Poledit
<font face="arial" ,?helvetica?>System Policies. However, profiles don�t always go far enough. A savvy user who wants to exercise authority or access beyond granted parameters will find ways to view files or programs they don�t have access to. Such users can alter their profiles, so they will have the access they want whenever they log on. To limit these users, and to further restrict your PC, implement system policies.
Create and edit System Policies using a tool called Poledit. The following
instructions may seem a little complex, but take it one step at a time. To
install Poledit, place your Win9x disc in the CD-ROM drive. Navigate to Start,
Settings, and Control Panel. In Control Panel, double-click Add/Remove Software.
Select the Windows Setup tab, click Have Disk, and then use the Down-arrow to
scroll to your CD-ROM drive. In Win95, navigate to Admin, Apptools, Poledit and
click OK. In Win98, navigate to Tools, Reskit, Netadmin, and Poledit. After you
have navigated to the correct folder, click OK, and select Group Policies And
System Policy Editor. Click Install and click OK. The Poledit program will be
installed and can be accessed by going to Start, Programs, Accessories, System
Tools, and System Policy Editor.
Once you log on as the administrator, or with the ID that has administrative
rights, and have launched Poledit, click the File, New Policy. You will see two
icons: a Default Computer and a Default User. Double-click the Default User
icon. As you expand the trees in the window, notice the check box next to each
option is gray by default, indicating that it will not be read when the policy
is being applied. To implement each authority or restriction, click the checkbox
to place a check next to the item. To clear the authority or restriction,
double-click the check box to make it white.
To restrict user access to items in the system, go to the Shell, Restrictions
section and check the first four that begin with Remove. Also select the last
item, Don�t Save Settings At Exit. Then, under the System, Restrictions
section, click Disable Registry Editing Tools. If you are not selecting an item,
it is best to clear it (double-click) instead of leaving it grayed out. Once you
are done, select File, Save As, and type Config.pol.
You can create individual user policies by selecting Add User from the Poledit
toolbar and entering the username of the account you wish to restrict.
Double-click on that user�s policy and edit the appropriate restrictions as
outlined above. As long as you maintain the administrative access to your
system, do not limit your account policies; as the administrator, you should
have permission to everything. Don�t be afraid to experiment with the various
policy settings. As long as you have an ID that can log on and have Poledit and
Registry editing access, you can reset other policy settings.
You should create a policy for each user who accesses your computer so you can
set explicit limits on their authority while they are logged on. Sometimes,
however, this may not be enough. You can bypass Win9x logons by pressing the ESC
key, and new users can access a windows system by typing a new ID into the logon
screen and answering yes to the Do You Wish To Create A Folder prompt. This will
load a specific user profile that may not have restrictions implemented.
To minimize this potential security hole, log on to your computer by pressing
the ESC key at the logon prompt. Launch Poledit again, and click File, then Open
Registry. Set the attributes under Local User and Local Computer to restrict the
things you want to lock down from nonauthorized users. Remember to save the work
you do in Poledit. The Local User policy becomes the default policy for users
logging on after it is created and modified.
|
|
|
|
|
|
|
|