Windows NT security makes it possible to lock down a desktop so a given user has access to only one or a few specific programs. On a public kiosk computer, it is often important that user access be restricted. This article explains the steps that need to be taken to implement this before you start please read the IMPORTANT notice.

IMPORTANT: This article contains information about editing the Windows registry. Before you edit the registry, you should first make a backup copy of the registry files (System.dat and User.dat). Both are hidden files in the Windows folder. Do not run the sample .reg file which contains all the specified registry entries as a demonstration or test because doing this will disable the menus of the demonstrator and might not give him access to remove the entries also. It is advised that for demonstration, make only one entry at once. Unsolicited changes in registry might damage the system functionality in which cases author can not be held responsible.

Windows always works on its Registry entries which are stored some hidden .dat files usually the system.dat and user.dat in widows directory. It can be viewed as the settings for the individual user determining his environment in Windows NT user session. It is found that these settings or registry entries play a key role while deciding the access to individual user on any Windows NT machine. Whenever the user loggs in, Windows fetches all the settings from files, and loads it in the memory. So the user settings are stored with your windows explorer which works like shell for your Windows NT session. For making the registry entries, you can either go to RUN menu and run regedit.exe or regedt32.exe. This will open a windows similar to Windows explorer. There are five by default major categories viz. HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS,HKEY_CURRENT_CONFIG which are used for the basic functionality of the Registry and Windows security.

You can browse through and make the entries at right places.Windows also specifies a format which goes in .reg file (see the sample code), which can be run from any location. This .reg file can be edited using a simple notepad also. In this format, specify the REGEDIT4 first, to tell the version of editing utility, then you have to specify the absolute path in square brackets where this registry entry will go for example [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies] you can specify multiple paths also where the settings will be stored followed by the name of the entries which have to be made are written as

"NameOfEntry"=DataType:ValueOfTheEntry

Note : NoRecentDocsMenu and NoRecentDocsHistory requires Active Desktop to be installed; otherwise they do not work

At the place [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

Copy the following source in notepad and save it as .reg file

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoDriveTypeAutoRun"=dword:00000095
"NoFind"=dword:00000001
"NoFolderOptions"=dword:00000001
"NoDesktopUpdate"=dword:00000001
"NoFavoritesMenu"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoSetActiveDesktop"=dword:00000001
"NoDesktop"=dword:00000001
"NoSetFolders"=dword:00000001
"NoSetTaskbar"=dword:00000001
"NoSaveSettings"=dword:00000001
"NoClose"=dword:00000001
"NoNetHood"=dword:00000001
"NoRun"=dword:00000001
"NoDrives"=dword:00000000
"NoTrayContextMenu"=dword:00000001
"NoViewContextMenu"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableLockWorkstation"=dword:00000001
"DisableTaskMgr"=dword:00000001
"DisableChangePassword"=dword:00000001

Downloads

Download instructions: