Securing The Vista Desktop Through The Registry Part III
- 0
- Add a Comment
If you want to restrict the applications that users can access and run in Vista from the Start menu, the desktop, and the Control Panel, you can make a few simple modifications to the registry. For example, you can remove common programs, you can remove the All Programs menu, and you can remove the Run command.
To get started, launch the Registry Editor. Then, once the Registry Editor opens, navigate to the following key: HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer.
Adding DWORD values
To add a new DWORD value to the Explorer key, pull down the Edit menu and select the New | DWORD Value command. When you see the New Value appear in the Explorer key, you can identify it using the names described in the next section Once you name a value, press [Enter] twice — once to activate the new name and once to open the Edit DWORD dialog box. You can then add the appropriate setting in Value Data text box.
Remove common programs
In the default configuration, the All Programs menu contains items from the All Users profile as well as items from the current user’s profile. If you want to remove those items that appear in the All Users profile and leave only those items that appear in the user’s profile, you can add a DWORD value named NoCommonGroups and set the Value Data to 1.
Remove the All Programs menu
If you want to prevent users from running any programs besides those that you have configured to run at startup, you can remove the All Programs menu from the Start menu. To do so, add a DWORD value named NoStartMenuMorePrograms and set the Value Data to 1.
Remove the Run command
If users know the name of an executable file, they can run the program manually by using the Run command. However, you can remove the Run command from the Start menu and thus further restrict users from running applications. To do so, you add a DWORD value named NoRun and set the Value Data to 1.
Remove the Control Panel
If you would rather not have users run applications in the Control Panel and change Vista configuration settings, you can remove it from the Start menu. To do so, you add a DWORD value named NoControlPanel and set the Value Data to 1.
Hide items on the desktop
Since applications can be run from shortcuts stored on the desktop, you may want to lock down the desktop. To do so, you add a DWORD value named NoDesktop and set the Value Data to 1.
- Edge Z30 Midsize Desktop
- Aspire AO751h-1279 Netbook
- Compaq Presario CQ60-420US Notebook
- P-7805u FX Notebook
- Studio 15 Notebook
- Aspire AS4810TZ-4011 Timeline Notebook
- Pavilion G60 Notebook
- K50IJ-RX05 Notebook
- VAIO VGNNW180J/S Notebook
- Satellite A505-S6975 Notebook
- UL50AG-A1 Notebook
- ThinkPad T400 Notebook
- Wind Top AE2010-02SUS All-In-One Desktop
- TouchSmart IQ524 Desktop
- Satellite L505-S6959 Notebook
- Studio XPS 16 Notebook
- Windows Vista Ultimate w/ SP1
- VAIO VGC-JS250J/B Desktop
- ThinkPad X200 Tablet PC
- Windows Vista Home Premium
- G51VX-RX05 Notebook
- Aspire AS8930-6442 Notebook
- Compaq Presario CQ5110f Desktop
- Latitude E5400 Notebook
- eTrex Vista HCx GPS