Windows Security Documentation

This article provides information about the Windows security system and the restrictions that you can use to limit functionality.
Original Author: John M. Hall
Code

Windows Security Documentation color=#000000>Written by John Hall style="FONT-SIZE: 16pt" face=Arial color=#000000>Documentation Notes


 Improvements - Originally, I released this documentation in a 
 format that was a little odd/wild, so, as requested, I've cleaned it up and 
 added more notes about using it. Hopefully this new organization and these 
 notes will help you better understand how to use this information and its 
 limitations. I, however, have not added any additional information to this 
 documentation because of the limited amount of security information that is 
 redily available for the newer operating systems. 
 
Known Limitations - This information does have some limitations of 
 use. Those are mentioned below: 
 
 Operating Systems - This information will most likely not 
 work with Microsoft Windows XP or Millennium Edition. It's not been tested, 
 so I don't recommend trying it. It's known that a lot of this doesn't work 
 with Microsoft Windows NT 4.0 and below, so I also don't recommend its 
 application there. If you do decide to try to use it, remember, I'm not 
 responsible for your actions and you are doing this on your own accord. 
 
Setting Overrides - Some settings, none that are noted, have been 
 known to override other settings on certain operating systems. This is most 
 likely because Microsoft didn't spend the required amount of time making the 
 Windows 98 security system(probably the most vulnerable to this problem) a 
 high-performance or very reliable work. If you find that some of these 
 settings have "holes" or something and it bothers you, I suggest you switch 
 to a more securified operating system in the Windows class, such as 
 Microsoft Windows 2000 Professional or greater. 

 
Special Information - I've reviewed the comments that were posted 
 on the original copy of this documentation and this section is here to answer 
 some of the questions that I noticed. 
 
 Disabling these Settings - To disable any of the settings that 
 are shown in this documentation, simply reverse your process. Just delete 
 anything that you added to lock or disable a feature or you can make the 
 value the inverse. If it's a DWORD value, make it "00000000" instead of 
 "00000001", or a string value "yes" instead of "no" or vice versa. 
 
Blocking Internet Applications - To disable an application's 
 internet access, I suggest you download any free firewall available. A 
 firewall will monitor what information is sent and recieved to your computer 
 through any network connection and filter it according to rules. The most 
 popular, free firewall that is available is  onmouseover="self.status=title;return 0" 
 title="Click here to view the ZoneAlarm free edition homepage" 
 onmouseout="self.status='';return 0" 
 href="http://www.zonealarm.com/products/za/freedownload2.html" 
 target=_zonelabs>ZoneAlarm, by ZoneLabs, Inc. It's actually the 
 most secure when it comes to application internet access prevention. 
 
Reversing Application Lock - As far as I know, there's not a way 
 to reverse the application locking method. You might want to experiment with 
 it by making a seperate user account on your computer and applying the 
 settings to that user only. Basically, that's what I did throughout the 
 period that I wrote this documentation and it doesn't harm any of your stuff 
 and it helps you uncover the truth. Don't afraid to be creative with this 
 information, just remember my disclaimer about it from 
above.


Windows System 
Security Settings
color=#000000>All the information that is included in this section affects the 
main Windows system. These alter actual system functions and/or settings that it 
uses to display certain items. 


 Disable Wallpaper Change 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop color=#c00000>NoChangingWallPaper 
 
Data Type
DWORD (set value of 0x00000001) 


 
Disable All Active Desktop Changes 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer color=#c00000>NoActiveDesktopChanges 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable All Desktop Icons 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer color=#c00000>NoDesktop 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Active Desktop 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer color=#c00000>NoActiveDesktop 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable HTML Wallpaper 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop color=#c00000>NoHTMLWallPaper 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Closing Active Desktop Components 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop color=#c00000>NoClosingComponents 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Deleting Active Desktop Components 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop color=#c00000>NoDeletingComponents 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Editing Active Desktop Components 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop color=#c00000>NoEditingComponents 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Adding Active Desktop Components 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesActiveDesktop color=#c00000>NoAddingComponents 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Desktop Internet Icon 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer color=#c00000>NoInternetIcon 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Desktop Network Neighborhood Icon 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer color=#c00000>NoNetHood 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Disk Drive Autorun 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer color=#c00000>NoDriveTypeAutoRun 
 
Data Type
DWORD (set value of 0xb5000000)


 
Disable Environment Appearance Properties Access 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer color=#c00000>NoDispAppearancePage 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Desktop Background Properties Access 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer color=#c00000>NoDispBackgroundPage 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Display Icon from Control Panel 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer color=#c00000>NoDispCPL 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Screen Saver Properties Access 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer color=#c00000>NoDispScrSavPage 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable All But Selected Applications from Running 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer color=#c00000>RestrictRun 
 
Data Type
DWORD (set value of 0x00000001)

 
Special Notes - For this setting to work, you will need to make a 
 list of programs that you want to allow to run. You can do this by creating 
 a Key inside the Explorer Key and calling it RestrictRun and adding string 
 values as demonstrated below: 
 
 String Value
Name "1"
Value "mspaint.exe"
 color=#008000>This will allow any program named mspaint.exe to run on the 
 system

 
String Value
Name "2"
Value "iexplore.exe"
 color=#008000>This will allow any program named iexplore.exe to run on the 
 system 


 
Disable Registry Editing Tools 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem color=#c00000>DisableRegistryTools 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Start Menu Shut Down Command 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoClose 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Start Menu Log Off Command 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoLogoff 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Start Menu Find Command 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoFind 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Start Menu Documents Menu 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoRecentDocsMenu 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Start Menu Favorites Menu 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoFavoritesMenu 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Settings Menu Folder Options 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoFolderOptions 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Desktop Update 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoDesktopUpdate 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Settings Menu Active Desktop Settings 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoSetActiveDesktop 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Settings Menu Folder Settings 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoSetFolders 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Settings Menu Taskbar Settings 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoSetTaskbar 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Saving Changed Settings 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoSaveSettings 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Right-Click on the Taskbar 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoTrayContextMenu 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Right-Click on the Desktop 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPolicies color=#c00000>NoViewContextMenu 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Microsoft Office Tune Up
This 
 only applies to Microsoft Office 2000 
 
 Location
HKEY_LOCAL_MACHINESoftwareMicrosoftOffice9.0CommonTuneUp color=#c00000>Disabled 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable AutoComplete in Explorer 
 
 Location
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerAutoComplete color=#c00000>Use 
 
Data Type
String (set value of 
"no")



Internet 
Explorer System Settings
color=#000000>All the information that is included in this section affects the 
operation of Internet Explorer. Please note that these only affect 
Internet Explorer's operation and will not work with any other browsers that may 
be installed on your computer. 


 Disable Closing Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerRestrictionsNoBrowserClose 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Right-Click in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerRestrictionsNoBrowserContextMenu 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Options in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerRestrictionsNoBrowserOptions 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Saving Pages in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerRestrictionsNoBrowserSaveAs 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Favorites in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerRestrictionsNoFavorites 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable File Menu New Object in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerRestrictionsNoFileNew 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable File Menu Open Object in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerRestrictionsNoFileOpen 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Finding Files in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerRestrictionsNoFindFiles 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Opening Files in New Window from Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerRestrictionsNoOpenInNewWnd 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Selectable Download Directory in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerRestrictionsNoSelectDownloadDir 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Viewing in Theater Mode in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerRestrictionsNoTheaterMode 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Viewing Source in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerRestrictionsNoViewSource 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Adding Channels in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerInfodeliveryRestrictions color=#c00000>NoAddingChannels 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Adding Subscriptions in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerInfodeliveryRestrictions color=#c00000>NoAddingSubscriptions 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Removing Channels in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerInfodeliveryRestrictions color=#c00000>NoRemovingChannels 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Removing Subscriptions in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerInfodeliveryRestrictions color=#c00000>NoRemovingSubscriptions 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Search Customization in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerInfodeliveryRestrictions color=#c00000>NoSearchCustomization 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Running the Connection Wizard 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerControl PanelRestrictionsConnwiz Admin 
 Lock 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Importing or Exporting Favorites in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerDisableImportExportFavorites 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Using the Microsoft Script Debugger in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerMainDisable Script Debugger 
 
Data Type
String (set value of "yes")


 
Disable Using AutoComplete Forms in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerMainUse FormSuggest 
 
Data Type
String (set value of "no")


 
Disable Using AutoComplete Passwords in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerMainFormSuggest Passwords 
 
Data Type
String (set value of "no")


 
Disable Using Download Notification in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerMainNotifyDownloadComplete 
 
Data Type
String (set value of "no")


 
Disable Error Notification in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerMainErr Dlg Displayed On Every Error 
 
Data Type
String (set value of "no")


 
Disable Go Button in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerMainShowGoButton 
 
Data Type
String (set value of "no")


 
Disable Using a Custom Search Page in Web Browser 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerMainUse Custom Search URL 
 
Data Type
DWORD (set value of 0x00000000)


 
Disable Custom Title for Web Browser Windows 
 
 Location
HKEY_CURRENT_USERSoftwareMicrosoftInternet 
 ExplorerMainWindow Title 
 
Data Type
String (set value of "custom title 
 text")


 
Disable Installation of ISP Distribution Kit for Internet 
 Explorer
This only applies to Internet 
 Explorer 5.0 and up 
 
 Location
HKEY_LOCAL_MACHINESoftwareMicrosoftInternet 
 Connection WizardCanInstallISPKit5 
 
Data Type
String (set value of 
"no")



Windows Media 
Player System Settings
color=#000000>All the information that is included in this section affects the 
operation of Windows Media Player and components. Please note that these 
only affect Windows Media Player's operation and will not work with any 
other players that may be installed on your computer. 


 Disable Finding New Stations in Media Player 
 
 Location
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsMediaPlayer color=#c00000>NoFindNewStations 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Media Favorites from Media Player 
 
 Location
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsMediaPlayer color=#c00000>NoMediaFavorites 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Radio Bar for Media Player 
 
 Location
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsMediaPlayer color=#c00000>NoRadioBar 
 
Data Type
DWORD (set value of 0x00000001)


 
Disable Media Player Upgrade Message 
 
 Location
HKEY_LOCAL_MACHINESoftwareMicrosoftMediaPlayerPlayerUpgrade color=#c00000>AskMeAgain 
 
Data Type
String (set value of "no")
About this post
Posted: 2002-06-01
By: ArchiveBot
Viewed: 140 times
Comments

No comments have been added for this post.
You must be logged in to make a comment.