• Content Count

  • Joined

  • Last visited

Posts posted by djserrant

  1. Hi,

    I'm a newbie to the forum. I'm a freshman in college studying Computer Science. I'm currently employed in a work study position in the Computer Science department under the management of the department systems administrator. I work on development projects that will be used by the department and possibly the entire university. I've been working on several projects this semester, most of which were tricky and required me to do a lot of research on Google to figure out solutions, but for the most part, I was able to figure them out.

    This one on the other hand, is one I've been trying to figure out for quite a long time. The project involves downloading and installing a free scanning software onto a standalone machine outside the university network. The machine then needs to be locked down, preventing users from accessing any other application or utilities except for the scanning application, which will execute upon logging onto the machine.

    From the research I've done, there's essentially two ways this can work. One way is to use regedit.exe and invoke the necessary restrictions. The other way is to use gpedit.msc, which is basically a much simpler way of invoking these restrictions. At work, using gpedit.msc, I was able to get the scanning software to execute when a user logs onto the machine. The problem is of course is that this applies to all users, including the administrator, which is what I don't want. I understand that if not careful, gpedit can lock the administrator from all applications, including the registry and gpedit. In essence, what I'm trying to accomplish is to invoke restrictions on all users EXCEPT the administrator. I haven't been getting much help from the articles I've read on the internet on how to do this. During winter break, I'm toying around with my old windows xp home machine trying to find a solution to the project before heading back to school. Since home edition does not come with gpedit, I'm using regedit.exe to apply these restrictions. I configured it so that notepad will execute upon logon and that the user is restricted from using word pad. However, instead of applying to all users, the settings apply to only the Administrator.

    I know that I'm doing something incorrect in my approach, but I just don't know what. In regedit, I implemented the desired settings in HKEY_CURRENT_USER key, but I have a feeling that it needs to be applied elsewhere. I understand that HKEY_CURRENT_USER is a subkey of HKEY_USERS the key where all user settings and profile information lie. Is this where I have to apply the desired settings? If so, how can you determine which SID corresponds to a specific user? Using the group policy approach, is there a way where I can create a group of associated users I want specific policies to apply to? If there is, please let me know because I have no idea how to do this.