Locking down the desktop is an important component in change control, and takes you back to the first anecdote at the beginning of this chapter.
You can also create custom configurations for Internet Explorer to enforce download and browsing policy and so on. Other policies that are extremely useful can achieve the following:
♦ Prevent users from changing the path to their My Documents folders. This policy is often used if you need to ensure that users' documents and other work-related files are redirected to a server folder where they are certain to be backed up.
♦ Disable the Control Panel, which prevents users from fiddling with the settings that govern their displays, network connections, communications, and so on. You can also hide specific Control Panel programs if your users need access only to certain items.
♦ Hide access to the CD-ROM and the floppy disk drive. By taking away these ports, you prevent users from introducing viruses or rogue software into the network, and you ensure that the enterprise can control software piracy. (Remember that you need to lock down access to the Internet and e-mail as well to be 100 percent sure that no viruses are being introduced to the systems.) You can also hide the hard disk drives from the users.
♦ Disable the Command Console so that users cannot execute commands from the command line. For hackers, accessing the command line on a computer is like making it to the first floor.
♦ Disable access to the registry editing tools such as Regedt32 or Regedit.
Was this article helpful?