KeePass is a highly recommended Passwordsafe. Despite its supposed to be used mainly by private people it’s adaptable for business cases. In my company the KeePass password database is saved on a SharePoint folder and is encrypted with a password and a private key. The key has to be stored on the local machine.
It could be difficult to force employees to store their passwords in the KeePass database as many won’t get along with it. They’ll more likely store their password in third party tools.
However storing a users password in another programm as KeePass f.e. microsoft remote desktop can be a security risk because the password is only encrypted in the user context.
The goal of this project is a simple Windows 7 Kiosk installation with nothing else as the newest version of internet explorer installed. A user should not be allowed to do something than can malfunction the system or even elevating the user privileges. I want to show you in this post which GroupPolicies I’ve used and what configurations I made to set up this type of installation.
First I want to commit my principles for working with ActiveDirectory and Group Policies:
- If not needed a GroupPolicy shouldn’t contain any registry keys.
- Group Policies instructions are much easier to read.
- Only AMDX templates are allowed, this means no AMD templates or anything else.
- AMDX won’t in contrast to AMD templates becopied to the client, they stay in the SYSVOL Policy Definition folder on the domain controller.
- The Group Policy objects should be reusable.
- Configuring the minimum.