Hi Bil, my name is ***** ***** I would love to help you with your question.
I am thinking what you want is possible, but may take some configuration as you indicated you thought it would.
Can you provide more details on your use case? It sounds like you want to setup a locked down browser for students or for use in a library or a call center or something.
Are you using the router on your network for the white list? It sounds like you are trying to keep the user from getting into things, so that would be one way to do it.
Also, may I ask what the need for the virtual machine is? Knowing that may let me offer additional suggestions for you.
I will try to get back to your question as soon as I can, but I may want to do some research upon receipt of your clarifications to your question. This is a fun question to me, so I really am eager to help you with this.
Okay Bil, I have gotten your response, and I will have to look it over and respond later today. I just wanted to send you a quick note to let you know that I did see the information you provided so you're aware I'm working on your issue.
I've read thru your use case and I have a proposed solution. This is what I would do. Disclaimer: I am assuming you realize this is totally terrible from any sort of security viewpoint. If the users have physical access to a machine and know what they are doing, they can get around just about any security. Even if they don't know much, opening up another browser would defeat this whitelist ideas in about 1 second. So my guess is the reason you want the setup you described is so that the employees in good faith only use the company cards on websites that you are okay with and this makes it very easy for you to handle that. I'll outline the steps below, let me know if any of them need more detail for you to understand or if you have any questions on anything.
This method will allow you to update the list of "white listed" websites by simply updating the webpage you are hosting whenever you want. Again, this will keep honest users able to easily tell what websites you are okay with them visiting, but is pretty terrible security. Do be aware you can sometimes go to 3rd party websites and through them gain access to any website you want, but usually you have to work to do that, so I'd consider it an edge case that a user would get to a non-approved website by mistake.
If this answers your question, I'd really love it if you would rate me. If you have more questions, just ask!
If you'd like me to walk you through the setup for this and/or create the webpage and help you host it, I can do that. I also could show you how to host it for free on github if that's something you want. I believe walking you through those steps and/or doing the development for the website would be above and beyond the scope of answering your question, so I think it would be fair to figure out a rate for that between us. Please note, I'm not suggesting we do business outside of JA, nor am I trying to shake you down. I am just offering remote assistance, which is a JA service to add value to your question if you want someone to hold your hand thru the process. If an overview is all you are looking for, I hope I've provided that and if you desire more details on that overview, I'm more than happy to provide those details without any additional charges. Thank you very much!
Hey, that is no problem at all!
The solution I outlined should meet the use case as I understand you described it, but I want you to understand it and be happy with the answer since there are usually multiple ways of getting things done with software. I was trying to design a solution for you that was both flexible and easy as well as meeting your requirements. Please understand I'm not trying to get you to pay more, I'm simply offering more in-depth help if you see value in that. If you want to just go back and forth in this format, I'm fine with that too. You are in control, just let me know!
If you have any follow up questions or concerns after talking to your colleague, I'm here. Thanks!
So I'm understanding you want to not connect these machines to a domain and you want to allow admin rights to the users, correct?
If so, they WILL easily be able to change ANYTHING on the computer. That is the point of an admin account in Windows. So your statement of "When I say permanent I mean users should not be able to delete them under any account, including the admin account." will not work unless you had Microsoft redesign how Windows works.
It also looks like you are adding a requirement I don't recall reading about before - that you want a shortcut that is larger than a regular shortcut. Off the top of my head, I'd guess this may be possible, but I'm not sure how much work this would entail. I'm very confused at this point where your requirements are coming from for this project. I'm sure you have an excellent reason for trying to do things a certain way, but at this point I'm confused as to what you are asking for. If you give users admin rights to a computer, usually you don't also try to lock it down (except when you lockdown network resources, and generally with Windows that means you have domain users). So if you are willing and able to describe WHAT you want to do and WHY rather than giving me the HOW, that may be a better option so I can guide you to the solution that will be best for you.
Also, my apologies for not getting back to you sooner, I was busy all weekend restoring my boat and I didn't take any time to be on the computer. I should be able to respond much faster now that the workweek has started for me.
Hi Bil, do you still need help?
If you can respond to my last post, I'll continue to help you. If you believe I've resolved your issue and provided value, I'd appreciate it if you would rate me. Again, if you still need help, let me know.