System Policies. However, profiles donít always go far enough. A savvy user who wants to exercise authority or access beyond granted parameters will find ways to view files or programs they donít have access to. Such users can alter their profiles, so they will have the access they want whenever they log on. To limit these users, and to further restrict your PC, implement system policies.
Create and edit System Policies using a tool called Poledit. The following
instructions may seem a little complex, but take it one step at a time. To
install Poledit, place your Win9x disc in the CD-ROM drive. Navigate to Start,
Settings, and Control Panel. In Control Panel, double-click Add/Remove Software.
Select the Windows Setup tab, click Have Disk, and then use the Down-arrow to
scroll to your CD-ROM drive. In Win95, navigate to Admin, Apptools, Poledit and
click OK. In Win98, navigate to Tools, Reskit, Netadmin, and Poledit. After you
have navigated to the correct folder, click OK, and select Group Policies And
System Policy Editor. Click Install and click OK. The Poledit program will be
installed and can be accessed by going to Start, Programs, Accessories, System
Tools, and System Policy Editor.
Once you log on as the administrator, or with the ID that has administrative rights, and have launched Poledit, click the File, New Policy. You will see two icons: a Default Computer and a Default User. Double-click the Default User icon. As you expand the trees in the window, notice the check box next to each option is gray by default, indicating that it will not be read when the policy is being applied. To implement each authority or restriction, click the checkbox to place a check next to the item. To clear the authority or restriction, double-click the check box to make it white.
To restrict user access to items in the system, go to the Shell, Restrictions section and check the first four that begin with Remove. Also select the last item, Donít Save Settings At Exit. Then, under the System, Restrictions section, click Disable Registry Editing Tools. If you are not selecting an item, it is best to clear it (double-click) instead of leaving it grayed out. Once you are done, select File, Save As, and type Config.pol.
You can create individual user policies by selecting Add User from the Poledit toolbar and entering the username of the account you wish to restrict. Double-click on that userís policy and edit the appropriate restrictions as outlined above. As long as you maintain the administrative access to your system, do not limit your account policies; as the administrator, you should have permission to everything. Donít be afraid to experiment with the various policy settings. As long as you have an ID that can log on and have Poledit and Registry editing access, you can reset other policy settings.
You should create a policy for each user who accesses your computer so you can set explicit limits on their authority while they are logged on. Sometimes, however, this may not be enough. You can bypass Win9x logons by pressing the ESC key, and new users can access a windows system by typing a new ID into the logon screen and answering yes to the Do You Wish To Create A Folder prompt. This will load a specific user profile that may not have restrictions implemented.
To minimize this potential security hole, log on to your computer by pressing the ESC key at the logon prompt. Launch Poledit again, and click File, then Open Registry. Set the attributes under Local User and Local Computer to restrict the things you want to lock down from nonauthorized users. Remember to save the work you do in Poledit. The Local User policy becomes the default policy for users logging on after it is created and modified.