Configuring Windows XP Pro for public computer

OCNewbie

Diamond Member
Jul 18, 2000
7,596
25
81
I'm trying to configure a Windows XP Pro install for use in a clubhouse at an Apartment complex which will be usable by the residents (or anybody that has access to the clubhouse).

I'd like to have at least 2 accounts on the install. One Admin account with complete/total access (requiring a password to login) and another for the residents with very limited access that doesn't require a password.

I don't want any program installations allowed from the residents account nor really any executables allowed, other than web browsers, maybe some windows games and basic accessories (calculator, etc.). Perhaps make it so they only have access to the shortcuts on the desktop?

I basically want to allow very limited access so the computers aren't likely to get spyware, trojans, virii, etc. I just had to re-install Windows on 2 computers, due to viruses, spyware, overabundance of unnecessary apps installed, etc., and would like to not have to do that again for a while.

Just looking for a good guide on how to set this up, or just which program within windows to check out if it's not all too complicated.

Thanks!
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Here's mine: http://www.mechbgon.com/build/security2.html

Use the non-Admin account (step 1) and Software Restriction Policy (currently step 14) as well as disabling Autoplay for good measure (step 8). That's a great start. If you set that up, none of your residents will be able to execute any file unless the Admin put it on the system.

Another option to look into is Windows SteadyState, which I keep meaning to try out myself. It's a free download from Microsoft.com, designed especially for shared/public WinXP computers.

After getting the system set up, I'd also yank the optical drive out of it (no booting from a bootable CD) and lock the case shut if it's out in the open where people could mess with it.
 

OCNewbie

Diamond Member
Jul 18, 2000
7,596
25
81
I put a password in the BIOS so you can't boot or enter the BIOS without the password. That should solve the problem with booting from an optical drive right?

I doubt anybody will try to open the case. The management offices are about 10 feet around the corner, in the same building, from where the computer room is. The computer room is only open during the hours that the office personnel are there.
 

OCNewbie

Diamond Member
Jul 18, 2000
7,596
25
81
Just installed it on my computer and toyed around with it a bit. Seems really cool, probably exactly what I need.

Tons of options, I'll have to decide on what I really need to be strict with without compromising the computing experience too much.