JSI Tip 0215 - More on Locking down that desktop.

Jerold Schulman

August 1, 1997

1 Min Read
ITPro Today logo in a gray background | ITPro Today

In Tip 050, Locking down that desktop, I first detailed Explorer restrictions that could be implemented via registry changes. Here a few more that I have found at: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer. All are type REG_DWORD with a default value of 0.

EnforceShellExtensionSecurity - A value of 1 causes Windows NT to only load the shell extensions listed in the Approved subkey (HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved).

NoDriveAutoRun - A bitmapped value (see NoDrives from Tip 050) that determines wether the autorun feature is disabled on that drive. If the drives bit is set to 1, autorun (see tip 007) is disabled.

NoSaveSettings - A value of 1 prevent changes to the positions of icons and open windows, and the size and position of the taskbar from being saved. Also set NoSetTaskbar.

NoStartBanner - A value of 1 hides the arrow and Click here to begin caption that appear on the taskbar when you start Windows NT.

NoStartMenuSubFolders - Hides the folders at the top section of the Start menu when the value is set to 1. Items appear, but folders are hidden.

A few more restrictions are located at HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesNetwork:

NoWorkgroupContents - If the value of this entry is 1, Network Neighborhood does not display computers in the local workgroup or domain.

NoEntireNetwork - A value of 1 restricts Network Neighborhood from displaying or accessing computers outside the local workgroup or domain. The user can still use the Start/Run, Map/Connect Network Drive, and the Command Prompt.


Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like