Want to prevent the installation of programs...

Looks like setting user accounts to limited isn't enough to stop the installation of programs...specifically AOL's AIM.
My account is administrator and the kids' accounts are limited but they can still install this software. How can I go about preventing them from having the ability to install this or any other potentially unwanted program on my computer?

 

Joe, you have two choice - either get XP Pro or use some 3rd party program with XP Home to accomplish your goal.

You can do that using Group Policy in XP Pro but that is not available in the Home edition. In Home, you can restrict the installations to be available to the installing party only but that's as far as it goes.

There may be some freebies out there that do that so give Google a shot at it.

Good luck!

 

Joe Locke--If you want to prevent access to certain sites consider a HOSTS file
http://www.accs-net.com/hosts/
or
Content Advisor
IE Tools|Internet Options|Content tab|Content Advisor or
IE Tools|Internet Options|Security tab|Custom Level|under Downloads change File Download to Disable. This is pretty easy to change back if your kids know how to operate IE.

 

Take a look at Doug Knox's Windows XP Security Console. It provides some of the security options available in XP Pro.

 

Make yourself harder to see

Start by installing a good 'two-way' firewall with a built in and updatable library of known bad web sites. I swear by Outpost, which is available in the new version 3 and is being offered with a variety of purchase incentives.

Outpost Pro Firewall from Agnitum.com

How it compares to the ever popular Zone Alarm is beyond me. I switched to Outpost about four years ago and never looked back. They are priced about the same, but for my money I'll go for Outpost, hands down. If you have multiple computers, consider a Family License (five computers) which is value priced and affordable, with a two year license period.

You might want to consider which services Windows is running, and elliminate any that are not needed, most particularly services that help a remote computer discover what services you have running, and exposed. I'm no expert, so you will need further expert advice with this process. It's not something you want to just go willy-nilly with.

Two services your home computer can definitely do without are Simple Service Discovery Protocol (SSDP) and Universal Plug and Play (UPnP, not to be confused with PnP, which is critical to Windows). With these two services off and disabled, you can reduce the chance of unwanted installations by a certain degree, I'm sure. I think someone like Arie, or Steve Gibson can offer better information than I, so do a little research. Be sure to back up the services registry key before changing anything. That way at least you can go back (hopefuly) and start again from scratch with a restored registry key.

You need to log in as an Admin. The services snap-in is here:

Run: services.msc or Control Panel> Administrative Tools> Component Services> Services (Local).

The Services Registry Key is here:

Run: regedt32

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Just single click the key when you locate it, then

File> Export and save it with a name you can recognize, like hklm_services.reg, in a safe place on your hard drive that is easy to locate.

I recommend NOT saving registry merge scripts in their clickable (.reg) form. Just rename it (AFTER saving) with an added (.txt) extension. This will keep it from being accidentally re-merged with your registry.

Microsoft Antispyware beta is proving itself a worthy addition to any XP box, and has run with no problems on my XP PRo machine since it was first introduced to us (by Arie). It can help you to keep an eye on programs trying to install themselves, much the same way Tea Timer does in Spybot S&D, or M Lin's "Startup Monitor" used to do for Win9x boxes of past years.

MS AS Beta also offers some very powerful tools (in the right hands) that can help you to monitor the state of installed programs and executable objects, and help you to safely remove those that you don't want. This is not a diss for any of Patrick Kolla's hard work--Spybot S&D is still a well recognized and supported 'free' product, and he and his team deserve all the support we can give them.

Look into Eric Howes' IE Spy-Ad registry merge. Eric works closely with Agnitum on their plug-in AGNIS, and no doubt had a big hand in helping them to develop the AS component of the new Outpost 3.0. His links are all over this site, so I won't add more.

Javacool Software offers a great little program (Spywareblaster) that performs much the same task as Eric's .reg script, but makes updating a little easier. (Eric's earlier script must be removed before the new one can be merged.) It doesn't do any scans or real time monitoring, it simply merges the huge number of known bad sites into the Restricted Sites key of the registry.
Update, protect and close.

Once again, I must remind you that as a lay person, I am not qualified to give expert advice, so do your research, get qualified assistance and give yourself
an escape route (to restore original settings).

BTW, there are other services that can terminated, that will help you to further harden up your machine and improve overall performance, but I'll leave this topic for someone with better information than mine.

Cheers!

 

I understand you can get to some of the available XP PRO security stuff if you boot HOME in SAFE MODE. Can I do what you speak of if I set it up in SAFE MODE?

 

Will add AOL.COM to HOST file as 127.0.0.0 and start from there!
Will also check Custom Level and Content Advisor options. Thanks!

 

Not so sure this reply was meant for me...

 

get the windows shared computer toolkit. read it's docs before installing as it requires some HD partitioning on most systems. eg - u gotta provide some unused HD space for it to function properlly.

windows shared computer toolkit home page