The Lock XP installation White Paper # 09995

Similar documents
10ZiG Technology. Thin Desktop Quick Start Guide

8 MANAGING SHARED FOLDERS & DATA

Virtual CD TS 1 Introduction... 3

Installation Instructions for Free Scheduler Plus Software IBS Show Promotion

Nikon Message Center

Part 1: Understanding Windows XP Basics

Storage Security Software (Version )

LaborKey Version 4.0. Installation Guide. 4.01a FEB 2007

Eaglesoft 18.1 Installation Instructions

ThinkVantage Fingerprint Software

Installing the application involves several steps. Note that you must install QuickBooks on your computer prior to installing this application.

Changing Settings for ViewMail for Outlook (Version 8.0 Only)

PCLaw Installation and Upgrade Guide

Using LaunchPad. Contents. Section 1-7. This section: Describes how to use LaunchPad to run your access control programs.

Recent Operating System Class notes 04 Managing Users on Windows XP March 22, 2004

Admin Guide. LabelShop 8

R9.7 erwin License Server:

Full file at

Print Manager Plus 2010 Workgroup Print Tracking and Control

Server Edition Administrator s Guide

Batch Eligibility Long Term Care claims

GUARD1 PLUS Manual Version 2.8

2. install windows vista

Wimba Pronto. Version 3.1. User Guide

dbdos PRO 2 Quick Start Guide dbase, LLC 2013 All rights reserved.

Windows XP. A Quick Tour of Windows XP Features

INSTALLATION AND USER S GUIDE OfficeCalendar for Microsoft Outlook

Installing the Is2 Onsite Version - HVAC Office System

A0. Special Considerations for Windows Vista a) Consideration during installation b) Runtime considerations

Exam : Title. : A+ OS Technologies

Print Audit 6. Print Audit 6 Documentation Apr :07. Version: Date:

Minimum System Requirements The following are the minimum system requirements needed to run and install Premium Pro Enterprise:

Wimba Pronto. Version 2.0. User Guide

OptionPower 3.2. for Office 2007 STARTUP GUIDE. Interactive Audience Response Systems

Employee Web Services. Installation Guide

Download instructions for DataTrace Pro software

ThinkVantage Fingerprint Software

PhotoPDF User Guide. PhotoPDF. Photo to PDF Converter

WELCOME TO LACERTE! WE APPRECIATE YOUR BUSINESS.

ModeChanger

Abila MIP DrillPoint Reports. Installation Guide

COINS Ti Call Management System Standard Installation Instructions for Citrix Users

The ViVo Mouse Versions: Standard & Professional Installation Guide

Installing McAfee VirusScan For Windows 95/98 Kyler Kwock, Wilbur Wong Revised by Therese Nakadomari

5 MANAGING USER ACCOUNTS AND GROUPS

Reinstalling Windows 95/98/ME/2000 Professional

STATISTICA VERSION 10 STATISTICA MONITORING AND ALERTING SERVER (MAS) INSTALLATION INSTRUCTIONS

JUN / 04 VERSION 7.1 FOUNDATION PVI EWLUTME

OneRoof CyberCafePro Client Installation, Setup and User Manual

This installation guide is intended for customers who are installing NMIS for the first time. Included are the recommended hardware specifications

Quick Start Guide. Smarter Surveillance for a Safer World

ACS Technical Bulletin

Mac OS 8 Installation Instructions for Sonnet Presto and Presto Plus Processor Upgrade Cards

Installing FileMaker Pro 11 in Windows

Team Project Management

Impossible Solutions, Inc. JDF Ticket Creator & DP2 to Indigo scripts Reference Manual Rev

Installing AppleWorks 6 FOR WINDOWS

Configuring the WebDAV Folder for Adding Multiple Files to the Content Collection and Editing Them

UPDATING SOCRATES Version Build May 2018

Select the Akeni Pro Server installation file that matches your operating system and double-click on the file.

Chapter A2: BankLink Books clients

PropertyBoss Upgrade

Abila MIP. Human Resource Management Installation Guide

Quick Reference Guide

WEBSEWSS SINGLE SERVER INSTALLATION INSTRUCTIONS

SuperNova. Screen Reader. Version 14.0

Full file at Chapter 2: Securing and Troubleshooting Windows Vista

Your File System Applications What s running on your machine It s own devices Networking. L07 - Getting to know your computer

Copyright 2017 Softerra, Ltd. All rights reserved

ChromQuest 4.2 Chromatography Data System

USB driver and Software Installation. UPS Monitoring and Management Software

'phred dist acd.tar.z'

Licensing and Activation

Lesson 3: Identifying Key Characteristics of Workgroups and Domains

Wimba Pronto. Version 2.1. User Guide

VA Smalltalk Installer

StrikeRisk v5.0 Getting started

Comodo LoginPro Software Version 1.0

ExData Pro (For IDE Hard Disk Only) User Menu Guide. Revision 2.7

Performer to DP2 Hot Folder Reference Manual Rev There is only one file involved with installing the Performer to DP2 Hot Folder.

Online Backup Client User Manual

SAS Installation Instructions Windows 2003, XP, 2000, NT. Workstation Installation Guidelines

Sun VirtualBox Installation Tutorial

EDS Attn: EDI Unit P.O. Box 2991 Hartford, CT

Password Changer User Guide

ESSENTIAL TECHNOLOGY SKILLS AND RESOURCES

Note: Act Today provide this KB article as a courtesy however accept no responsibility for content or the recipient performing these steps

CCH Client Axcess User Guide

Installation and Upgrade Guide Zend Studio 9.x

Function Point WORKBENCH Release 7.0k INSTALLATION GUIDE TABLE OF CONTENTS

Procedure to set up an HPIB 82350B card on an M57. M58 or C20x PC. Table 1: Parts required. Part Number Description Qty

Set-up Instructions For Mercedes-Benz WIS CD-Rom

NetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0

How To Upload Your Newsletter

Version S Cincinnati, Suite 105 Tulsa, OK (918) Fax (918)

Guide for K-6 Teachers

Read Naturally SE Software Guide. Version 2.0

Eaglesoft 19 Installation Instructions

TradeGuider VSA Plug-in for NinjaTrader quick install and setup guide.

Installing the C++ Development Tools

Transcription:

The Lock XP installation White Paper # 09995 Installing The Lock XP for a single Home computer, with multiple users. The operating system used for this demonstration is Windows XP Professional, but any version of Microsoft Windows 98 or later will work the same way. Download the latest version of The Lock XP installer from CrashCourse Software, and save the file in the C:\Temp folder. The next stop is to decompress the file. Double click the archive file to open the ZIP file so the setup program can be executed. Alternately, if you prefer to use WinZip, simply open the file LOCKXP.ZIP in WinZip and press the Install button. Run SETUP.EXE

The Lock XP s installer will start. Follow the prompts by clicking Next, taking any default settings that you are prompted with. Be sure to accept the license agreement to continue.

Once all installation settings have been selected, press the Install button to continue. At the end of the installation process, you will be prompted with the following dialog (if this is your first time to install The Lock XP). You will need to select Yes if you play to use any of The Lock XP s on-the-fly file and folder resource restrictions (which you will in this demonstration).

Once the installation is comp lete, press Finished to continue.

We are now ready to configure The Lock XP. Once you have pressed Finish, the Lock XP s Configuration Utility will load. If you would like to view the Quick Start guide, click yes on the dialog shown below. If this is your first installation of The Lock XP, you will be prompted to create a Master Administrator password. It is important that you make this password easy for you to remember, but difficult for others to guess. This password will give you full Admin istrator access to Lock XP functions, as well as allow you to uninstall the program, as well as grant access to restricted programs, if that feature is enabled. This is the only Master Administrator account. All other Administrator accounts are standard Administrators. The Master Administrator password dialog looks like this one above. The Lock XP installer will also check the logged on Windows user name. If the logged on Windows user is not ADMINISTRATOR, then their user name will be added to The Lock XP under the ADMINISTRATORS security account. Since

this account will have full Administrator rights to The Lock XP, you must be sure that your password is not blank, as this would give anybody access to the system that wanted it. The next pro mpt will be asking if you would like to run the Lock XP s Setup Configuration Wizard. For the demonstration, we will select No, then select one of the four defaults from the next dialog window. Since this system is primarily for home use, the option for Home computer has been selected. When you click OK on this dialog, you will be prompted to import existing Windows users. Since there are no other Windows users currently on this system (aside from my account, and the ADMINISTRATOR account), we will select No.

Since we are planning to create and configure users manually, we will select No, we do not wish to create any new users right now. Once the dialogs are cleared, The Lock Configuration Utility is displayed. From the image below, we can see there are two user accounts (ROB and ADMINISTRATOR), and two Security groups (ADMINISTRATORS and DEFAULT). We are now ready to create our first Security Group, add users to it, and set it s security. Before starting this process, I usually make a note of what users I plan to create, and what type of security they will need. In this demonstration, I will be creating three users: BECCA, SAMARA and MANDY. BECCA and SAMARA will have two varying levels of security, both based off the Home user default security. MANDY will have no security applied, but will not be an Administrator either.

The first step in creating a Lock XP user is to create a Security Group for that user to belong to. In order to accomplish this, select the System (the first entry in the User and Group tree), right click it and select New Group. Alternately, you can open Options, select Group, the New. The first user we are going to create is for a girl named Becca.

The New Group dialog is displayed. Create a name for this group. In our demonstration the group name is BECCA. Since she is a home user, we are going to take the default Home restrictions and build our security profile from there. As a note, you may check the option to create this group as a local Windows group as well, but it is not required.

We now have a new group called BECCA. The next stop is to add names to the BECCA group. To accomplish this, select the BECCA group from the user and group tree, right click the entry and select New User. Alternately, you could also select the desired group, then click options, Users, New. The User Configuration dialog will appear. Use this dialog to set a user name, and set it s password You will want to be sure to check the option Create Windows user. If you do not have this option checked, you will need to manually create your users in Windows, before they will be permitted to log onto the workstation.

A new user has now been created, and the User and Group tree should look like the following dialog.

The first thing we are going to do is modify some of the default security selected. Since the BECCA account is for a young person, they will need a little more security applied to them so that they cannot accidentally modify any system settings. When setting group security, I prefer to start with the first tab (Policy) and work my way to the right, to the last tab (Stations). I set the desired security items on each page, as I am working through it. In the above image, we have expanded the System Policy item, then checked the option to Secure Registry Run Keys. This option will allow The Lock XP to restrict having any programs added to the RunOnce, Run and Winlogon keys. I have also checked the option Disable Access to Administration Tools, that is at the top of the current list, and not actually shown on this screen.

We also want to restrict the times that she is allowed to be using the computer. These settings are on the Times tab. As can be seen from the image above. The BECCA security group is restricted from accessing the computer at certain times in the evening. Any time BECCA is logged in and time reaches a restricted hour, she will be automatically locked, or logged out, depending on the configuration from above. Any attempts to log into the machine during a restricted hour will result in the same.

By default, Home users are allowed to write to any folders that they want, except for the Windows folder, and the Lock s install folder. We will want to add another folder to the restrictions for the BECCA account. We want to add a restriction that will make the C: drive (the system disk) read only for this user. Click the Add button, and the following dialog will appear. Click on the Drives button to specify a type of drive to restrict. In our case, we are going to restrict the System Disk, and set it to Read Only.

With this option set, BECCA will not be able to write to any part of the C: drive, including sub folders. She will, however, have full read access to the drive. The next tab in the configuration utility is the Programs tab. On this tab, you will be able to configure programs that the user will be restricted from using (Restricted Programs), or create a list of valid programs the user can access (Allowed Programs), as well as configure a sort of Explorer/Program Manager (Secure Program Manager) that presents the user with a customizable program launching tool. The Secure Program Manger will contain a list of programs that the user may start by double clicking on it s icon. Both the Allowed Programs, and the Secure Program Manger are advanced tools, and will not be addressed in this demonstration. As you can see below, the Default Home security selection has automatically added some default program restrictions.

In the list of Restricted Programs, you will find the three items that make up a program identifier. 1) Program Name. This is the executable name that is run to start the program. Explorer.exe is a Program Name. 2) Program Class. This actually refers to the class of the Window, not the program itself. The Class name designates the identifier of Window itself. For example, from the window on the previous page, the Boot Drive Lock entry has a window class named TfBDCfg. 3) Program Title. This is actually the title of the window, and not the title of the program. Using the example from #2, we see the Class for the Boot Drive Lock entry as TfBDCfg, and the title as Boot Drive Lock Control Panel We don t really need to know all this stuff in order to make this feature work. All we need to do is know what window we want to stop our user from accessing. For this demonstration, I want to restrict BECCA from running the Windows XP Tour utility (accessed by selecting the option from the Start Menu, All Programs submenu). I don t know what the program that runs this utility is called, or even what it s main Window Class and Title are. So, how do I restrict this program? Simple. Press the Capture button, and the following dialog appears. Make a note of the key combination stated to activate the capture. In this case, it is CTRL + ALT + SHIFT + F12. Click OK, then run the Windows XP Tour from the Windows Start Menu. When it is started, you should see a window that looks something like this one. Make sure the window you want to capture is in focus (click on it s title bar, just to be sure), then press the hot-key combination (specified in the capture enabled dialog), and you should hear a sound (if you have speakers on your system). This indicates that the entry was recognized by The Lock XP and added to the current configuration.

As you can see, a new entry has been added to the Restricted Programs list. The Windows XP Tour starts by running a program called TOURSTART.EXE, wh ich displays a window with a class of #32770 (actually a common Windows class), and a title of Windows XP Tour. As soon as BECCA logs into the computer, The Lock XP will automatically be searching for her trying to use the Windows XP Tour (as well as the other programs on the Restricted Programs list). The last security tab is Stations, and is not going to be used in this demonstration. Basically, this page allows you to specify computer names for systems your users are allowed or not allowed to log into. With our first user created, and her security set, it is time to move onto our second user.

Right click the system name again, and select New Group. The name for this security group will be SAMARA. We will select the default security as Home restrictions again, the same as the BECCA Security Group.

Once the group is created be sure to check the option Disable Access to Administrator tools under the System heading, right click the name, and select New User. Create the user as SAMARA and set her password. Be sure to check the Create Windows user option before clicking OK.

Since SAMARA is the older of the two restricted users, she will need less security applied to her account, but, as shown above, she will still need to have time restrictions applied. The settings above force her to log off the system at 10:00 on week days, and 11:00 on weekends. She also does not have access to the computer during her dinner time hour.

Added security does not always need to be applied, but should be applied when the situation warrants such action. In this case, SAMARA would bring floppy disks home from school and put them into the computer. This, of course, creates a huge security risk, so in order to alleviate the problem, we add a No Access file and folder resource entry to block access to floppy disks. This process is performed the same way we added System Disk to the BECCA account.

For the SAMARA account, we are not going to add any extra Restricted Programs, but we are going to enable the Allow Administrator Override option. When this option is enabled, any time SAMARA has a Restriction Program notification, the Master Administrator will have the opportunity to type their password, and give SAMARA access to the restricted program until the next time she logs out of the system. This is all the extra configuration we will be doing for the SAMARA account

The next step is to create the MANDY security group and user account. As you can see from the above, we have selected the option to not add any security for this group. This will allow users in the MANDY group to have full access to the system, with the exception of access Administrator functions of The Lock XP itself. After the MANDY group is created, right click and select New User, and create the MANDY account, the same as the other accounts above.

The only policy item being set for this user is the Enable URL Audit Logging option under Logging Policy. Click this option, and we are done with creating our users. We have one more task to do. We need to turn on User Logging.

Click the System Configuration tab, and collapse the entries for Startup, Locking, and Passwords. Expand the entry for Settings, then Logging. Place a check mark in the Enable user logging entry. Now click File, then select Exit. Follow the closing prompts.

If you have a registration name and number, select Yes, otherwise select No to install the 30 trial version of The Lock XP. You will enter your registration into a dialog box that looks like the one above. Make sure to select Yes to this dialog box, if you wish to have The Lock XP load and secure your system at every boot. User who are running Windows XP (as is the system in the demonstration) have the use of the Windows Welcome Screen. This is the screen that displays all the users names, and puts a little picture next to their names. Since this is a home computer, it is safe to select the Use Windows Welcome Screen, and Enable Fast User Switching options. Click Done when you are ready to move to the next dialog.

The dialog above simply set weather The Lock XP will lock itself once the user logs in, or if it will allow the user logged into Windows to also be logged into The Lock XP automatically. This is an important step to the process. It is highly recommended that you create an Administrator key disk now. If you happen to forget your Master Administrator password, this Administrator key disk is the only way to gain access to some of the Administrator features of The Lock XP. Place a floppy disk into your floppy drive and press the OK button. The above dialog will be displayed if the Administrator key disk was created successfully. Alternately, if you don t have a floppy drive, for example, at the create an emergency access key disk dialog, press and hold Shift, then click OK.

The above dialog is then displayed when the file has been successfully created. Save the file from the location noted above to the removable media of your choice, and press OK. You have now installed and configured The Lock XP for a single system, with multiple user accounts. Press Yes now to restart the computer, and start using The Lock XP.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback