• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

I'm gonna help my neighbor with her network

F

fuentefan

Senior member
My neighbor owns an online coffee shop here in the seattle area, www.hotwirecoffee.com, and she has requested my assistance with her network. She basically wants me to re-install windows on all the Gateway computers (4) with the restore discs and start from scratch. There will be an administrator and a guest accout.

My question to all you experts is how to "lock down" the guest account so nobody can do anything too malicious. I'm pretty familiar with Windows but have never set up such a limited account. Is there an easy way to do this?

In addition to installing AVG free antivirus and Mozilla Firefox, is there anything else I should do to secure the network?

Thanks for any help!!

Jason
 
Create a master image using ghost and acronis, so if something does go wrong all you have to do is image right back in 10 mins.

I would limit the items on the start menu, apply really strict security polices that disable regedit and cmd prompt.
 
There's no need for any imaging etc, if the "guest" account has guest privilages (i.e. the default local account named "guest"). It uses a temporary profile, just log it off and log it back on again and any changes it made are gone...
is there anything else I should do to secure the network?
Click to expand...
"Upgrade" Windows Update to Microsoft Update and than enable automatic downloads and installs of updates.

Oh yeah, and make sure you get a lot of free coffee out of the deal 😉
 
Change boot order so that hard drive boots first (in front of floppy drive, optical drive(s), and USB). Put a BIOS password on all systems, common to each, but difficult for users to guess. This will prevent people from booting from various devices or media they bring in.

I've never used the Guest account, but it is my understanding that it is severely restricted already, moreso than a limited user account. I could be wrong though.

Make the Administrator account's password 15 characters or more, and difficult to guess.

I assume for the network you are using wireless as well for laptop users, so the coffee shop is a "hotspot?" A lot of places like that leave the network wide open for sake of ease, but I suggest using WEP 128-bit (for compatibility). Then just have like a placard with instructions and the WEP key on each table or something.

Edit: Microsoft's description of the Guest account
 
Originally posted by: MrChad
How limited to you want them to be? If they just need web access, you can set up IE to run in Kiosk mode.
Click to expand...
Kiosk mode is not a security feature and is annoying for most "normal" web access because it doesnt show the address bar or browser buttons; it can be quit easily and dump you back into windows.

It's nice for running a presentation, but I would hate to try and make people browse the web from it.
 
Originally posted by: spyordie007
Originally posted by: MrChad
How limited to you want them to be? If they just need web access, you can set up IE to run in Kiosk mode.
Click to expand...
Kiosk mode is not a security feature and is annoying for most "normal" web access because it doesnt show the address bar or browser buttons; it can be quit easily and dump you back into windows.

It's nice for running a presentation, but I would hate to try and make people browse the web from it.
Click to expand...

Well, I was thinking about having kiosk mode setup in addition to the use of guest accounts. But I see your point about simply annoying most users.
 
this is a little off topic, but if it is just for users accessing the internet, you might want to look into this.

http://kiosk.mozdev.org/

linux is obviously more secure and nearly impossible to infect, but i dont know if you planned other windows uses for the PC
 
linux is obviously more secure and nearly impossible to infect
Click to expand...
Making a blanket statement like that pretty much means you don?t know what you're talking about.

Both the Linux and the Windows platforms can be very secure and stable; if they are setup and administered correctly. Both of them can be insecure and/or unstable if they are setup and/or administered incorrectly.

The point of this thread is that he is looking to properly secure a Windows box, if you don?t have something useful to say to that end than go post in Off Topic (there are plenty of worthless threads you can crap on there).
 
I would say that his post was valid...is that not a valid alternative to locking down windows? The blanket statement is wrong, but that doesn't change the fact that a linux kiosk may be a viable alternative to windows. I would go that route if it was me...but then, I doubt I would post on a forum asking how to secure windows user accounts either....


to the OP, you may also look into getting an SBS server, as it will firewall/proxy/filter stuff, and allows centralize managment, think it even includes patch mangement stuff too.
 
The OP wasnt looking for a kiosk (at least that's not the impression I get when I read it). As I understand it some (or all) of these computers are used by employees, nowhere in the post did they say anything about a machine getting exclusive customer useage.

If they had said "They want kiosks that customers can use to surf the web" than I could see making suggestions for linux kiosk based distros (as they fit the bill nicely). But the question that was asked was how to lock down a single windows account.
 
Pretty much the only thing customers of this coffeeshop do is surf the web and occasionally print things out. She has two stores, one with only 4 computers but the other store has 16. I'm gonna start with the Microsoft download mentioned above. Seems easier than gpedit.msc. We shall see. Any other suggestions? Thanks spyordie007 and all for all your help!!
 
Originally posted by: RMorris78
this is a little off topic, but if it is just for users accessing the internet, you might want to look into this.

http://kiosk.mozdev.org/

linux is obviously more secure and nearly impossible to infect, but i dont know if you planned other windows uses for the PC
Click to expand...

just for s*** and giggles, I was thinking of installing MacOSX 10.4.1 on one of the machines, but probably won't LOL (all machines are Gateway and Dell, with AC97 audio and 845P chipset)
 
http://www.fortresgrand.com/

Check these guys out. Fortres 101 maybe more power than what you need, but in a school environment we had found it to be with out equal. Unfortunatly you do have to shell out some dough, but it makes everthing very easy, customizable and just about anyone can use it.

For ease of use I can really not recommend them enough. No I am not affilated with them in anyway. We just used their products since Win 95 and found them to be invaluable. That being said make sure you run a firewall on all the machines. At the very least windows firewall and stop any services that you do not need. Certainly any of the remote stuff.
At a quick glance this looks like a good site http://www.beemerworld.com/tips/servicesxp.htm
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top