Main:advertisement
In this article we will learn how to restrict users\' capabilities on a Windows NT - like machine (Windows 2000, XP, 2003, Vista).
Limiting Windows accounts
In this article we will learn how to restrict users' capabilities on a Windows NT - like machine (Windows 2000, XP, 2003, Vista).
Please keep in mind that you'll need to manually edit your registry, so a full backup before proceeding may be a wise choice.
* Restrict file access *
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Value Name: NoDrives (prevents viewing drives' icons)
Value Name: NoViewOnDrive (prevents viewing drives' content)
Data Type: REG_DWORD (DWORD Value)
This setting allows you to control which drives are visible in My Computer and Explorer. It is possible to hide all drives or just selected ones.
To disable all the drives set the value to "67108863"; for single drives:
A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L: 2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144, T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z: 33554432
For example to hide drive A and drive D, you would add 1 (A) + 8 (D) which means the value should be set to "9".
Please keep in mind that you should also deny reading privileges to the restricted account in order to make this measure effective.
-------------------------------------------------
* Restrict Users from Running Specific Applications *
This setting allows you to specify applications and filenames that users are restricted from running.
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Value Name: DisallowRun
Open your registry and find the key [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run.
Then create a new sub-key called [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun] and define the applications the are to be restricted. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be restriced (e.g. "regedit.exe").
Restart Windows for the changes to take effect.
-------------------------------------------------
* Disable Registry Editing Tools *
User Key: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Value Name: DisableRegistryTools
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = allow regedit, 1 = disable regedit)
-------------------------------------------------
* Disable the Windows Hotkeys *
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Value Name: NoWinKeys
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disable restriction, 1 = enable restriction)
-------------------------------------------------
* Disable the Shut Down Command *
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Value Name: NoClose
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = shutdown enabled, 1 = shutdown disabled)
-------------------------------------------------
* Disable the Run... dialog *
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Value Name: NoRun
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = Run... enabled, 1 = Run... disabled)
-------------------------------------------------
* Disable the Ability to Right Click on the Desktop *
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Value Name: NoViewContextMenu
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)
-------------------------------------------------
* Hide All Items on the Desktop *
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Value Name: NoDesktop
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)
-------------------------------------------------
* Remove File Menu from Explorer *
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Value Name: NoFileMenu
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)
These are only a few of the possible restricting keys.
Knowing them may be useful in many ways, especially in a LAN.
Posted by 
