![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Hey all,
I'm totally n00bish when it comes to MMC and setting system policy, so I'm hoping you guys will give me at least a few hints as to wtf I'm doing wrong.
I used MMC, and added (To Console Root) the Group Policy, Security Configuration and Analysis, and Security Templates. Not to mention the Local Users and Groups snap-in, and the Computer Management snap-in. Though the latter two didn't really show anything I needed, other than creating the local user which I go into later.
Here's the deal:
I've been entrusted at work to create a kiosk system for 16 desktops that will entail the following:
- Automatically Logs in under one custom restricted user
- Can only work on the intranet
- Can only run Internet Explorer
- Does not let said user do anything under Ctrl-Alt-Del except cancel out.
- Does not let user log off, shut down, etc.
Essentially, I need to strip down a PC into a 'net Terminal which only allows people to go on the intranet.
Here's what I'm having issues with.
Under the SecPolicy, I've set it to ban all internet zones except the intranet zone. Doesn't have any effect. I can still get to places like google.
I set it to ban all applications with the exception of the apps in the program files\internet explorer directory. THAT doesn't work.
At this point, I'm at a loss. I'm thinking maybe the group policy on the domain is overriding all my changes, even though the user that I created is local to that PC.
ANY help would be appreciated.
I'm totally n00bish when it comes to MMC and setting system policy, so I'm hoping you guys will give me at least a few hints as to wtf I'm doing wrong.
I used MMC, and added (To Console Root) the Group Policy, Security Configuration and Analysis, and Security Templates. Not to mention the Local Users and Groups snap-in, and the Computer Management snap-in. Though the latter two didn't really show anything I needed, other than creating the local user which I go into later.
Here's the deal:
I've been entrusted at work to create a kiosk system for 16 desktops that will entail the following:
- Automatically Logs in under one custom restricted user
- Can only work on the intranet
- Can only run Internet Explorer
- Does not let said user do anything under Ctrl-Alt-Del except cancel out.
- Does not let user log off, shut down, etc.
Essentially, I need to strip down a PC into a 'net Terminal which only allows people to go on the intranet.
Here's what I'm having issues with.
Under the SecPolicy, I've set it to ban all internet zones except the intranet zone. Doesn't have any effect. I can still get to places like google.
I set it to ban all applications with the exception of the apps in the program files\internet explorer directory. THAT doesn't work.
At this point, I'm at a loss. I'm thinking maybe the group policy on the domain is overriding all my changes, even though the user that I created is local to that PC.
ANY help would be appreciated.