how to create limited windows account?

Discussion in 'Computer Security' started by aiwex, Nov 22, 2007.

  1. aiwex

    aiwex Guest

    I need a windows 2003 account, which could only run Notepad, nothin
    more. Account should be able to read and save files only from/to onl
    one certaint directory. It would be perfect that an account would se
    nothing else at all, e.g. clock, start menu and so on, but this is no
    necessary. Important thing is, that the user could not run any othe
    program, except Notepad.

    Thank you for your ideas

    --
    aiwe
    -----------------------------------------------------------------------
    aiwex's Profile: http://forums.techarena.in/member.php?userid=3565
    View this thread: http://forums.techarena.in/showthread.php?t=85756

    http://forums.techarena.i
    aiwex, Nov 22, 2007
    #1
    1. Advertising

  2. aiwex

    Sebastian G. Guest

    aiwex wrote:

    > I need a windows 2003 account, which could only run Notepad, nothing
    > more.



    keyword: Software Restriction Policies

    > Account should be able to read and save files only from/to only


    > one certaint directory.



    keyword: Access Control Lists

    > It would be perfect that an account would see


    > nothing else at all, e.g. clock, start menu and so on, but this is not
    > necessary.



    This is rather impossible. You want this account at least to be able to run
    the explorer shell environment, and this already allows full read access to
    every location where the user has read access, as well as all relevant
    system information.
    Sebastian G., Nov 22, 2007
    #2
    1. Advertising

  3. aiwex

    aiwex Guest

    aiwex, Nov 22, 2007
    #3
  4. aiwex

    Sebastian G. Guest

    aiwex wrote:

    > damn :) i hoped to find some tweak sowtware where i could tick programs,
    > that certain user can run :)



    You don't need any tweak software, the configuration of SRP is exposed via
    the local security policy MMC applet.

    > now i see i'll have to study a lot,



    A lot? I think the concept is quite simple: SRP is whitelist mode only
    allows the programs in the whitelist plus the ones in the default list to
    run. This is enforced by the kernel (specifically the function
    NtLoadImage()) as well as by the user shell (specifically CreateProcess(),
    CreateRemoteThread() and LoadLibraryEx()). You can enforce this to only
    non-admin users. Your only worries should be vulnerable trusted programs
    (because then one could possibly inject arbitrary code into the process
    memory, so better keep them up-to-date) and script interpreters (because
    they load and run their kind of code in their very own fashion).

    As for Windows 2000, there are various third-party programs which implement
    something like SRP, as for example PolicyMaker Application Security (free
    for private use) and Winternals System Manager.
    Sebastian G., Nov 23, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?aG9yc2VmbHk=?=

    limited connectivity for limited users

    =?Utf-8?B?aG9yc2VmbHk=?=, Mar 24, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    787
  2. jeg

    Windows XP - Limited Account User

    jeg, Jun 29, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    790
    Toolman Tim
    Jun 30, 2004
  3. Goonerak

    iPod Shuffle + Windows XP Limited User Account

    Goonerak, Jun 12, 2005, in forum: Computer Support
    Replies:
    0
    Views:
    559
    Goonerak
    Jun 12, 2005
  4. Jim

    Windows xp limited user account query

    Jim, Sep 6, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    3,705
    Walter Mautner
    Sep 6, 2005
  5. Jennifer

    HELP Windows XP user account limited.

    Jennifer, Jul 27, 2006, in forum: Software
    Replies:
    3
    Views:
    766
    alpha1
    Jul 28, 2006
Loading...

Share This Page