Software for securing machines
#1
Hi all,
I need to secure some machines that will be running NT4/2K/XP and need to really screw them down tight. Anyone know of any good free? software that will allow me to lock down what the user can do?
Cheers
Stu
I need to secure some machines that will be running NT4/2K/XP and need to really screw them down tight. Anyone know of any good free? software that will allow me to lock down what the user can do?
Cheers
Stu
#3
Scooby Regular
I did a lot of work with the Scottish Police College on securing NT desktops and Thin-Clients. Virtually everything we did was policy or profiles based as Chris has already suggested.
They took things a stage further by setting file permissions on local disk drives (or removing these completely from thin-clients) and fitting diskette locks and padlocks on the PC's themselves.
Policies are effectively making registry changes for either the local machine or to the users profile. If you apply a policy to a user (or group of users) say to remove the Network Neighbourhood and you want to enable it again, you have to apply another policy that enables the registry setting for them. So, if you make a change and simply remove the policy it will still keep the changes - if that makes sense
We used a combination of known registry entries (there's loads on the net) and Novell's Zenworks products to tie down desktops. Zenworks uses the inbuilt NT/XP technology for user, machine and group policies but just allows you to manage them easily from the one admin tool.
If you want the ultimate security (as the Police College did), then stick everyone on Thin-clients, secure their desktops with policies and only allow them access to certain shared folders.
We also used the admin kits for IE to secure access to Internet Explorer too.
Stefan
They took things a stage further by setting file permissions on local disk drives (or removing these completely from thin-clients) and fitting diskette locks and padlocks on the PC's themselves.
Policies are effectively making registry changes for either the local machine or to the users profile. If you apply a policy to a user (or group of users) say to remove the Network Neighbourhood and you want to enable it again, you have to apply another policy that enables the registry setting for them. So, if you make a change and simply remove the policy it will still keep the changes - if that makes sense
We used a combination of known registry entries (there's loads on the net) and Novell's Zenworks products to tie down desktops. Zenworks uses the inbuilt NT/XP technology for user, machine and group policies but just allows you to manage them easily from the one admin tool.
If you want the ultimate security (as the Police College did), then stick everyone on Thin-clients, secure their desktops with policies and only allow them access to certain shared folders.
We also used the admin kits for IE to secure access to Internet Explorer too.
Stefan
#4
Scooby Regular
Join Date: Sep 2001
Location: Kingston ( Surrey, not Jamaica )
Posts: 4,670
Likes: 0
Received 0 Likes
on
0 Posts
Thread
Thread Starter
Forum
Replies
Last Post
hardcoreimpreza
Computer & Technology Related
21
11 October 2015 03:40 PM
Brzoza
Engine Management and ECU Remapping
1
02 October 2015 05:26 PM
The Joshua Tree
Computer & Technology Related
30
28 September 2015 02:43 PM