Computer User Restrictions with Limited User Account ,Registry and Group Policy
How to enable your applications to make restrictions to what users can (and cannot) do with their computer using Limited User Account ,Registry and the Group Policy Editor.
If you ever wanted a quick and dirty way to disable (and enable) various Windows system configuration settings, and to disable a user from, for example, displaying the Control Panel, or shutting down the machine, this is the article for you!
Limited or Standard User Account
If you frequently let others use your personal computer then you run the risk of them installing junk, stumbling upon search history (I am talking about bank records perverts), or in the case of most 4 year olds, clicking on pretty things until the screen goes black . . or blue.
User Accounts
There are two types of user accounts available on your computer: computer administrator and limited. The guest account is available for users with no assigned account on the computer.
Computer Administrator Account and Limited Account
The computer administrator account is intended for someone who can make system wide changes to the computer, install programs, and access all files on the computer. Only a user with computer administrator account has full access to other user accounts on the computer. This user:
• Can create and delete user accounts on the computer.
• Can create account passwords for other user accounts on the computer.
• Can change other people's account names, pictures, passwords, and account types.
But the limited account is intended for someone who should be prohibited or restricted from changing most computer settings and deleting important files. A user with a limited account:
• Cannot install software or hardware, but can access programs that have already been installed on the computer.
• Can change his or her account picture and can also create, change, or delete his or her password.
Create a Limited User Account on Windows XP
1. Go to the task bar and Click Start.
2. Go to Settings -> Control Panel -> User Accounts and select "Create New Account"
3. Name the new account whatever you want, hit next and then check limited. Now you may Set a password if you wish.
Once this is finished nobody on this account can access your folders or install software without your admin password. For further information regarding these computer tweeks, please visit my site http://compsecurity.weebly.com . Good luck.
What is Registry?
The Registry is simply a database that an application can use to store and retrieve configuration information (last window size and position, user options and information or any other configuration data). Registry also contains information about Windows and about your Windows configuration.
Registry tweaks, tricks & hacks
Want to deny access to the Display Settings? Need to hide the Desktop? Interested in disabling the Shut Down button on the CTRL+ALT+DEL Security dialog?
Note: all the above restrictions can be done using the Registry editor tool that comes with Windows. Regedit.exe enables you to view, search and edit the data within the Registry. The simplest way to start the regedit is to click on the Start button, then select Run, and in the Open box type "regedit". I will not explain working with the Regedit here, be sure to check the "http://compsecurity.weebly.com" site for more detailed explanations.
Before we move to Group Policy, let's see how to remove the ShutDown button from the Start Menu using regedit.
1. Start Regedit
2. Go to HKEY_Current_User/Software/Microsoft/Windows/CurrentVersion/Policies. Several sub-keys like Explorer should already be created here.
3. Open the Explorer key
4. Add a "NoClose" (without the " marks) DWORD value and set it to 1. In all alike tweaks, data value of 0 is off and a data value of 1 is on.
5. You may need to restart or log out of Windows for the change to take effect.
Yes that simple. Just call this procedure like Explorer_NoClose(True) and the ShutDown button on the Start menu is gone.
What follows is a list of some of the values you can add to registry to disable various system "operations":
Note: HKEY_Current_User/Software/Microsoft/Windows/CurrentVersion/Policies is the "root" key!
/Explorer
NoRun Disables Run command on the Start menu
NoLogoff Disable the Logoff button from the CTRL+ALT+DEL Security dialog
NoClose Remove the Shutdown button from the Start menu
NoDesktop Hide all Desktop icons
NoFind Remove the Find command from the Start Menu
NoNetConnectDisconnect Removes the "Map Network Drive" and Disconnect twork
Drive menu and right click options
NoSetFolders Hide Control Panel, Printers and My Computer on the Start Menu
NoControlPanel Prevents Control.exe, the Control Panel executable file, from
starting. As a result, users cannot start Control Panel or run any Control
Panel programs
NoDrives To hide a drive, turn on its' bit. For example to hide C: set a value
of 4 to this key; to hide D: too, set the value to 12 (since D: is 8).
ResrictRun Only programs that you define at: HKEY_CURRENT_USER\Software
\Microsoft\Windows\ CurrentVersion\Policies\Explorer\RestrictRun can be run on
the Workstation.
/System
DisableTaskMgr Prevents TaskMgr.exe from running
NoDispCPL Disables the Display option in Control Panel
NoDispBackgroundPage Removes the ability to change wallpaper and background
pattern from Control Panel.
/Network
NoWorkgroupContents Network Neighborhood does not display computers in the local
workgroup or domain
NoEntireNetwork Restrict Network Neighborhood from displaying or accessing
computers outside the local workgroup or domain
NoFileSharingControl Disable file sharing controls
NoPrintSharing Disable print sharing controls
