let’s say I would like to make an account that can only run one or two apps, in order to give people remote access to these apps via GoToMyPc but not give them access to anything else on the machine (including basic stuff like Internet Explorer etc that shows up on the desktop when I create a new limited account). Is this doable on Windows XP Pro or on some later Windows version?
Take a look at Microsofts product, steady state.
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx
I believe it will have the functionality you want, limiting a specific user to only certain applications. I know it supports XP, and it now apparantly supports Vista too.
Hope this helps.
got it, thanks.
BTW, I am just amazed at how sparse are their “marketing” explanations on that website. Are Microsoft marketing copywriters dylexic or something, if they are unable to clearly write down a list of relevant features and shortcomings? Must be a result of a solid liberal arts education or something…
You can also use the Policy Editor to restrict an account to only running specified applications. This is relatively straightforward, but you need to be careful not to apply your restrictions to your administration account - that is a pain to sort out. I suspect that Windows Steady State is a tool that configures the local policy and security model in a standard way to achieve the same goal.
A quick google on Windows Policy Editor should get you started, and will probably help with Steady State as well.
Si
Via group policy:
http://support.microsoft.com/kb/976922
Secondly, you dont want to let them run as local admin. There are also a lot of guides on how to lock down a windows computer in a type of “kiosk mode” where there are no icons for them to press and they cant do stuff like launch task manager, press altf4, etc.