Multiuser PC

[mattsquire]

I have a PC running XP Pro, on this PC there are 5 users. I want to control more precisely the privileges of the different users but the tools to control user accounts are very limited. Is there any additional software that I could install to give me greater control.

Many Thanks

Matt

[tiyogi]

Hi Matt,
What exactly are you trying to prevent the users from doing. If you provided this info maybe an answer can be found.

Quote:

Originally Posted by mattsquire

I have a PC running XP Pro, on this PC there are 5 users. I want to control more precisely the privileges of the different users but the tools to control user accounts are very limited. Is there any additional software that I could install to give me greater control.

Many Thanks

Matt

[mattsquire]

I am trying to prevent some (younger) users from opening some programs/using the internet etc.

Matt

[Cache]

Woo woo! I figured out a way!! Dont mind me, hehe. Thats just the geek in me getting a little over excited. It's just I've seen this request posted all over the place but no-one ever seems to come up with an answer that doesn't involve installing 3rd party software (well maybe they did but I've never noticed lol).

Anyway, let's get to it.

Goto Start-->Run and type "secpol.msc" without the quotes, this will open the Local Security Settings window.

In the left hand pane click on "Software Restiction Policies". If nothing appears in the right hand pane try right-click on "Software Restiction Policies" and look for something like Make New Policy or the like and select it. Once thats done you should now see entries on the right hand pane (Object Type).

In the right-hand pane Double-click on "Enforcement" then under "Apply software restiction policies to the following users:" select "All users exept local administrators"-->Apply-->OK.

Click on "Additional Rules". Right-click an empty space in the right-hand pane and select "New Path Rule". Fom there on it's pretty obvious what you should do.

Say if you want to restict access to Internet Explorer:

Path:
C:\Program Files\Internet Explorer\IEXPLORE.exe

Security Level:
Disallowed

Description:
Deny IE access for Limited accounts (or whatever you think sounds good)

Then click Apply-->OK.

[mattsquire]

Quote:

Originally Posted by Cache

Woo woo! I figured out a way!! Dont mind me, hehe. Thats just the geek in me getting a little over excited. It's just I've seen this request posted all over the place but no-one ever seems to come up with an answer that doesn't involve installing 3rd party software (well maybe they did but I've never noticed lol).

Anyway, let's get to it.

Goto Start-->Run and type "secpol.msc" without the quotes, this will open the Local Security Settings window.

In the left hand pane click on "Software Restiction Policies". If nothing appears in the right hand pane try right-click on "Software Restiction Policies" and look for something like Make New Policy or the like and select it. Once thats done you should now see entries on the right hand pane (Object Type).

In the right-hand pane Double-click on "Enforcement" then under "Apply software restiction policies to the following users:" select "All users exept local administrators"-->Apply-->OK.

Click on "Additional Rules". Right-click an empty space in the right-hand pane and select "New Path Rule". Fom there on it's pretty obvious what you should do.

Say if you want to restict access to Internet Explorer:

Path:
C:\Program Files\Internet Explorer\IEXPLORE.exe

Security Level:
Disallowed

Description:
Deny IE access for Limited accounts (or whatever you think sounds good)

Then click Apply-->OK.

Thanks so much this really helped, and without 3rd party, BRAVO!!!

[Cache]

Your welcome.

One thing to note though: This restriction can be circumvented by running the software from a location other than mentioned in the restriction path. A way to make this more secure would be to restric access to the folders containing the .exe of the restriced software. This can be done by dissabling Simple file sharing then right-click on the sead folder and select "Sharing and Security" then click on the "Security" tab and deny read access to the user.