From: Shenan Stanley on
Booli wrote:
> Thanks both u John & Pegasus I can understand what u explain to me.
> I got an idea like this if I'm incorrect pls rectify me.
> * First I'm going to be administrator of other five pcs my own
> password. I'll give other users Limited Accounts.
> * Mainly I want to Block USB Mass Storage devices & Access of
> Internet each computer.
> * So please let me know how to do that. One person said me USB
> storage can be blocked by registry editing. and I donno how to
> block Internet access specific computer
> Please help me. hope ur kind reply.

Let's try to clear this up.

You have 6 computers in a "workgroup" right now. A workgroup is nothing
more than 6 computers that all decided they would share the same 'family
name' --> but it's nothing official. It helps them recognize one another in
some ways - but the relationship is not a strong one - they are merely
'familar' with one another.

Each computer is still fully its own stand-alone system with its own set of
users, own set of policies and rules. In the end, it could care less how
the other computers in the workgroup are setup and is generally unaffected
by their setup.

What this means is (without involving a server and/or joining the systems to
a domain) you have no central control of those five computers - other than
what you *manually* setup. You can go to each computer and create an
account that has administrative rights - naming it the same and giving it
the same password on all the computers. You can change all other users (or
only create other users as) to limited accounts.

As for your Internet blocking - with your setup you will have to do it at
the Internet level itself. You will need to control the "router" that they
connect to that also connects to the Internet and then - only if that router
is one with such features - can you prevent them from going out to the
Internet but still allow them to use the local area network to communicate
within the 'room'.

Time for you to learn to search for answers... If you cannot do this - then
the duties you seem to be taking on are not meant for you - find another
career.

Now is a great time to point you to one of the easiest ways to find
information on problems you may be having and solutions others have found:

Search using Google!
http://www.google.com/
(How-to: http://www.google.com/intl/en/help/basics.html )

Example - your USB query:
http://www.google.com/search?q=control+USB+access+Windows+XP

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


From: John John - MVP on
On 7/17/2010 10:27 AM, Booli wrote:
> On Jul 17, 7:20 pm, John John - MVP<audetw...(a)nbnot.nb.ca> wrote:
>> On 7/17/2010 9:58 AM, Booli wrote:
>>
>>> In my office we have 6 computers which are connected by a Hub.
>>> I have created a user group call "CECILIYAN".
>>> I have connected internet one port of that hub. So any one can access
>>> to Internet in that group.
>>> Now I want to make my PC as the Administrator of this user group.
>>> And I should be able to control other PCs by blocking USB Pen drives&
>>> Internet Access& other things.
>>
>>> Please let me know how to do it. Is there any third party tool or
>>> registry editing or any way to control that things
>>> Thank you.
>>
>> On a peer network there is no central administration, you have to make
>> these kind of changes to each individual machine. You can use remote
>> tools or push changes from one machine but you have to devise your own
>> techniques to effect these kind of changes to all the machines in a
>> reasonably efficient manner. You also need to make sure that no one on
>> any of the remote machines are members of the administrator group as
>> they will be able to undo anything that you do.
>>
>> John
>
> Thanks Mr.John for kind instructions.I'll try& hope more answers if
> anyone knows abt this matter.

As Pegasus has mentioned your best option would be to have a server
where all of these things can be centrally administered. If adding a
server is not an option then the only thing that I can add or suggest is
that you enable the Remote Registry service on all the machines and that
you make sure that administrative shares are enabled on the operating
system drive on all the machines. Then from one of the desktops in the
workgroup you will be able to access these machines and do some changes,
but anytime you want to make a change you will still need to do the
changes to every individual machine or you will have to devise scripts
or batch files that make use of ComputerNames or IP addresses to make
changes to all the machines.

If you want to use Group Policies you can configure one machine with the
policies that you want and then you can export/import the policy to the
other machines, there again if you later decide to change your GPOs you
will still have to apply the changes to each machine individually. You
can also setup logon or machine scripts on each machine then from your
desktop you can create or modify the scripts and then via the
administrative shares you can change or replace the scripts on each
machine. Or you can place scripts or batch files in the common startup
locations, like the Startup folder for example.

Bottom line is that there is no easy way to do what you want on a peer
network, you have to be creative and resourceful to try to centrally
manage a peer network. You will have to learn how to use scripts and
batch file and you will have to craft these so that they suit your
needs. I would suggest that you look into and familiarize yourself with
the Sysinternals PsTools suite of tools, in many situations these will
be quite useful. And I repeat again, while logged on at any machine any
user with administrative privileges will be able to undo any of your
changes on any or all of the machines in the workgroup!

John
From: John John - MVP on
On 7/17/2010 10:56 AM, Booli wrote:
> On Jul 17, 7:37 pm, "Pegasus [MVP]"<n...(a)microsoft.com> wrote:
>> "Booli"<lasithakamalpr...(a)gmail.com> wrote in message
>>
>> news:893dd116-37f7-4721-a357-7c9130c96c97(a)w35g2000prd.googlegroups.com...
>>
>>
>>
>>
>>
>>> On Jul 17, 7:20 pm, John John - MVP<audetw...(a)nbnot.nb.ca> wrote:
>>>> On 7/17/2010 9:58 AM, Booli wrote:
>>
>>>>> In my office we have 6 computers which are connected by a Hub.
>>>>> I have created a user group call "CECILIYAN".
>>>>> I have connected internet one port of that hub. So any one can access
>>>>> to Internet in that group.
>>>>> Now I want to make my PC as the Administrator of this user group.
>>>>> And I should be able to control other PCs by blocking USB Pen drives&
>>>>> Internet Access& other things.
>>
>>>>> Please let me know how to do it. Is there any third party tool or
>>>>> registry editing or any way to control that things
>>>>> Thank you.
>>
>>>> On a peer network there is no central administration, you have to make
>>>> these kind of changes to each individual machine. You can use remote
>>>> tools or push changes from one machine but you have to devise your own
>>>> techniques to effect these kind of changes to all the machines in a
>>>> reasonably efficient manner. You also need to make sure that no one on
>>>> any of the remote machines are members of the administrator group as
>>>> they will be able to undo anything that you do.
>>
>>>> John
>>
>>> Thanks Mr.John for kind instructions.I'll try& hope more answers if
>>> anyone knows abt this matter.
>>> Regards
>>> Booli
>>
>> There is nothing much that can be added to John John's reply. You currently
>> operate in a peer-to-peer network, hence by definition there is no central
>> administration. With 6 PCs you should consider installing Windows Small
>> Business Server on your own machine. This would give a central point of
>> control and it would allow you to formulate policies that govern the
>> operation of the other machines.
>
> Thanks both u John& Pegasus I can understand what u explain to me. I
> got an idea like this if I'm incorrect pls rectify me.
> * First I'm going to be administrator of other five pcs my own
> password. I'll give other users Limited Accounts.
> * Mainly I want to Block USB Mass Storage devices& Access of Internet
> each computer.
> * So please let me know how to do that. One person said me USB storage
> can be blocked by registry editing. and I donno how to block Internet
> access specific computer
> Please help me. hope ur kind reply.

Look at the IntelliAdmin USB Disabler tool available here:
http://www.intelliadmin.com/index.php/usb-disabler-pro-manual/ You will
find other useful network administration tools on their site.

or do your research and push the registry settings to all the machines.

To block internet access install a half decent business class router on
your network and you will be able to block access by IP or MAC address
at the router.

John
From: Booli on
On Jul 17, 8:22 pm, John John - MVP <audetw...(a)nbnot.nb.ca> wrote:
> On 7/17/2010 10:27 AM, Booli wrote:
>
>
>
>
>
> > On Jul 17, 7:20 pm, John John - MVP<audetw...(a)nbnot.nb.ca>  wrote:
> >> On 7/17/2010 9:58 AM, Booli wrote:
>
> >>> In my office we have 6 computers which are connected by a Hub.
> >>> I have created a user group call "CECILIYAN".
> >>> I have connected internet one port of that hub. So any one can access
> >>> to Internet in that group.
> >>> Now I want to make my PC as the Administrator of this user group.
> >>> And I should be able to control other PCs by blocking USB Pen drives&
> >>> Internet Access&    other things.
>
> >>> Please let me know how to do it. Is there any third party tool or
> >>> registry editing or any way to control that things
> >>> Thank you.
>
> >> On a peer network there is no central administration, you have to make
> >> these kind of changes to each individual machine.  You can use remote
> >> tools or push changes from one machine but you have to devise your own
> >> techniques to effect these kind of changes to all the machines in a
> >> reasonably efficient manner.  You also need to make sure that no one on
> >> any of the remote machines are members of the administrator group as
> >> they will be able to undo anything that you do.
>
> >> John
>
> > Thanks Mr.John for kind instructions.I'll try&  hope more answers if
> > anyone knows abt this matter.
>
> As Pegasus has mentioned your best option would be to have a server
> where all of these things can be centrally administered.  If adding a
> server is not an option then the only thing that I can add or suggest is
> that you enable the Remote Registry service on all the machines and that
> you make sure that administrative shares are enabled on the operating
> system drive on all the machines.  Then from one of the desktops in the
> workgroup you will be able to access these machines and do some changes,
> but anytime you want to make a change you will still need to do the
> changes to every individual machine or you will have to devise scripts
> or batch files that make use of ComputerNames or IP addresses to make
> changes to all the machines.
>
> If you want to use Group Policies you can configure one machine with the
> policies that you want and then you can export/import the policy to the
> other machines, there again if you later decide to change your GPOs you
> will still have to apply the changes to each machine individually.  You
> can also setup logon or machine scripts on each machine then from your
> desktop you can create or modify the scripts and then via the
> administrative shares you can change or replace the scripts on each
> machine.  Or you can place scripts or batch files in the common startup
> locations, like the Startup folder for example.
>
> Bottom line is that there is no easy way to do what you want on a peer
> network, you have to be creative and resourceful to try to centrally
> manage a peer network.  You will have to learn how to use scripts and
> batch file and you will have to craft these so that they suit your
> needs.  I would suggest that you look into and familiarize yourself with
> the Sysinternals PsTools suite of tools, in many situations these will
> be quite useful.  And I repeat again, while logged on at any machine any
> user with administrative privileges will be able to undo any of your
> changes on any or all of the machines in the workgroup!
>
> John

Mr.john Shehan & Peasus I appreciate your great help. I can block USB
by the software that u suggested. I'm person liable person for the Pc
systems in my office. Other users in my office are very new to the
computers. So I discuss with the boss to take all the admin
privileges belongs to me on our system. It is a better idea to install
a sever system but It's much expensive method for us. I decided to
become admin of all that pcs by giving others to limited account. I
keep one password for all other pcs & block USB with that software &
change TCP/IP & Gateway Address, Automatically to such as 1.1.1.1 then
any one can not access to Internet because the a limited. I do this
all for protect our PC Accounting software database from viruses. I'm
sorry if I disturb you. again I grateful to you for your kind help.
Thanks
Booli
From: John John - MVP on
On 7/17/2010 12:35 PM, Booli wrote:
> On Jul 17, 8:22 pm, John John - MVP<audetw...(a)nbnot.nb.ca> wrote:
>> On 7/17/2010 10:27 AM, Booli wrote:
>>
>>
>>
>>
>>
>>> On Jul 17, 7:20 pm, John John - MVP<audetw...(a)nbnot.nb.ca> wrote:
>>>> On 7/17/2010 9:58 AM, Booli wrote:
>>
>>>>> In my office we have 6 computers which are connected by a Hub.
>>>>> I have created a user group call "CECILIYAN".
>>>>> I have connected internet one port of that hub. So any one can access
>>>>> to Internet in that group.
>>>>> Now I want to make my PC as the Administrator of this user group.
>>>>> And I should be able to control other PCs by blocking USB Pen drives&
>>>>> Internet Access& other things.
>>
>>>>> Please let me know how to do it. Is there any third party tool or
>>>>> registry editing or any way to control that things
>>>>> Thank you.
>>
>>>> On a peer network there is no central administration, you have to make
>>>> these kind of changes to each individual machine. You can use remote
>>>> tools or push changes from one machine but you have to devise your own
>>>> techniques to effect these kind of changes to all the machines in a
>>>> reasonably efficient manner. You also need to make sure that no one on
>>>> any of the remote machines are members of the administrator group as
>>>> they will be able to undo anything that you do.
>>
>>>> John
>>
>>> Thanks Mr.John for kind instructions.I'll try& hope more answers if
>>> anyone knows abt this matter.
>>
>> As Pegasus has mentioned your best option would be to have a server
>> where all of these things can be centrally administered. If adding a
>> server is not an option then the only thing that I can add or suggest is
>> that you enable the Remote Registry service on all the machines and that
>> you make sure that administrative shares are enabled on the operating
>> system drive on all the machines. Then from one of the desktops in the
>> workgroup you will be able to access these machines and do some changes,
>> but anytime you want to make a change you will still need to do the
>> changes to every individual machine or you will have to devise scripts
>> or batch files that make use of ComputerNames or IP addresses to make
>> changes to all the machines.
>>
>> If you want to use Group Policies you can configure one machine with the
>> policies that you want and then you can export/import the policy to the
>> other machines, there again if you later decide to change your GPOs you
>> will still have to apply the changes to each machine individually. You
>> can also setup logon or machine scripts on each machine then from your
>> desktop you can create or modify the scripts and then via the
>> administrative shares you can change or replace the scripts on each
>> machine. Or you can place scripts or batch files in the common startup
>> locations, like the Startup folder for example.
>>
>> Bottom line is that there is no easy way to do what you want on a peer
>> network, you have to be creative and resourceful to try to centrally
>> manage a peer network. You will have to learn how to use scripts and
>> batch file and you will have to craft these so that they suit your
>> needs. I would suggest that you look into and familiarize yourself with
>> the Sysinternals PsTools suite of tools, in many situations these will
>> be quite useful. And I repeat again, while logged on at any machine any
>> user with administrative privileges will be able to undo any of your
>> changes on any or all of the machines in the workgroup!
>>
>> John
>
> Mr.john Shehan& Peasus I appreciate your great help. I can block USB
> by the software that u suggested. I'm person liable person for the Pc
> systems in my office. Other users in my office are very new to the
> computers. So I discuss with the boss to take all the admin
> privileges belongs to me on our system. It is a better idea to install
> a sever system but It's much expensive method for us. I decided to
> become admin of all that pcs by giving others to limited account. I
> keep one password for all other pcs& block USB with that software&
> change TCP/IP& Gateway Address, Automatically to such as 1.1.1.1 then
> any one can not access to Internet because the a limited. I do this
> all for protect our PC Accounting software database from viruses. I'm
> sorry if I disturb you. again I grateful to you for your kind help.

You're not disturbing us at all, you're welcome and come again if you
need more help!

John
First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: blue screen
Next: Why won't Internet Explorer open?