| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 95255 | 2008-11-29 22:54:00 | Restricting the processes that can be launched / run on an XP machine | Chilling_Silence (9) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 724321 | 2008-11-29 22:54:00 | I have an XP machine that we use to control the Projector at church - We run powerpoints through it, and the occasional video. I'd like to be able to restrict the processes that run on it to a small white-list as such, so that I can have anybody sit down on it, and know that if they are running it that they cant just fire up Hearts or something. I *could* just say to the operators "please pay attention and dont go playing games", but sometimes there's the little extra 'encouragement' if you will thats needed. Its just not fair on the people in the congregation if the operator isnt "with it"... So yeah, something where I can whitelist application 1, 2, 3 & 4, and nothing else new is allowed to be run. If there was the ability to have timed lock-downs, that would be super-cool! So say from time X to Y every week the restrictions were imposed, but not outside of that time :) Anybody know of such an application? Cheers Chill. |
Chilling_Silence (9) | ||
| 724322 | 2008-11-29 22:57:00 | Is it Pro or Home? | Speedy Gonzales (78) | ||
| 724323 | 2008-11-29 23:13:00 | Pro :) | Chilling_Silence (9) | ||
| 724324 | 2008-11-29 23:37:00 | Group/Local Policy can do that I think. Or something like FreshUI (www.freshdevices.com) - this also allows you to lock down the system as much as you want :p It needs to be an Admin account (at least while FreshUI is being configured) though as it needs to write to the registry Access the whitelist in FreshUI by going to Windows System > Security > Allow Specified Applications. Make sure you put the .exe extension in, or you won't be able to open anything. Also add freshui.exe so it can be reconfigured in the future if necessary. |
jwil1 (65) | ||
| 724325 | 2008-11-29 23:38:00 | Pro :) Sweet - pretty sure you should be to do it with group policy |
nofam (9009) | ||
| 724326 | 2008-11-30 19:56:00 | Make sure you allow critical system apps to run - otherwise it WILL break. :eek: IMO it would be better to blacklist games etc, rather than whitelist some - you could miss a system file. |
pcuser42 (130) | ||
| 724327 | 2008-11-30 20:12:00 | You could try Microsofts Steady State (www.microsoft.com) - you would have two accounts - yours with full admin rights and password protected, steady state is loaded via the admin account then the restrictions applied to the "users" account, in the users account - you can disable / lock down almost every thing, either permanently while logged in or on a time basis and only allow what you want the operator to do.-password required to make any alterations.Some of the restrictions (www.microsoft.com) | wainuitech (129) | ||
| 724328 | 2008-12-06 20:48:00 | Steadystate looks like just the ticket!! I was just remembering this morning I had to look into it, and my problem was I not only wanted to be able to easily enforce / lift the restrictions, but to be able to prevent the "user" from shutting down the machine (Causes nightmares at times). Will give it a whirl shortly and post back with the results Thanks to all Chill. |
Chilling_Silence (9) | ||
| 724329 | 2008-12-06 22:12:00 | +1 for steady state, should do exactly what you want plus more | Blam (54) | ||
| 724330 | 2008-12-07 08:23:00 | Sounds like you don't need most of them so why not just delete them. | mikebartnz (21) | ||
| 1 2 | |||||