After you secure your shared computer, you still need to manage it using an Administrator account, which might be harder than you first think. If you enable certain combinations of the Microsoft Shared Computer Toolkit restrictions, you might be prevented from logging on under the Administrator account. Here are some ways to avoid this problem:

  • Disable the Restart at Logoff option. When you disable this option, Windows Disk Protection won't run after each session and subsequent users will see changes to the C drive until the next scheduled reboot when Windows Disk Protection resets the partition. If you disable the Restart at Logoff option, consider locking the user profile and restricting access to the C drive to reduce the locations in which shared users can make persistent changes. Be sure that your programs will work in this highly locked down mode. To log on under the Administrator account, log off the shared access computer, which will bring up the Windows Welcome dialog box. Press Ctrl+Alt+Del twice to bring up the traditional logon dialog box, then log on under the Administrator account.
  • Keep the Administrator listed in the Welcome dialog box. If only one user (e.g., Public) is listed in the Welcome dialog box, then Windows XP will automatically log that user on. Adding the Administrator or another account to the list will cause XP to stop at the Welcome dialog box and wait for a user to be selected. At this point, you can select Administrator and enter the password for that account. A drawback to this approach is that all public users will see this account.
  • Disable the Welcome dialog box. When you disable the Welcome dialog box, XP will prompt you for a username and password. However, users will need to know to type Public in the Username textbox, which makes the computer less user-friendly.
  • Use a network-based logon such as Terminal Services. If your shared computer is network accessible, you can enable Terminal Services and remotely connect to the computer using the Administrator account to make any system changes. However, you'll need to use IPsec to secure this connection.