Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 27
Guests Online: 22
Members Online: 5

Registered Members: 82903
Newest Member: Piriformis
Latest Articles

Limiting Windows accounts

Arrow Image In this article we will learn how to restrict users' capabilities on a Windows NT - like machine (Windows 2000, XP, 2003, Vista).



Limiting Windows accounts

In this article we will learn how to restrict users' capabilities on a Windows NT - like machine (Windows 2000, XP, 2003, Vista).
Please keep in mind that you'll need to manually edit your registry, so a full backup before proceeding may be a wise choice.

* Restrict file access *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
Value Name: NoDrives (prevents viewing drives' icons)
Value Name: NoViewOnDrive (prevents viewing drives' content)
Data Type: REG_DWORD (DWORD Value)

This setting allows you to control which drives are visible in My Computer and Explorer. It is possible to hide all drives or just selected ones.
To disable all the drives set the value to "67108863"; for single drives:

A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L: 2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144, T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z: 33554432

For example to hide drive A and drive D, you would add 1 (A) + 8 (D) which means the value should be set to "9".

Please keep in mind that you should also deny reading privileges to the restricted account in order to make this measure effective.


-------------------------------------------------

* Restrict Users from Running Specific Applications *

This setting allows you to specify applications and filenames that users are restricted from running.

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
Value Name: DisallowRun

Open your registry and find the key [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]

Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run.

Then create a new sub-key called [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun] and define the applications the are to be restricted. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be restriced (e.g. "regedit.exe").

Restart Windows for the changes to take effect.

-------------------------------------------------

* Disable Registry Editing Tools *

User Key: [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]
Value Name: DisableRegistryTools
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = allow regedit, 1 = disable regedit)


-------------------------------------------------

* Disable the Windows Hotkeys *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
Value Name: NoWinKeys
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disable restriction, 1 = enable restriction)

-------------------------------------------------

* Disable the Shut Down Command *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
Value Name: NoClose
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = shutdown enabled, 1 = shutdown disabled)

-------------------------------------------------

* Disable the Run... dialog *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
Value Name: NoRun
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = Run... enabled, 1 = Run... disabled)

-------------------------------------------------

* Disable the Ability to Right Click on the Desktop *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
Value Name: NoViewContextMenu
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)

-------------------------------------------------

* Hide All Items on the Desktop *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
Value Name: NoDesktop
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)

-------------------------------------------------

* Remove File Menu from Explorer *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]
Value Name: NoFileMenu
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disabled, 1 = enabled)

These are only a few of the possible restricting keys.
Knowing them may be useful in many ways, especially in a LAN.

Comments

Larikaon April 04 2007 - 14:25:51
Finally a good article, original. (Italians are originals) LOL
regiton April 08 2007 - 17:48:06
Nice list.
HackingForceon April 21 2007 - 16:13:33
So there's no way we could make a .REG file to inject data if we want to?
mikispagon July 30 2007 - 12:30:44
@HackingForce: sure we can create a .REG file and import it without any user interaction using "regedit /Q filename.reg", perhaps in a .bat script or using ShellExecute Wink
jinglehackion December 18 2007 - 14:42:06
hope my teachers doesnt find this one :right:
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.