I am in the process of trying to lock down an XP desktop to only allow access to a particular set of programs. I had buttons on the desktop in mind but could be tempted in other directions
This needs to be applied to all users EXCEPT admins who, of course have deity status and need to access everything.
This is needs to be foolproof - I told my boss it could be done!
Any ideas? Anyone?
Well, if you restrict everything except litestep....
I mean, if you could edit the theme yourself it of course becomes completely insecure. If you can terminate the litestep process and open explorer, it once again falls down..
If you kept someone locked into the LS theme, then I guess it would work just fine. I guess then the last thing would be to determine (from within litestep) the level of the account being used. I wouldn't know how to do that, maybe possible though. I guess you could use xstatsclass and compare the name of the user to a list of the admin accounts?
There's a little vague help.
The lockdown can be done. However...there are things that can always be done to circumvent it...it is just knowing if your users will be smart enough to try it. Here are some things to think about though.
1) You will need to edit and recompile the core. You have to do this because of the "Oh Shit! Menu". It has the option to use run which you can not control.
2) In a domain environment user configs are stored on the domain controller so you should be able to control the shell setting from there.
3) You need to disable Ctrl+Shift+ESC and Ctrl+Alt+Del which can not be done via LiteStep.
4) This has been done before by another development team. LDE is a Desktop Environment used by a company for this sort of control.
5) Read up on User Levels...it is easier to just do it in Windows alone.
6) Most of all...Have fun and never let anyone say never!
If you can share a few details on how (for what) your company is using LiteStep, it'd be really cool to hear about it. It is always fun to know the different ways LiteStep is being used. Thanks!
There are also a thread or two in these forums detailing different steps people have tried to use to lock down a LiteStep desktop.