Forward facing locked down machines... kiosk?

Similar Messages

• I have a Win7Pro SP1 PC locked down with a Group Policy as it is a public facing PC. PDF fillable forms cannot be completed when logged on as the restricted user. The forms work as a normal user. What are the user requirements/permissions needed to fill f

  I have a Win7Pro SP1 PC locked down with a Group Policy as it is a public facing PC. PDF fillable forms cannot be completed when logged on as the restricted user. The forms work as a normal user. What are the user requirements/permissions needed to fill forms?

  Well, try this (I was able to fix my with these steps):
  Go Utilities > Disk Utility
  Select your Startup Disk, e.g. Macintosh HD
  Then, under the First Aid Tab, click Verify Disk Permissions.
  If there are errors, then click repair Disk Permissions.
  After it is done, restart the computer and see if your problem is resolved.
  I hope this help.
  Zeke
  www.ZekeYuen.com/blog/

• Locking down call forwarding

  I just started a new job, this company doesn't want call forwarding from phones but one of the high level vendors was allowed to have his phone sent to just one number. The last technician figured out how to disallow the change of the forwarding number he set in call manager. I can't for the life of me figure out how he did it. When I set a number in call manager the phone is still allowed to change the number locally and reset it in call manager. I'm really interested to know how he did this. 

  Hi
  In case you want to lock down the call forwarding, you can just remove the CFA button from the softkey template from all the phones. This would prevent users from doing from the phone.
  The only option would now be the ccm end user page. In case you want to remove from there as well, use the following enterprise parameter on CCM Administration page :
  Show Call Forwarding :This parameter determines whether end users can configure all, none, or specific call forwarding
  directives for their phone(s) when using the Cisco Unified CM User Options (ccmuser) window. Call forwarding
  options are not provided regardless of the setting in this parameter if the phone template assigned to the user's device does not support call forwarding
  With this, what ever CFA settings you put on the phone, users won;t be able to change that.
  Regards
  Aditya

• Locking down Win 8.1

  For security reasons, i need to investigate how to lock down windows 8.1 so that the user is restricted to the desktop only and only has access to a
  certain few applications.
  These PC's are in a domain and are used for either Accounting or POS.
  The software is what it is and changing the software is not an option. 
  Right now, the users log into XP machines. The desired programs auto-load and all is well.
  As of April 1st, the XP POS machines will no longer be PCI compliant. We prefer to step up to win 8.1 stations, but locking them down via group policy is proving to be difficult.
  We don't want third party tools. 
  Certainly this must be achievable via group policy.
  Any assistance will be greatly appreciated.
  Thanks 
  Jerry C
  (originally asked in answers.microsoft.com)

  Jerry
  I am sure you have but have you looked at kiosk mode?
  http://www.geek.com/microsoft/windows-8-1-kiosk-mode-locks-systems-to-a-single-app-1552963/
  http://blogs.msdn.com/b/hyperyash/archive/2013/10/25/enable-kiosk-mode-in-windows-8-1.aspx
  If Kiosk doesnt cut it the below thread has a bit about how to lock it down via GP.
  http://social.technet.microsoft.com/Forums/en-US/6c67d219-dba9-4de8-988f-ae46b19b2ccb/windows-81-kiosk-mode?forum=w8itproinstall
  Wanikiya and Dyami--Team Zigzag

• Replicate ALL Forward Facing Lookup Zones from a Master DNS1 to a Slave DNS2

  We have two servers for hosting websites. I have figured out how to make one the master and one the slave for a single domain name zone. But I want it to do true-up true-down with all of the zone records in the Forward Facing Lookup folder, automatically. 
  I thought, surely there is a simple setting for the folder to sync, just like the individual zone records. But I can't find it.
  I found where someone wrote a script:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/53ab79c5-de73-4534-8cb0-3c29b3389c30/how-to-create-automatically-a-new-secondary-zone-on-dns2-when-i-create-a-new-zone-primary-on-dns1?forum=winserverNIS
  But surely that's not necessary with two Server 2012 machines. Is it?
  - Missing Something

  Hi,
  In order to accomplish zone transfer, you should enable zone transfer in the primary zone (master server). Then you need manually create a secondary zone (slave server)
  on another DNS. Confirm your zone transfer is allowed in your firewall rules.
  As discussed in the thread you referred, you can try this by using a script.
  Hope this helps.

• Lock down X140e BIOS

  Hello!
  I'm deploying 55 of the Thinkpad x140e to a school, and I want to be able to lock down the BIOS so the students won't be able to boot from other devices or make any other changes in the BIOS. I'm wondering if anyone knows of an application that allows me to lock down the BIOS without having to do it manually on every machine. I'm imaging them with the same image, so if there's an application that can be put on the image beforehand, that would be ideal. Anyone run into a similar situation or know of any solutions?
  Thanks in advance for any help you can provide!
  Solved!
  Go to Solution.

  Lenovo has some scripts (and accompanying documentation) for configuring the BIOS through WMI available here:
  http://support.lenovo.com/us/en/documents/ht100612
  The X140e isn't listed as a supported model, but it might be worth a try anyhow.
  How are you deploying the image? If you're using something like MDT or SCCM you would create a task that runs the script as part of the imaging process.

• Data network locked down when usb tethering with a lot of request (i.e. 3 to 4 tab pages and IRC)

  Hi, i am currently using the usb tethering on my ubuntu desktop(this also happened in win8 desktop) which the data network will be locked down when open 3 to 4 tab pages in 3-4 seconds or requesting large amount of data traffic (i.e. downloading movie)
  This locked down will be recovered only  after a few minutes (4 minutes at least) when there is no more request maked.
  OR reboot the phone again. 
  This doesn't affect receiving calls, only the data network is locked down
  I do see this is a software problem as i have asked for a exchange for phone, the same thing happened again.
  Does anyone get the same problem as i experienced?
  The firmware is v.114 
  Thanks for help

  Hi z1CUser
    based on your information, i believe there is not problem with the phone, since even second phone is doing same thing as first, what I can suggest is
  >check with different phone if possible and see whether it does same, incase 'Yes" then its might be with the internet connection i believe, you can give a call to Internet Service Provider, stating the issue faced in 2 different phones
  >if possible Refresh the Router and try to connect it again
  >Last you can try to restore the phone once
  Manjuboyz
  NOTE:
  Rate me(Kudos) If you are happy with my Resolution, Thanks

• Is it possible to lock down the _vti_bin and _layouts pages with a wildcard option.

  Hi all,
  A client of mine is running an internet facing sharepoint site. I have managed to lock down the _vti_bin and _layouts pages users for anonymous by using the following entries in my main web.config file:
  <location path="_layouts">
        <system.web>
          <authorization>
            <deny users="?" />
          </authorization>
        </system.web>
      </location>
  and
  <location path="_vti_bin">
        <system.web>
          <authorization>
            <deny users="?" />
          </authorization>
        </system.web>
      </location>
  But this is only ok for the root site collection. Is there a way to lock down all site collections, including sub sites with a type of wildcard entry?
  Due to the nature of the clients business, they will be creating many site collections and subsites. I am trying to find a scalable way to manage this. To add an entry for every new site collection or subsite that gets created on the fly does not seem like
  the most manageable solution.
  Any suggestions would be appreciated.
  Regards
  Mirco

  Hi Sachin,
  Thank You very much for the feedback. The info to secure system pages from authenticated FBA users is very helpful and I will definitely  implement it.  With reference to your second post. This is actually the information I used to lock down my
  sites from anonymous users. Applying this method I noticed that you needed to put an entry for every single site collection and sub site collection, e.g. if I ONLY had a site collection at
  https://me.myserver.com then the following entries in the web.config would secure the _vti_bin and _layouts folder from anonymous users:
  <location path="_layouts">
        <system.web>
          <authorization>
            <deny users="?" />
          </authorization>
        </system.web>
      </location>
  and
  <location path="_vti_bin">
        <system.web>
          <authorization>
            <deny users="?" />
          </authorization>
        </system.web>
      </location>
  But lets say I added another site collection at
  https://me.myserver.com/sites/mysitecollection I would have to add the following entries to the web.config file to secure it from anonymous users:
  <location path="sites/mysitecollection/_layouts">
        <system.web>
          <authorization>
            <deny users="?" />
          </authorization>
        </system.web>
      </location>
  and
  <location path="sites/mysitecollection/_vti_bin">
        <system.web>
          <authorization>
            <deny users="?" />
          </authorization>
        </system.web>
      </location>
  Now this method might be manageable if you are only gonna have 5 or 10 site or subsite collections. My client will have 30, 40, 50, who knows how many. This is why I am trying to find a more manageable way of locking these sites down.
  You can imagine what my web.config will look like eventually and the admin involved in continuously adding these entries to the web.config file to keep it safe from anonymous users.
  Regards
  Mirco

• Locking down anyconnect client profile

  I was wondering if there is a way to lock down the anyconnect profile on a clients machine.  Basically we are using certifcates to authenticate so the client can make a VPN connection.  We have enabled the certifcate match function to check for IPSec User Extended Match Key.  I can modify the XML on the client PC to bypass the check and authenticate.  We would like to keep users from doing that.  Is there something I can setup on the ASA versus the client to check the certificate or prevent the XML from being modified?
  Thanks in advance.

  I went in and modified the xml and removed the following.  I was then able to make a connection without checking for the IPSecUser extended key usage.  I have 2 certs on my client.  One cert has the IPSecUser extended key usage and the other does not.
      IPSecUser

• Access Connections v4.52 - user rights in locked down environment

  I'm currently working on a small project to deploy various Lenovo wireless drivers, Access Connections v4.52, Hotkey and Power Management drivers via SMS but have come across a slight issue with Access Connections that I can't seem to resolve.
  I'm hoping to provide my locked down users with a selection of standard profiles that are copied to their machines on logon but would also like to give them the ability to create and modify new ones too - this is where I'm having problems.
  Through Group Policy I have set:
  Allow Windows users without administrator privileges to create and apply WLAN location profiles using Find Wireless Network function
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Lenovo\AccessConnection\EnableCreateProfilewithFWN 1
  Allow Windows users without administrator privileges to create and apply location profiles
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Lenovo\AccessConnection\EnableUserMode 1
  I have also manually set the following:
  HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Access Connections\Install\AllowPrfCreationThruFWN 1
  I couldn't find a key for the 'EnableUserMode' option
  Unfortunately, none of these give standard users access to create or modify profiles.
  Have any of you come across this in your environment and if so did you manage to come up with a suitable solution?
  Thanks in advance.

  Hi,
  the steps, that you performed are correct.
  However I would not do the last step:
  HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Access Connections\Install\AllowPrfCreationThruFWN 1
  This might cause confusiong.
  I have just tested it in here and it's working fine with the 5.x version of AC
  Cheers

• Locked down Administrator profiles

  Hi,
  we're having a strange issue on our terminal servers.
  We have some GPOs to lock down normal user profiles which only apply to our TS users and not to administrators.
  When we create a new user profile for an Administrator he gets a locked down profile e.g. no right click in start menu, no icons in control panel...
  Existing administrator profiles work fine.
  When I check the registry under "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" there are many settings set to 1 (like NoChangeStartMenu, NoManageMyComputerVerb). If I change them to 0 everything is working fine.
  We have already disabled all GPOs and also removed the server from the Domain. It also happens when we create a new local user.
  We have tried to copy the default user profile from another server but we still get a locked down profile.
  Has anyone had the same issue?
  Regards

  Ok there are some files in %windir%\system32\grouppolicy:
  %windir%\system32\grouppolicy\machine\Citrix\GroupPolicy\Policies.gpf
  %windir%\system32\grouppolicy\user\Citrix\GroupPolicy\Policies.gpf
  %windir%\system32\grouppolicy\gpt.ini
  If I delete these files I can successfully create a new Admin profile!
  Is it safe to delete all those files?

• Locking down windows 2000

  Hi All
  I have been blessed with the task of figuring out how to lock down a
  Windows 2000 PC to run only 1 access runtime app in a kiosk type setting.
  Does anyone know a good starting point? I have very little Zen knowledge.
  Thanks in advance
  Paul

  1) Configure NAL to run as the Shell.
  http://www.novell.com/documentation/...a/a7q692x.html
  (Note: Works the same in ZFD4)
  2) Enable "Rogue Process Management" to limit the system to only NAL
  delivered apps.
  http://www.novell.com/documentation/...a/ahl34y5.html
  (Scratch That - This is a ZFD 6.5 or greater feature)
  3) Group Policy to only allow specified applications.
  http://msdn.microsoft.com/library/de...-us/gp/206.asp
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Support Forums Volunteer Sysop
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared either Novell or any rational human.
  <[email protected]> wrote in message
  news:jyGTh.121$[email protected]..
  > Hi All
  >
  > I have been blessed with the task of figuring out how to lock down a
  > Windows 2000 PC to run only 1 access runtime app in a kiosk type setting.
  > Does anyone know a good starting point? I have very little Zen knowledge.
  >
  > Thanks in advance
  > Paul

• Trying to lock down DNS server settings to force use of OpenDNS

  I'm trying to lock down my time capsule on my home network to only allow outgoing DNS traffic to go through OpenDNS. I  have an 18 year old son, with his own computer, who bypasses my OpenDNS by entering the DNS settings for Google on his Windows 7 machine. I have no control over his machine, only my router.
  A discussion on the OpenDNS forums mentions blocking port 53 and forcing all DNS traffic through the OpenDNS server settings I've entered into my router, but I can't see any way to do this on the time capsule. Am I missing something?

  There is nothing you can do.. TC do not have access to firewall.. at least for ipv4.
  You need a much better router.. bridge the TC and grab a Netgear WNDR3800 and run Gargoyle firmware. The power will be put back in your hands.. then he will buy his own 3G connection.. maybe at 18 it is rather too late.

• Locking down is it possible.

  Hello, We just installed a server 2012 r2 with the AD and Remote Desktop Services roles,  To host quickbooks.  All our client computers are running non professional versions of windows.  Can we use Group Policy to lock down user activities
  when logged into the remote desktop.  Users are logging in fine, but no group policy seems to be working.  I have been attempting to do this with no success and just want to make sure i am not wasting my time. 

  Hi,
  Thanks for posting in Windows Server Forum.
  As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to  reply
  this post directly so we will be notified to follow it up. 
  BTW,  we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. 
  Thanks for your Support & understanding.
  Regards.
  Dharmesh Solanki
  TechNet Community Support

• HELP - Macbook Pro Locked Down

  Ok, to make a long story short, I bought a used Macbook Pro and the password I was given is not working. The person I bought the computer from seemed fishy, I should have realized something was wrong before agreeing to buy the computer. The computer seems like it is a demo machine from an Apple Store or some other retail store. It is locked down and I can not gain access to the administrator account. I have tried everything I found on the internet. I called Apple up to inquire about this machine to see if it is marked/reported as being fraudlent/stolen/counterfiet and they confirmed the serial number is fine and it is an official apple computer. They said I have hardware support until end of March 2011, but no longer have software support. Oh by the way, I am new to Macs, this is my first Mac, so I'm not familiar with them. Not a very good first experience. I guess its my fault for buying a used computer without receiving the install/backup disks.
  Below is a summary of what is happening and what I tried:
  When I turn the computer on, it logs in fine. Everything seems to function fine. But if I try to do anything administratively it asks for password and I can not do anything.
  I tried the following things:
  - entering single user mode, removing the AppleSetupDone file. After I reboot from that, it just logs in as normal and doesn't prompt for new account. When I went back into single user mode, the AppleSetupDone file was back.
  - entered single user mode, changing password via command line. Seems like it changes fine with no errors. After I reboot, logs in fine and I try password I changed to and it doesn't accept it.
  - Tried putting OS 10.6.3 into DVD and booting from that by holding c key, but it ends up going to grey screen with Apple logo and does nothing.
  - Tried putting OS 10.6.3 into DVD and pressing "Option" key while booting to choose which device to boot from. I choose DVD and it goes to grey screen with Apple logo and does nothing.
  - I tried formating the hard drive, went to single user mode, did a rm -rf / Seemed like it erased the hard drive, so I figured it has to boot from DVD. Well when I turned on computer, it booted fine and logged in as normal. Went back into single user mode and everything was restored as was.
  - Tried clearing the PRAM and NVRAM thinking maybe there was something in the non-volatile memory, but that did nothing. Logged in as normal and still would not allow me to boot from DVD.
  Someone suggested the firmware was password protected, but I had read if you hold the option key down while booting that a lock would appear if the firmware was password protected and that didn't happen, I got the HD or DVD options to boot.
  Seems like the computer is locked down somehow to restrict anyone from modifying anything and at bootup, it restores everything to original state. Does anyone have any ideas or suggestions? Does anyone know how Apple stores lock down their demo computers to avoid customers from modifying them? Is there something in the hardware? Are there jumpers set somewhere that could be causing the machine to do a unique protected/recovery bootup? Someone mentioned pulling the hard drive and formatting it in another computer. Do you think this would do it for me?
  Thank you for the help,
  Kevin

  Proof? I bought it used from someone. All I have is the computer and charger. When I talked to the Apple representative on the phone about the serial number, he said the machine has not been registered yet. So what would the proof be?