Lockdown users on Windows Server 2012
Posted
by
el.severo
on Server Fault
See other posts from Server Fault
or by el.severo
Published on 2012-10-20T15:12:18Z
Indexed on
2012/10/20
17:03 UTC
Read the original article
Hit count: 215
I set up a Active Directory
on a server machine with Windows Server 2012
and I'd like to create some users with limitations like Windows Steady State
does in Windows XP
(locally).
Seen already the Windows SteadyState Handbook
(with Windows Server 2008
), but I'd like to know if anyone has tried this before, the limitations are the following:
1. Prevent locked or roaming user profiles that cannot be found on the computer from logging on
2. Do not cache copies of locked or roaming user profiles for users who have previously logged on to this computer
3. Do not allow Windows to compute and store passwords using LAN Manager Hash values
4. Do not store usernames or passwords used to log on to the Windows Live ID or the domain
5. Prevent users from creating folders and files on drive C:\
6. Lock profile to prevent the user from making permanent changes
7. Remove the Control Panel, Printer and Network Settings from the Classic Start menu
8. Remove the Favorites icon
9. Remove the My Network Places icon
10. Remove the Frequently Used Program list
11. Remove the Shared documents folder from My Computer
12. Remove control Panel icon
13. Remove the Set Program Access and Defaults icon
14. Remove the Network Connection(Connect To)icon
15. Remove the Printers and Faxes icon
16. Remove the Run icon
17. Prevent access to Windows Explorer features: Folder Options, Customize Toolbar, and the Notification Area
18. Prevent access to the taskbar
19. Prevent access to the command prompt
20. Prevent access to the registry editor
21. Prevent access to the Task Manager
22. Prevent access to Microsoft Management Console utilities
23. Prevent users from adding or removing printers
24. Prevent users from locking the computer
25. Prevent password changes (also requires the Control Panel icon to be removed)
26. Disable System Tools and other management programs
27. Prevent users from saving files to the desktop
28. Hide A Drive
29. Hide B Drive
30. Hide C Drive
31. Prevent changes to Internet Explorer registry settings
32. Empty the Temporary Internet Files folder when Internet Explorer is closed
33. Remove Internet Options
34. Remove General tab in Internet Options
35. Remove Security tab in Internet Options
36. Remove Privacy tab in Internet Options
37. Remove Content tab in Internet Options
38. Remove Connections tab in Internet Options
39. Remove Programs tab in Internet Options
40. Remove Advanced tab in Internet Options
41. Set a home page (Internet Explorer)
42. Restrict the possibility to change desktop image
43. Restrict the possibility to change wallpaper
44. Restrict usb flash drives
Any suggestions for this?
UPDATE:
As @Dan suggested me I'd like to specify that would be applied to a educational scenario where students can login from a computer and want to add some restrictions to them.
© Server Fault or respective owner