Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
group policy 2
- Thread starter A15
- Start date
TekTippy4U
Technical User
Wolluf;
I lamed out a little with my last answer. (as a regular, you deserve atleast an effort on my part...so here it goes)
I'll try to explain my thinking.
but how do ensure that the user gets no chance to see the logon or attempt to stop it?
There is no "Option" to see the logon screen, nor can it be bypassed using Sys Poledit as I understand it, while enforcing Mandatory User Policies....the User.dat file gets d/l from the server and replaces the orig, if any, basically, otherwise....no network logon. The user basically can't attempt to "stop" it , and still be able to "logon"(Fine, that takes care of the Network, now what about fiddling with the 98 Box itself?)..well, that's where all the other System Policies come into play.
TweakUI is not a good choice for this, nor should it be used/relied upon for Network Security....
Firstly, as I see it, there can really only be one sinister reason why anyone would NOT want someone else to even "know" that they were logged onto a Network....and that's to either capture the user's keystrokes, online activity, and for other sordid reasons, such as using spyware to invade th users privacy...that I don't condone, and in no way, will I assist in helping to achieve this deplorable goal.
Unless, the auto-logon dialog, which you say is greyed out and filled in already, can be bypassed by clicking something (such as OK, or CANCEL, or just "x-ing out" the dialog box entirely)...then just "seeing" the auto-logon shouldn't be a problem....
I, myself, can even think of ways around this, even with most of the System Policy editor settings buttoned down, but in combination with No Drive Access, that will make it all the more difficult....and yes, there will always be a way into 98 and XP too, but just "seeing" a logon dialog box has nothing to do with this....IMO
Therefore, I was proposing coming at it from a different angle, rather than figuring out "how" to "Hide" the auto-logon dialog box, I was kinda refusing to answer that question directly (for reasons above), and just point the author to use Sys Poledit to achieve lockdown as much as possible without invoking a BIOS password, etc..(yes, i know there are ways around this too).
So; me not being a networking guru or anything even marginally close....can You, now point Me to a site explaining how on XP...these things can be achieved?? (Locked down , more so than when using Sys Poledit in 98?).
I'm aware of the ability of XP to use "encrypted" files (doesn't it really only pertain to keeping one User access to another User's files?), and the 3 tier {Admin, SystemUser, and Standard User} deployment.....( But, isn't this like using Sys Poledit in 98...just much easier to with XP?) Same effect...
made an effort this time in my reply![[smile]](/data/assets/smilies/smile.gif "[smile] [smile]")
Anyone and Everyone else;
If a person wants to achieve above said sinister goals for corporate LAN's for whatever reasons that "they" see fit....hey, by all means..knock yourself out.....I know I won't, nor will I assist.
If I've read into the request too deeply, well.... too bad...
If anyone is interested in learning more about System Policies in 98, here's the online version
OR..... Install The Win98 Resource Kit, found on the Win98 CD
<CD Drive>\tools\reskit\setup.exe
TT4U
Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
I lamed out a little with my last answer. (as a regular, you deserve atleast an effort on my part...so here it goes)
I'll try to explain my thinking.
but how do ensure that the user gets no chance to see the logon or attempt to stop it?
There is no "Option" to see the logon screen, nor can it be bypassed using Sys Poledit as I understand it, while enforcing Mandatory User Policies....the User.dat file gets d/l from the server and replaces the orig, if any, basically, otherwise....no network logon. The user basically can't attempt to "stop" it , and still be able to "logon"(Fine, that takes care of the Network, now what about fiddling with the 98 Box itself?)..well, that's where all the other System Policies come into play.
TweakUI is not a good choice for this, nor should it be used/relied upon for Network Security....
Firstly, as I see it, there can really only be one sinister reason why anyone would NOT want someone else to even "know" that they were logged onto a Network....and that's to either capture the user's keystrokes, online activity, and for other sordid reasons, such as using spyware to invade th users privacy...that I don't condone, and in no way, will I assist in helping to achieve this deplorable goal.
Unless, the auto-logon dialog, which you say is greyed out and filled in already, can be bypassed by clicking something (such as OK, or CANCEL, or just "x-ing out" the dialog box entirely)...then just "seeing" the auto-logon shouldn't be a problem....
I, myself, can even think of ways around this, even with most of the System Policy editor settings buttoned down, but in combination with No Drive Access, that will make it all the more difficult....and yes, there will always be a way into 98 and XP too, but just "seeing" a logon dialog box has nothing to do with this....IMO
Therefore, I was proposing coming at it from a different angle, rather than figuring out "how" to "Hide" the auto-logon dialog box, I was kinda refusing to answer that question directly (for reasons above), and just point the author to use Sys Poledit to achieve lockdown as much as possible without invoking a BIOS password, etc..(yes, i know there are ways around this too).
So; me not being a networking guru or anything even marginally close....can You, now point Me to a site explaining how on XP...these things can be achieved?? (Locked down , more so than when using Sys Poledit in 98?).
I'm aware of the ability of XP to use "encrypted" files (doesn't it really only pertain to keeping one User access to another User's files?), and the 3 tier {Admin, SystemUser, and Standard User} deployment.....( But, isn't this like using Sys Poledit in 98...just much easier to with XP?) Same effect...
made an effort this time in my reply
Anyone and Everyone else;
If a person wants to achieve above said sinister goals for corporate LAN's for whatever reasons that "they" see fit....hey, by all means..knock yourself out.....I know I won't, nor will I assist.
If I've read into the request too deeply, well.... too bad...
If anyone is interested in learning more about System Policies in 98, here's the online version
OR..... Install The Win98 Resource Kit, found on the Win98 CD
<CD Drive>\tools\reskit\setup.exe
TT4U
Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
Hi all thanks for all your thoughts and imputs, There is no hidden agenda in my reasons to force a single logon or to hide the autologon when the machine boots. It is really a matter of convenince on my part. In my school I have set up an XP pro; server 2000 network with 120 machines + 15 laptops all up and running fine with restictions etc set by Active Dir.As this is still not enough computers, I also have some older slower machines (20 or so) which will cope with win 98 and a few applications.I am setting these up in small study areas for pupils who need to do reaserch and or word procces and print some work. These older machines would not benifit from AD and so would have a fixed user logon for policy and storage. This storage area is browsable from the main XP network and their normal desktop( so they can retrive any work placed in the storage area later)I therefore need these win 98 machines to be locked down, and to boot from switch on straight into the set fixed logon with no option to do otherwise. I will review all your answers and see what fits.... THANKS all 
Some lead, some follow....I just Hope!
Some lead, some follow....I just Hope!
TekTippy4U
Technical User
itsfisko;
thanx for replying and clarifying a bit.....I do hope you find an appropriate "fit" for your situation. Look into creating a separate "Group Policy" for all the older boxes to access the storage area..
TT4U
Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
thanx for replying and clarifying a bit.....I do hope you find an appropriate "fit" for your situation. Look into creating a separate "Group Policy" for all the older boxes to access the storage area..
TT4U
Notification:
These are just "my" thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs..All involved shall be spared the grief.
- Status
Similar threads
- Locked
- Question
- Locked
- Question