.
Environment: Windows NT 4.0 (Server or Workstation)
Windows NT security makes it possible to lock down a desktop so a given user has access
to only one or a few specific programs. On a public kiosk computer, it is often important
that user access be restricted. This article explains the steps that need to be taken to
implement this before you start please read the IMPORTANT notice.
IMPORTANT: This article contains information about editing the Windows registry. Before you edit the registry, you should first make a backup copy of the registry files (System.dat and User.dat). Both are hidden files in the Windows folder. Do not run the sample .reg file which contains all the specified registry entries as a demonstration or test because doing this will disable the menus of the demonstrator and might not give him access to remove the entries also. It is advised that for demonstration, make only one entry at once.
Unsolicited changes in registry might damage the system functionality in which cases author can not be held responsible.
Windows always works on its Registry entries which are stored some hidden .dat files
usually the system.dat and user.dat in widows directory. It can be viewed as the settings
for the individual user determining his environment in Windows NT user session. It is
found that these settings or registry entries play a key role while deciding the
access to individual user on any Windows NT machine. Whenever the user loggs in,
Windows fetches all the settings from files, and loads it in the memory. So the
user settings are stored with your windows explorer which works like shell for
your Windows NT session.
For making the registry entries, you can either go to RUN menu and run regedit.exe or regedt32.exe. This will open a windows similar to Windows explorer. There are five by default major categories viz. HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE, HKEY_USERS,HKEY_CURRENT_CONFIG which are used for the basic functionality of the Registry and Windows security.
You can browse through and make the entries at right places.Windows also specifies a format which goes in .reg file (see the sample code), which can be run from any location. This .reg file can be edited using a simple notepad also.
In this format, specify the REGEDIT4 first, to tell the version of editing utility, then you have to specify the absolute path in square brackets where this registry entry will go for example [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies] you can specify multiple paths also where the settings will be stored followed by the name of the entries which have to be made are written as
“NameOfEntry”=DataType:ValueOfTheEntry
For restricting the access, following are the names of the entries/keys and their functionality at [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies]
Key Name | Functionality | Data Type | Value |
---|---|---|---|
NoFind | Removes Find command from Start menu. | dword | 00000095 |
NoFolderOptions | Removes the Folder Options menu item from the Settings |
dword | 00000001 |
NoRecentDocsMenu | Removes the Documents command from the Start menu. |
dword | 00000001 |
NoDesktop | Hide all items on desktop. | dword | 00000001 |
NoRun | Removes Run command from Start menu | dword | 00000001 |
NoLogOff | Disables the logoff options | dword | 00000001 |
NoClose | Disables Shut Down command. | dword | 00000001 |
NoNetHood | Hides Network Neighborhood. | dword | 00000001 |
NoDrives | Hides drives in My Computer. | dword | 00000000 |
To give access to only drive C | dword | fbffff03 | |
To give access to drives C and D | dword | f3ffff03 | |
To give access to drives A to F | dword | c0ffff03 | |
NoTrayContextMenu | Removes context menus for tray including the start button, tab control, and clock. |
dword | 00000001 |
NoSetFolders | Remove folders from Settings/Start menu | dword | 00000001 |
NoSetTaskbar | Remove Taskbar from Settings/Start menu. | dword | 00000001 |
NoFavoritesMenu | Removes the Favorites folder from the Start menu. |
dword | 00000001 |
NoSaveSettings | Does not save settings at exit. | dword | 00000001 |
NoDriveTypeAutoRun | Prevents CD-ROM drive from running automatically. |
dword | 00000001 |
NoViewContextMenu | Removes the context menu when you right click the desktop, or when you right click explorer in the results pane. |
dword | 00000001 |
NoFolderOptions | Removes the Folder Options menu item from the Settings |
dword | 00000001 |
Note : NoRecentDocsMenu and NoRecentDocsHistory requires Active Desktop
to be installed; otherwise they do not work
At the place
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
Key Name | Functionality | Data Type | Value |
---|---|---|---|
DisableLockWorkstation | Disables the Lock workstation option from menu | dword | 00000001 |
DisableTaskMgr | Disables the Task Manager | dword | 00000001 |
DisableChangePassword | Disables the password change option | dword | 00000001 |
Copy the following source in notepad and save it as .reg file
REGEDIT4 [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies] [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer] "NoDriveTypeAutoRun"=dword:00000095 "NoFind"=dword:00000001 "NoFolderOptions"=dword:00000001 "NoDesktopUpdate"=dword:00000001 "NoFavoritesMenu"=dword:00000001 "NoRecentDocsMenu"=dword:00000001 "NoSetActiveDesktop"=dword:00000001 "NoDesktop"=dword:00000001 "NoSetFolders"=dword:00000001 "NoSetTaskbar"=dword:00000001 "NoSaveSettings"=dword:00000001 "NoClose"=dword:00000001 "NoNetHood"=dword:00000001 "NoRun"=dword:00000001 "NoDrives"=dword:00000000 "NoTrayContextMenu"=dword:00000001 "NoViewContextMenu"=dword:00000001 [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem] "DisableLockWorkstation"=dword:00000001 "DisableTaskMgr"=dword:00000001 "DisableChangePassword"=dword:00000001
Downloads
Download instructions:
1. Save it to your disk |
2. For running: Save it as .reg file, and double click |
3. For editing: You can edit it in test format or you can right click the .reg file and click on edit option. |