Frank Condron's World O'Windows
Creating Secure User Profiles under Windows 95
Last Modified: June 28, 1996

 

The following is the text of a letter by Richard Turner of Augusta, Georgia. It was published in PC Magazine's July 1996 issue, and is undoubtedly copyrighted by them. I'm including it because it addresses a common question about how to create secure user profiles in Windows 95. This was a Stumper question at one point - many people responded that the answer was to use the Policy Editor, but no one explained the exact, best procedure. This letter does a very good job of that.

Once again, the following is directly from PC Magazine, and was written by Richard Turner.

 


Publicly accessible computers, such as those in schools, require a significant degree of security to prevent abuse. The Windows 95 CD-ROM provides the tool you need to implement restrictive policies on such machines in the form of the Policy Editor (POLEDIT) application. Unfortunately, the Windows 95 Resource Kit doesn't tell you how to use POLEDIT for standalone computers, so I developed a method of my own:

  1. Prepare the System. Use Explorer to make backup copies of USER.DAT and SYSTEM.DAT, in case of emergency. Make sure you have at least 10MB free on the Windows drive to hold user profile information.
  2. Enable User Profiles. Launch the Password applet in Control Panel. Click the User Profiles tab, click the option Users Can Customize…, and check the two boxes. Click OK; Windows will restart.
  3. Create Profiles. When Windows restarts, log on as User and allow Windows to create folders to hold your profile information. Shut down and log on again as Administrator, with a suitably obscure password, and again allow Windows to create profile folders. Don't forget this password!
  4. Restrict User Access to Programs. While logged on as Adminstrator, use Explorer to navigate to C:\WINDOWS\PROFILES\USER\STARTMENU. In this folder and those below it, delete any shortcuts to programs the user shouldn't be allowed to run, including every shortcut to the Recent folder. Be sure to delete the shortcuts to POLEDIT, Regedit, and Explorer.
  5. Ins