Internet Explorer content advisor

[Beev]

I work at a hotel. We recently put a pc out in the lobby for use as a "business center." The manager basically just moved it out into the lobby and hooked up a printer to it. It works for all of the business people we get that need to print a report or a boarding pass. Well, some little bastard decided to turn the content advisor on in internet explorer and now every site, no matter how simple (even google) asks for a password, which we don't know. We don't have an IT guy at all, I'm just a desk guy and I probably know the most of anyone here.

How do I disable the advisor? How do I prevent that from happening in the future?

 

[NodeZero]

To reset the password on the content advisor;
open up registry and go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
and delete the entry called KEY


But to prevent this from happening in the future;
In IE click On 'tools' then 'internet options' click on the 'content' tab
In the content area, click on Enable then click on Settings (not sure about the order here)
In the new window for the content advisor settings you want to move all the sliders to the right (there will be one for language.sex,nudity and violence) this will make the filter very relaxed
Still focusing on the new content advisor settings window click on the general tab, and make sure that 'users can view sites that have no ratings' is checked off
lastly set a password, this way no one can access the content advisor and change the settings

http://www.microsoft.com/technet/prodte.../reskit/6/part2/c05ie6rk.mspx?mfr=true

I will edit this post when I get some info on the CA password reset.

 

[Beev]

Thanks a ton. Got it taken care of and set a new password.

 

[NodeZero]

Glad to help, lucky you I called in sick to work.
By the way, this information was very easily found using google, so anyone with half a brain can just reset the password again.
So.. I'll be just sending my invoice now

 

[mechBgon]

Furthermore, if this is Windows XP Professional, you can do quite a lot of tamperproofing using Group Policy Editor.

First make sure that the account the guests are using is a Limited account, not a Computer Administrator account (info on Limited accounts), and that ALL of the Administrator-class accounts are password-protected so the guests cannot use them. If you need help with that, just say. There is a hidden Admin account, which you can get at by booting in Safe Mode... make sure to set its password too.

Next, click Start > Run > gpedit.msc and click the OK button. Group Policy Editor opens.

In the Group Policy Editor window, go down to Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel and disable the pages you don't want them messing with. Also, I'd recommend that in the Internet Explorer folder there, hit the three Security Zones items and lock them where you want them.

For a hotel scenario, I'd also set up a Software Restriction Policy as an additional safeguard. Go to Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies.

1) Right-click in the blank panel and choose to Create New Policies. It'll create some, and then tweak them as follows:

2) click on Designated File Types and remove the .LNK filetype, or desktop shortcuts won't work

3) in Enforcement, apply the policy to all software files, and to all users except local admins.

4) now go into Security Levels and switch it to Disallowed. This forbids any of the Designated File Types from being executed from anywhere except in the places allowed in the Additional Rules, a huge additional safeguard against the Limited account's users running Trojans or other malware.


In addition to that, if it were me, I'd install Kaspersky Antivirus Personal 6 on there, max out every detection option, schedule daily scans, and enable the Windows Firewall with no exceptions permitted. Also, FULLY enable Data Execution Prevention, and make sure the Automatic Updates is enabled in Control Panel. That ought to be pretty tight. An ounce of prevention...

 

[Beev]

Ooo, thanks, mech. That helped a ton!