Hi,
I recently got a job: A library (with books and stuff, not a dll) wants a special user which library visitors (aka anybody) can use for two and only these two things:
- Access to a library software
- Access to Internet (with IE 10)
They have a thin client and this public user will login on a terminal server with 2008 R2.
So i began to completely lock down the (mandatory, by the way) user profile. By now everything is disabled; the user can do absolutely nothing except using a strongly locked down Internet Explorer and the mentioned library software. Everthing is great, except
for one single problem:
The user still has access to Windows Explorer when he tries to change the downloads directory through the IE download manager. In the administrative group policy templates for IE, there is no appropriate option for that.
As a result, all servers are visible unter "network" and in some cases, the user even has read permissions to its shares.
Is there any possibility to disable this explorer frame or at least the "network" list in it? For the latter, I've found some registry tweaks, but unfortunately they're system level.
Can anyone help me?