How can I configure Microsoft's Secure Desktop Restriction setting in Windows 2000 Service Pack 1 (SP1) and later?
July 30, 2002
A. Users who interactively log on to a computer running Windows 2000 or later can perform tasks that might be security risks, such as gaining access to display and input devices that a computer process with wider-reaching privileges owns. These users then can create a process to capture passwords or sensitive data. (For more information about the problem, see Microsoft Security Bulletin MS00-200, "Patch Available for 'Desktop Separation' Vulnerability," at the Microsoft Web site.
Win2K SP1 corrected this vulnerability by adding a Secure Desktop Restriction setting, but the new locked-down functionality might adversely affect certain applications. If your application vendor advises you to disable this security setting, perform the following steps:
Start a registry editor (e.g., regedit.exe).
Navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows.
From the Edit menu, select New, DWORD Value.
Enter a name of SecureDesktop.
Double-click the new value, set it to 0 to disable the setting (you can set the value to 1 to re-enable the default configuration), then click OK.
Restart the machine for the change to take effect.
Read more about:
MicrosoftAbout the Author
You May Also Like