be able to read and save files only from/to onl one certaint directory. It would be perfect that an account would se nothing else at all, e.g. clock, start menu and so on, but this is no necessary. Important thing is, that the user could not run any othe program, except Notepad. Thank you for your ideas -- aiwe ----------------------------------------------------------------------- aiwex's Profile: http://forums.techarena.in/member.php?userid=3565 View this thread: http://forums.techarena.in/showthread.php?t=85756 http://forums.techarena.i aiwex |
|
|
|
11-22-2007, 05:03 PM
|
#2 |
|
Posts: n/a
|
Re: how to create limited windows account?
aiwex wrote:
> I need a windows 2003 account, which could only run Notepad, nothing > more. keyword: Software Restriction Policies > Account should be able to read and save files only from/to only > one certaint directory. keyword: Access Control Lists > It would be perfect that an account would see > nothing else at all, e.g. clock, start menu and so on, but this is not > necessary. This is rather impossible. You want this account at least to be able to run the explorer shell environment, and this already allows full read access to every location where the user has read access, as well as all relevant system information. Sebastian G. |
|
|
|
11-22-2007, 06:13 PM
|
#3 |
|
Posts: n/a
|
Re: how to create limited windows account?
damn  i hoped to find some tweak sowtware where i could tick programsthat certain user can run now i see i'll have to study a lot, but aleast i know it is possible. thank yo -- aiwe ----------------------------------------------------------------------- aiwex's Profile: http://forums.techarena.in/member.php?userid=3565 View this thread: http://forums.techarena.in/showthread.php?t=85756 http://forums.techarena.i aiwex |
|
|
|
11-23-2007, 01:54 AM
|
#4 |
|
Posts: n/a
|
Re: how to create limited windows account?
aiwex wrote:
> damn i hoped to find some tweak sowtware where i could tick programs,> that certain user can run You don't need any tweak software, the configuration of SRP is exposed via the local security policy MMC applet. > now i see i'll have to study a lot, A lot? I think the concept is quite simple: SRP is whitelist mode only allows the programs in the whitelist plus the ones in the default list to run. This is enforced by the kernel (specifically the function NtLoadImage()) as well as by the user shell (specifically CreateProcess(), CreateRemoteThread() and LoadLibraryEx()). You can enforce this to only non-admin users. Your only worries should be vulnerable trusted programs (because then one could possibly inject arbitrary code into the process memory, so better keep them up-to-date) and script interpreters (because they load and run their kind of code in their very own fashion). As for Windows 2000, there are various third-party programs which implement something like SRP, as for example PolicyMaker Application Security (free for private use) and Winternals System Manager. Sebastian G. |
|
|
|
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| How to Reset / Recover Forgotten Windows NT / 2000 / XP / 2003 Administrator Password | wskaihd | Software | 2 | 11-17-2009 02:01 AM |
| How to activate Remote Assistance with XP using Windows Live Messenger | Oziisr | General Help Related Topics | 0 | 02-01-2008 04:45 PM |
| Computer Security | aldrich.chappel.com.use@gmail.com | A+ Certification | 0 | 11-27-2007 02:11 AM |
| MCITP: Enterprise Support Technician | MileHighWelch | MCITP | 1 | 06-19-2007 10:25 PM |
| HELP Windows XP user account limited. | Jennifer | Software | 3 | 07-28-2006 09:08 PM |
