How can I configure Microsoft's Secure Desktop Restriction setting in Windows 2000 Service Pack 1 (SP1) and later?

John Savill

July 30, 2002

1 Min Read
ITPro Today logo in a gray background | ITPro Today

A. Users who interactively log on to a computer running Windows 2000 or later can perform tasks that might be security risks, such as gaining access to display and input devices that a computer process with wider-reaching privileges owns. These users then can create a process to capture passwords or sensitive data. (For more information about the problem, see Microsoft Security Bulletin MS00-200, "Patch Available for 'Desktop Separation' Vulnerability," at the Microsoft Web site.

Win2K SP1 corrected this vulnerability by adding a Secure Desktop Restriction setting, but the new locked-down functionality might adversely affect certain applications. If your application vendor advises you to disable this security setting, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).

  2. Navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows.

  3. From the Edit menu, select New, DWORD Value.

  4. Enter a name of SecureDesktop.

  5. Double-click the new value, set it to 0 to disable the setting (you can set the value to 1 to re-enable the default configuration), then click OK.

  6. Restart the machine for the change to take effect.

Read more about:

Microsoft

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like