Implementing a Virtual Kiosk for the SPA Self-Service Site
[pic]
Contents
Introduction 1
How the Virtual Kiosk
Works 1
Software Requirements 1
Creating the Secured Kiosk User Account 2
Creating the Kiosk Group Policy Object 2
Windows 2000 Security Settings 3
Windows 2003 Security Settings 12
Deploying the Virtual
Kiosk 21
Implementing a Virtual Kiosk for the SPA Self-Service Site
Technical Reference
March 15, 2004
This document outlines how to implement the SPA virtual kiosk in Windows 2000 and Windows 2003 domains. The SPA virtual kiosk allows users to gain secure access to the SPA Self-Service site from their workstations, even when they are locked out or have forgotten their account passwords.
This document and the software described in this document are furnished under and are subject to the terms of a license agreement or a non-disclosure agreement. Except as expressly set forth in such license agreement or non-disclosure agreement, NetIQ Corporation provides this document and the software described in this document “as is” without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. Some states do not allow disclaimers of express or implied warranties in certain transactions; therefore, this statement may not apply to you.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
© 1995-2004 NetIQ Corporation, all rights reserved.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
Check Point, FireWall-1, and Provider-1 are trademarks or registered trademarks of Check Point Software Technologies Ltd.
ActiveAgent, ActiveAnalytics, ActiveAudit, ActiveKnowledge, ActiveReporting, ADcheck, AppAnalyzer, Application Scanner, AppManager, AuditTrack, AutoSync, Chariot, ClusterTrends, CommerceTrends, Configuration Assessor, ConfigurationManager, the cube logo design, DBTrends, DiagnosticManager, Directory and Resource Administrator, Directory Security Administrator, Domain Migration Administrator, End2End, Exchange Administrator, Exchange Migrator, Extended Management Pack, FastTrends, File Security Administrator, Firewall Appliance Analyzer, Firewall Reporting Center, Firewall Suite, Ganymede, the Ganymede logo, Ganymede Software, Group Policy Administrator, Intergreat, Knowledge Scripts, Migrate.Monitor.Manage, Mission Critical Software, Mission Critical Software for E-Business, the Mission Critical Software logo, MP3check, NetIQ, the NetIQ logo, the NetIQ Partner Network design, NetWare Migrator, OnePoint, the OnePoint logo, Operations Manager, PentaSafe, PSAudit, PSDetect, PSPasswordManager, PSSecure, Qcheck, RecoveryManager, Security Analyzer, Security Manager, Server Consolidator, SQLcheck, VigilEnt, Visitor Mean Business, Vivinet, W logo, WebTrends, WebTrends Analysis Suite, WebTrends for Content Management Systems, WebTrends Intelligence Suite, WebTrends Live, WebTrends Log Analyzer, WebTrends Network, WebTrends OLAP Manager, WebTrends Report Designer, WebTrends Reporting Center, WebTrends Warehouse, Work Smarter, WWWorld, and XMP are trademarks or registered trademarks of NetIQ Corporation or its subsidiaries in the United States and other jurisdictions. All other company and product names mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respective companies.
Introduction
NetIQ Secure Password Administrator (Secure Password Administrator) extends NetIQ Directory and Resource Administrator to provide an agentless, Web-based interface that allows users to securely manage their account passwords. You can implement this Self-Service site as a virtual kiosk. The SPA virtual kiosk empowers locked-out users so they can easily and quickly reset passwords and gain access to their workstations.
Because you configure the virtual kiosk through group policy, this feature eliminates any requirement to deploy and maintain software across your desktops while still allowing users to securely reset the forgotten password from the workstation logon prompt.
How the Virtual Kiosk Works
The virtual kiosk consists of a secured kiosk user account and a group policy object. The secured kiosk user account is a generic user account with no network rights. Group policy settings restrict permissions on this account. When a user logs on using the secured kiosk user account, the operating system opens a Web browser window in kiosk mode and automatically loads the SPA Self-Service site. Because the virtual kiosk is a custom shell, the Web browser windows populates the entire screen and no other programs, menus, navigation controls, windows, or buttons are accessible. If users attempt to close the Web browser in an attempt to reach the desktop, they actually close the Windows session initiated with the secured kiosk user account logon. When users successfully reset their account passwords and log off the Self-Service site, they can then log on to their workstations using their updated account credentials.
Software Requirements
The virtual kiosk feature requires the following software:
|Type of computer … |Requires one of the following operating systems … |
|Workstation |Windows 2000 Professional |
| |Windows XP |
| |Windows 2003 Professional |
|Domain controllers |Windows 2000 Server Service Pack 4 |
| |Windows Server 2003 Service Pack 1 |
Creating the Secured Kiosk User Account
You can create the secured kiosk user account on a Windows 2000 or Windows 2003 domain controller. Create this account in the Users built-in container.
Note
Test the secured kiosk user account in your lab environment before implementing the virtual kiosk in your production environment.
To create the secured kiosk user account:
1. Log onto your Windows 2000 or Windows 2003 domain controller using an administrator account.
2. Start Active Directory User and Computers and navigate to the appropriate domain.
3. Select the Users built-in container.
4. On the Action menu, click New > User.
5. Specify the user logon name, and then click Next. For example, specify an easily remembered name, such as kiosk or help.
6. Specify and confirm a password that conforms to your password policy.
7. Select the following password settings, and then click Next.
• User cannot change password
• Password never expires
8. Review the summary, and then click Finish.
Creating the Kiosk Group Policy Object
You can create the kiosk group policy object (GPO) on a Windows 2000 or Windows 2003 domain controller.
Notes
• When configuring security settings for this GPO, ensure the Authenticated Users group is not assigned the Apply Group Policy permission. If this permission is assigned, the virtual kiosk custom shell will launch when users attempt to log on using their own account credentials.
• Test this GPO in your lab environment before implementing the virtual kiosk in your production environment.
To create the kiosk group policy object:
1. Start the Microsoft Management Console.
2. If you are creating the kiosk GPO on a Windows 2000 domain controller, click Add/Remove Snap-in on the File menu.
3. If you are creating the kiosk GPO on a Windows 2003 domain controller, select Add/Remove Snap-in on the Console menu.
4. On the Standalone tab, click Add.
5. If you are creating the kiosk GPO on a Windows 2000 domain controller, select Group Policy, and then click Add.
6. If you are creating the kiosk GPO on a Windows 2003 domain controller, select Group Policy Object Editor, and then click Add.
7. On the Select Group Policy Object window, click Browse.
8. On the Domains/OUs tab, right-click on the group policy object list, and then click New.
9. Specify the name of this new GPO.
10. Right-click the kiosk GPO, and then click Properties.
11. On the Security tab, click Add.
12. Select the secured kiosk user account, and then click OK.
13. Under Permissions, click the Allow checkbox to assign the Apply Group Policy permission.
14. Ensure Authenticated Users is not assigned the Apply Group Policy permission, and then click OK.
15. Click OK.
9. Click Finish.
10. Apply the appropriate Windows security settings to this GPO. For more information, see “Windows 2000 Security Settings” on page 3 or “Windows 2003 Security Settings” on page 12.
Windows 2000 Security Settings
The following tables show the Windows 2000 security settings you should apply to the kiosk group policy object. By default, these settings are located under User Configuration/Administrative Templates in the console tree.
/Control Panel
|Policy |Setting |
|Disable the Control Panel |Enabled |
/Control Panel/Add or Remove Programs
|Policy |Setting |
|Hide Add/Remove Windows Components page |Enabled |
|Disable Add or Remove Programs |Enabled |
/Control Panel/
|Policy |Setting |
|Disable Display in Control Panel |Enabled |
/Control Panel/Printers
|Policy |Setting |
|Disable addition of printers |Enabled |
|Disable deletion of printers |Enabled |
/Desktop
|Policy |Setting |
|Do not add shares of recently opened documents to My Network Places |Enabled |
|Don't save settings at exit |Enabled |
|Hide all icons on the desktop |Enabled |
|Disable adding, dragging, dropping and closing the Taskbar's toolbars |Enabled |
|Prohibit user from changing My Documents path |Enabled |
|Remove My Documents icon on the desktop |Enabled |
/Desktop/Active Desktop
|Policy |Setting |
|Disable Active Desktop |Enabled |
/Network/Network and Dial-up Connections
|Policy |Setting |
|Prohibit TCP/IP advanced configuration |Enabled |
|Prohibit access to current user’s RAS connection properties |Enabled |
|Prohibit access to properties of RAS connections available to all users |Enabled |
|Prohibit access to properties of a LAN connection |Enabled |
|Prohibit access to properties of a RAS connection |Enabled |
|Prohibit access to the Advanced Settings item on the Advanced menu |Enabled |
|Prohibit access to the Dial-up Preferences item on the Advanced menu |Enabled |
|Prohibit access to the Network Connection Wizard |Enabled |
|Prohibit adding and removing components for a LAN or RAS connection |Enabled |
|Prohibit configuration of connection string |Enabled |
|Prohibit connecting and disconnecting a RAS connection |Enabled |
|Prohibit deletion of RAS connections |Enabled |
|Prohibit deletion of RAS connections available to all users |Enabled |
|Prohibit enabling/disabling a LAN connection |Enabled |
|Prohibit enabling/disabling components of a LAN connection |Enabled |
|Prohibit renaming LAN connections or RAS connections available to all users |Enabled |
|Prohibit renaming of RAS connections belonging to the current user |Enabled |
|Prohibit viewing of status statistics for an active connection |Enabled |
/Network/Offline Files
|Policy |Setting |
|Prevent use of Offline Files folder |Enabled |
|Disable user configuration of Offline Files |Enabled |
|Disable 'Make Available Offline' |Enabled |
/Start Menu and Taskbar
|Policy |Setting |
|Clear history of recently opened documents on exit |Enabled |
|Do not keep history of recently opened documents |Enabled |
|Gray unavailable Windows Installer programs Start Menu shortcuts |Enabled |
|Disable changes to Taskbar and Start Menu Settings |Enabled |
|Disable context menus for the taskbar |Enabled |
|Disable and remove the Shut Down command |Enabled |
|Remove common program groups from Start Menu |Enabled |
|Remove Documents menu from Start Menu |Enabled |
|Disable drag-and-drop context menus on the Start Menu |Enabled |
|Remove Favorites menu from Start Menu |Enabled |
|Remove Help menu from Start Menu |Enabled |
|Disable and remove links to Windows Update |Enabled |
|Disable Logoff on the Start Menu |Enabled |
|Remove Network & Dial-up Connections from the Start Menu |Enabled |
|Disable programs on Settings menu |Enabled |
|Remove Run menu from Start Menu |Enabled |
|Remove Search menu from Start Menu |Enabled |
|Remove user's folders from the Start Menu |Enabled |
|Disable personalized menus |Enabled |
|Disable user tracking |Enabled |
/System
|Policy |Setting |
|Custom user interface |Enabled |
|Type the following command to define the custom user interface: %programfiles%\internet | |
|explorer\iexplore.exe -k SPAUserSiteURL | |
|Don't display welcome screen at logon |Enabled |
|Disable registry editing tools |Enabled |
|Disable the command prompt |Enabled |
|Disable the command prompt script processing also? No | |
|Disable Autoplay |Enabled |
|CD-ROM drives | |
/System/Logon/Logoff
|Policy |Setting |
|Disable Change Password |Enabled |
|Disable Lock Computer |Enabled |
|Disable Task Manager |Enabled |
|Disable legacy run list |Enabled |
|Disable run once |Enabled |
|Run these programs at user logon |Disabled |
/Windows Components/Internet Explorer
|Policy |Setting |
|Disable AutoComplete for forms |Enabled |
|Disable changing accessibility settings |Enabled |
|Disable changing Advanced page settings |Enabled |
|Disable changing Automatic Configuration settings |Enabled |
|Disable changing Calendar and Contact settings |Enabled |
|Disable changing certificate settings |Enabled |
|Disable changing color settings |Enabled |
|Disable changing connection settings |Enabled |
|Disable changing default browser check |Enabled |
|Disable changing font settings |Enabled |
|Disable changing history settings |Enabled |
|Disable changing home page settings |Enabled |
|Disable changing language settings |Enabled |
|Disable changing link color settings |Enabled |
|Disable changing Messaging settings |Enabled |
|Disable changing Profile Assistant settings |Enabled |
|Disable changing proxy settings |Enabled |
|Disable changing ratings settings |Enabled |
|Disable changing Temporary Internet files settings |Enabled |
|Disable external branding of Internet Explorer |Enabled |
|Disable importing and exporting of favorites |Enabled |
|Disable Internet Connection wizard |Enabled |
|Disable the Reset Web Settings feature |Enabled |
|Do not allow AutoComplete to save passwords |Enabled |
|Identity Manager: Prevent users from using Identities |Enabled |
|Search: Disable Find Files via F3 within the browser |Enabled |
|Search: Disable Search Customization |Enabled |
|Use Automatic Detection for dial-up connections |Enabled |
/Windows Components/Internet Explorer/Browser menus
|Policy |Setting |
|Disable Context menu |Enabled |
|Disable Open in New Window menu option |Enabled |
|Disable Save this program to disk option |Enabled |
|File menu: Disable closing the browser and Explorer windows |Enabled |
|File menu: Disable New menu option |Enabled |
|File menu: Disable Open menu option |Enabled |
|File menu: Disable Save As Web Page Complete |Enabled |
|File menu: Disable Save As... menu option |Enabled |
|Help menu: Remove 'For Netscape Users' menu option |Enabled |
|Help menu: Remove 'Send Feedback' menu option |Enabled |
|Help menu: Remove 'Tip of the Day' menu option |Enabled |
|Help menu: Remove 'Tour' menu option |Enabled |
|Hide Favorites menu |Enabled |
|Tools menu: Disable Internet Options... menu option |Enabled |
/Windows Components/Internet Explorer/Internet Control Panel
|Policy |Setting |
|Disable the Advanced page |Enabled |
|Disable the Connections page |Enabled |
|Disable the Content page |Enabled |
|Disable the General page |Enabled |
|Disable the Privacy page |Enabled |
|Disable the Programs page |Enabled |
|Disable the Security page |Enabled |
/Windows Components/Internet Explorer/Offline Pages
|Policy |Setting |
|Disable adding channels |Enabled |
|Disable adding schedules for offline pages |Enabled |
|Disable all scheduled offline pages |Enabled |
|Disable channel user interface completely |Enabled |
|Disable downloading of site subscription content |Enabled |
|Disable editing and creating of schedule groups |Enabled |
|Disable editing schedules for offline pages |Enabled |
|Disable offline page hit logging |Enabled |
|Disable removing channels |Enabled |
|Disable removing schedules for offline pages |Enabled |
/Windows Components/Internet Explorer/Toolbars
|Policy |Setting |
|Configure Toolbar Buttons |Enabled |
|Show Back button |Disabled |
|Show Forward button |Disabled |
|Show Stop button |Disabled |
|Show Refresh button |Disabled |
|Show Home button |Disabled |
|Show Search button |Disabled |
|Show Favorites button |Disabled |
|Show History button |Disabled |
|Show Media button |Disabled |
|Show Folders button |Disabled |
|Show Full screen button |Disabled |
|Show Tools button |Disabled |
|Show Mail button |Disabled |
|Show Font size button |Disabled |
|Show Print button |Disabled |
|Show Edit button |Disabled |
|Show Discussions button |Disabled |
|Show Cut button |Disabled |
|Show Copy button |Disabled |
|Show Paste button |Disabled |
|Show Encoding button |Disabled |
|Disable customizing browser toolbar buttons |Enabled |
|Disable customizing browser toolbars |Enabled |
/Windows Components/Microsoft Management Console
|Policy |Setting |
|Restrict the user from entering author mode |Enabled |
|Restrict users to the explicitly permitted list of snap-ins |Disabled |
/Windows Components/Task Scheduler
|Policy |Setting |
|Disable Advanced Menu |Enabled |
|Hide Property Pages |Enabled |
|Prevent Task Run or End |Enabled |
|Prohibit Browse |Enabled |
|Disable Drag-and-Drop |Enabled |
|Disable New Task Creation |Enabled |
|Disable Task Deletion |Enabled |
/Windows Components/Windows Explorer
|Policy |Setting |
|Only allow approved Shell extensions |Enabled |
|Do not request alternate credentials |Enabled |
|Do not track Shell shortcuts during roaming |Enabled |
|Hide these specified drives in My Computer |Enabled |
|Restrict all drives | |
|Hides the Manage item on the Windows Explorer context menu |Enabled |
|No "Computers Near Me" in My Network Places |Enabled |
|No "Entire Network" in My Network Places |Enabled |
|Prevent access to drives from My Computer |Enabled |
|Restrict all drives | |
|Remove "Map Network Drive" and "Disconnect Network Drive" |Enabled |
|Disable DFS tab |Enabled |
|Remove File menu from Windows Explorer |Enabled |
|Hide Hardware tab |Enabled |
|Remove Search button from Windows Explorer |Enabled |
|Disable UI to change keyboard navigation indicator setting |Enabled |
|Disable UI to change menu animation setting |Enabled |
|Disable Windows Explorer's default context menu |Enabled |
|Remove the Folder Options menu item from the Tools menu |Enabled |
/Windows Components/Windows Explorer/Common Open File Dialog
|Policy |Setting |
|Hide the common dialog places bar |Enabled |
|Hide the dropdown list of recent files |Disabled |
/Windows Components/Windows Installer
|Policy |Setting |
|Disable media source for any install |Disabled |
Windows 2003 Security Settings
The following tables show the Windows 2003 security settings you should apply to the kiosk group policy object. By default, these settings are located under User Configuration/Administrative Templates in the console tree.
/Control Panel
|Policy |Setting |
|Prohibit access to the Control Panel |Enabled |
/Control Panel/Add or Remove Programs
|Policy |Setting |
|Hide Add/Remove Windows Components page |Enabled |
|Remove Add or Remove Programs |Enabled |
/Control Panel/Display
|Policy |Setting |
|Remove Display in Control Panel |Enabled |
/Control Panel/Printers
|Policy |Setting |
|Prevent addition of printers |Enabled |
|Prevent deletion of printers |Enabled |
/Desktop
|Policy |Setting |
|Do not add shares of recently opened documents to My Network Places |Enabled |
|Don't save settings at exit |Enabled |
|Hide and disable all items on the desktop |Enabled |
|Prevent adding, dragging, dropping and closing the Taskbar's toolbars |Enabled |
|Prohibit user from changing My Documents path |Enabled |
|Remove My Documents icon on the desktop |Enabled |
/Desktop/Active Desktop
|Policy |Setting |
|Disable Active Desktop |Enabled |
/Network/Network Connections
|Policy |Setting |
|Ability to change properties of an all user remote access connection |Disabled |
|Ability to delete all user remote access connections |Disabled |
|Ability to Enable/Disable a LAN connection |Disabled |
|Ability to rename LAN connections |Disabled |
|Prohibit access to properties of a LAN connection |Enabled |
|Prohibit access to properties of components of a LAN connection |Enabled |
|Prohibit access to properties of components of a remote access connection |Enabled |
|Prohibit access to the Advanced Settings item on the Advanced menu |Enabled |
|Prohibit access to the New Connection Wizard |Enabled |
|Prohibit access to the Remote Access Preferences item on the Advanced menu |Enabled |
|Prohibit adding and removing components for a LAN or remote access connection |Enabled |
|Prohibit changing properties of a private remote access connection |Enabled |
|Prohibit connecting and disconnecting a remote access connection |Enabled |
|Prohibit deletion of remote access connections |Enabled |
|Prohibit Enabling/Disabling components of a LAN connection |Enabled |
|Prohibit renaming private remote access connections |Enabled |
|Prohibit TCP/IP advanced configuration |Enabled |
|Prohibit viewing of status for an active connection |Enabled |
/Network/Offline Files
|Policy |Setting |
|Prevent use of Offline Files folder |Enabled |
|Prohibit user configuration of Offline Files |Enabled |
|Remove 'Make Available Offline' |Enabled |
/Start Menu and Taskbar
|Policy |Setting |
|Clear history of recently opened documents on exit |Enabled |
|Do not keep history of recently opened documents |Enabled |
|Gray unavailable Windows Installer programs Start Menu shortcuts |Enabled |
|Prevent changes to Taskbar and Start Menu Settings |Enabled |
|Remove access to the context menus for the taskbar |Enabled |
|Remove and prevent access to the Shut Down command |Enabled |
|Remove common program groups from Start Menu |Enabled |
|Remove Documents menu from Start Menu |Enabled |
|Remove Drag-and-drop context menus on the Start Menu |Enabled |
|Remove Favorites menu from Start Menu |Enabled |
|Remove Help menu from Start Menu |Enabled |
|Remove links and access to Windows Update |Enabled |
|Remove Logoff on the Start Menu |Enabled |
|Remove My Documents icon from Start Menu |Enabled |
|Remove My Pictures icon from Start Menu |Enabled |
|Remove Network Connections from Start Menu |Enabled |
|Remove programs on Settings menu |Enabled |
|Remove Run menu from Start Menu |Enabled |
|Remove Search menu from Start Menu |Enabled |
|Remove user's folders from the Start Menu |Enabled |
|Turn off personalized menus |Enabled |
|Turn off user tracking |Enabled |
/System
|Policy |Setting |
|Custom user interface |Enabled |
|Type the following command to define the custom user interface: %programfiles%\internet | |
|explorer\iexplore.exe -k SPAUserSiteURL | |
|Don't display the Getting Started welcome screen at logon |Enabled |
|Prevent access to registry editing tools |Enabled |
|Prevent access to the command prompt |Enabled |
|Disable the command prompt script processing also? No | |
|Turn off Autoplay |Enabled |
|All CD-ROM drives | |
/System/Ctrl+Alt+Del Options
|Policy |Setting |
|Remove Change Password |Enabled |
|Remove Lock Computer |Enabled |
|Remove Task Manager |Enabled |
/System/Logon
|Policy |Setting |
|Do not process the legacy run list |Enabled |
|Do not process the run once list |Enabled |
|Run these programs at user logon |Disabled |
/Windows Components/Internet Explorer
|Policy |Setting |
|Disable AutoComplete for forms |Enabled |
|Disable changing accessibility settings |Enabled |
|Disable changing Advanced page settings |Enabled |
|Disable changing Automatic Configuration settings |Enabled |
|Disable changing Calendar and Contact settings |Enabled |
|Disable changing certificate settings |Enabled |
|Disable changing color settings |Enabled |
|Disable changing connection settings |Enabled |
|Disable changing default browser check |Enabled |
|Disable changing font settings |Enabled |
|Disable changing history settings |Enabled |
|Disable changing home page settings |Enabled |
|Disable changing language settings |Enabled |
|Disable changing link color settings |Enabled |
|Disable changing Messaging settings |Enabled |
|Disable changing Profile Assistant settings |Enabled |
|Disable changing proxy settings |Enabled |
|Disable changing ratings settings |Enabled |
|Disable changing Temporary Internet files settings |Enabled |
|Disable external branding of Internet Explorer |Enabled |
|Disable importing and exporting of favorites |Enabled |
|Disable Internet Connection wizard |Enabled |
|Disable the Reset Web Settings feature |Enabled |
|Do not allow AutoComplete to save passwords |Enabled |
|Identity Manager: Prevent users from using Identities |Enabled |
|Search: Disable Find Files via F3 within the browser |Enabled |
|Search: Disable Search Customization |Enabled |
|Use Automatic Detection for dial-up connections |Enabled |
/Windows Components/Internet Explorer/Browser menus
|Policy |Setting |
|Disable Context menu |Enabled |
|Disable Open in New Window menu option |Enabled |
|Disable Save this program to disk option |Enabled |
|File menu: Disable closing the browser and Explorer windows |Enabled |
|File menu: Disable New menu option |Enabled |
|File menu: Disable Open menu option |Enabled |
|File menu: Disable Save As Web Page Complete |Enabled |
|File menu: Disable Save As... menu option |Enabled |
|Help menu: Remove 'For Netscape Users' menu option |Enabled |
|Help menu: Remove 'Send Feedback' menu option |Enabled |
|Help menu: Remove 'Tip of the Day' menu option |Enabled |
|Help menu: Remove 'Tour' menu option |Enabled |
|Hide Favorites menu |Enabled |
|Tools menu: Disable Internet Options... menu option |Enabled |
/Windows Components/Internet Explorer/Internet Control Panel
|Policy |Setting |
|Disable the Advanced page |Enabled |
|Disable the Connections page |Enabled |
|Disable the Content page |Enabled |
|Disable the General page |Enabled |
|Disable the Privacy page |Enabled |
|Disable the Programs page |Enabled |
|Disable the Security page |Enabled |
/Windows Components/Internet Explorer/Offline Pages
|Policy |Setting |
|Disable adding channels |Enabled |
|Disable adding schedules for offline pages |Enabled |
|Disable all scheduled offline pages |Enabled |
|Disable channel user interface completely |Enabled |
|Disable downloading of site subscription content |Enabled |
|Disable editing and creating of schedule groups |Enabled |
|Disable editing schedules for offline pages |Enabled |
|Disable offline page hit logging |Enabled |
|Disable removing channels |Enabled |
|Disable removing schedules for offline pages |Enabled |
/Windows Components/Internet Explorer/Toolbars
|Policy |Setting |
|Configure Toolbar Buttons |Enabled |
|Show Back button |Disabled |
|Show Forward button |Disabled |
|Show Stop button |Disabled |
|Show Refresh button |Disabled |
|Show Home button |Disabled |
|Show Search button |Disabled |
|Show Favorites button |Disabled |
|Show History button |Disabled |
|Show Media button |Disabled |
|Show Folders button |Disabled |
|Show Full screen button |Disabled |
|Show Tools button |Disabled |
|Show Mail button |Disabled |
|Show Font size button |Disabled |
|Show Print button |Disabled |
|Show Edit button |Disabled |
|Show Discussions button |Disabled |
|Show Cut button |Disabled |
|Show Copy button |Disabled |
|Show Paste button |Disabled |
|Show Encoding button |Disabled |
|Disable customizing browser toolbar buttons |Enabled |
|Disable customizing browser toolbars |Enabled |
/Windows Components/Microsoft Management Console
|Policy |Setting |
|Restrict the user from entering author mode |Enabled |
|Restrict users to the explicitly permitted list of snap-ins |Disabled |
/Windows Components/Task Scheduler
|Policy |Setting |
|Hide Advanced Properties Checkbox in Add Scheduled Task Wizard |Enabled |
|Hide Property Pages |Enabled |
|Prevent Task Run or End |Enabled |
|Prohibit Browse |Enabled |
|Disable Drag-and-Drop |Enabled |
|Disable New Task Creation |Enabled |
|Disable Task Deletion |Enabled |
/Windows Components/Windows Explorer
|Policy |Setting |
|Allow only per user and approved Shell extensions |Enabled |
|Do not request alternate credentials |Enabled |
|Do not track Shell shortcuts during roaming |Enabled |
|Hide these specified drives in My Computer |Enabled |
|Restrict all drives | |
|Hides the Manage item on the Windows Explorer context menu |Enabled |
|No "Computers Near Me" in My Network Places |Enabled |
|No "Entire Network" in My Network Places |Enabled |
|Prevent access to drives from My Computer |Enabled |
|Restrict all drives | |
|Remove "Map Network Drive" and "Disconnect Network Drive" |Enabled |
|Remove DFS tab |Enabled |
|Remove File menu from Windows Explorer |Enabled |
|Remove Hardware tab |Enabled |
|Remove Search button from Windows Explorer |Enabled |
|Remove UI to change keyboard navigation indicator setting |Enabled |
|Remove UI to change menu animation setting |Enabled |
|Remove Windows Explorer's default context menu |Enabled |
|Remove the Folder Options menu item from the Tools menu |Enabled |
/Windows Components/Windows Explorer/Common Open File Dialog
|Policy |Setting |
|Hide the common dialog places bar |Enabled |
|Hide the dropdown list of recent files |Disabled |
/Windows Components/Windows Installer
|Policy |Setting |
|Prevent removable media source for any install |Disabled |
Deploying the Virtual Kiosk
To deploy the virtual kiosk, distribute the secured kiosk user account credentials to the appropriate users. Users must register with the Self-Service Site to use the virtual kiosk feature. For more information, see the User Guide for Secure Password Administrator.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- 广东必达保安系统有限公司
- latest sdg users guide in ms word format
- if your internet not working please on off the modem and
- implementing a virtual kiosk for the spa self service site
- signing on to avatar and changing your password
- check processing troubleshooting
- onity itegra3 guide and procedures west virginia
- pc basics knowledge is power home
- when trying to open a green s program it keeps saying
Related searches
- employee self service baltimore city schools
- employee self service bcpss
- nyc doe self service portal
- implementing a crm
- implementing a crm system
- implementing a new process
- benefit administration for the self employed
- implementing a new business process
- self service for target schedule
- exchange online kiosk for gcc
- kronos self service for employees
- write a compound inequality for the graph