Browsing my one of my favorite RSS feeds: LifeHacker. I came across something that might be useful to a bunch of Small Business Server VAPs configuring your network. In many cases, some companies like to provide a courtesy kiosk for visiting folks or perhaps they have a single computer for the break room.
Over at How-To Geek is where they outline the steps. Basically it leverages local Group Policy (although there is no reason you can’t do this in global group policy on your Windows Small Business Server 2008 machine) to allow users to only run certain applications. Thus preventing users from getting into trouble and lowering your total cost of ownership on that client PC (or your whole network).
I’m copying the steps here for convenience. Thanks How-To Geek!
If you have a shared or public computer you might want to allow users to use only specified programs. Today we take a look at a setting in Local Group Policy that allows you to set only specified programs to run.
Note: This process uses Local Group Policy Editor which is not available in Home versions of Windows 7.
First click on Start and enter gpedit.msc into the search box and hit Enter.
Navigate to User Configuration \ Administrative Templates \ System. Then under Setting scroll down and double click on Run only specified Windows applications.
Set it to Enabled, then under the Options section click on the Show button next to List of allowed applications.
A Show Contents dialog comes up where you can type in the apps you want to allow users to run. When finished with the list, click OK then close out of Local Group Policy Editor.
If a user tries to access an application that is not on the specified list they will receive the following error message.
This is a nice feature for limiting what programs users can or cannot access on the computer.