Change or Add User Restrictions And Features in Windows

Change or Add User Restrictions And Features

If you want to make restrictions to what users are able to use and do their computer without having to running the Windows Policy Editor “Poledit”, you can edit the Registry. You can add and delete Windows features as noted in the following.

The Value of 0 (zero) = ON

The Value of 1 (one) = OFF

As an example:

To Save Windows settings add or modify the value name NoSaveSettings to 0, if set to1 Windows will not save settings.

To disable the ability to delete a printer, NoDeletePrinter set to 1 will prevent the user from deleting a printer.

The keys show up at:

HKEY_USERS\(yourprofilename)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

If you are using different profiles, this will need to be done for each profile!

1. Open RegEdit
2. Go to HKEY_CURRENT_USER\Software\Microsoft\CurrentVersion\Policies
3. Go to the Explorer Key (Additional keys that can be created under Policies are System, Explorer, Network   and WinOldApp )
4. Then add either a DWORD or binary value set to 1 in the appropriate keys for ON and 0 (zero) for off.

NoCommonGroups	Common program groups do not appear on the Start menu
NoDeletePrinter	Disables Deletion of Printers
NoAddPrinter	Disables Addition of Printers
NoRun	Disables Run Command
NoSetFolders	Removes Folders from Settings on Start Menu
NoSetTaskbar	Removes Taskbar from Settings on Start Menu
NoFind	Removes the Find Command
NoDrives	Hides Drives in My Computers  The low order (right most) bit is drive A: while the 26th bit is Drive Z: To hide a drive, turn on its’ bit. These drives will still appear in File Manager. To remove File Manager, delete winfile.exe. If your not happy working in Hex, add these decimal number to hide the drive(s): A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L:2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144, T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z:33554432, ALL: 67108863
NoNetHood	Hides the Network Neighborhood
NoDesktop	Hides all icons on the Desktop
NoClose	Disables Shutdown (Removes the ShutDown button from the Start Menu. This does not disable shutdown from CTRL+ALT+DEL).
NoSaveSettings	Don’t save settings on exit
DisableRegistryTools	Disable Registry Editing Tools
NoRecentDocsMenu	Hides the Documents shortcut at the Start button
NoRecentDocsHistory	Clears history of Documents
NoFileMenu	Hides the Files Menu in Explorer
NoActiveDesktop	No Active Desktop
NoActiveDesktopChanges	No changes allowed
NoInternetIcon	No Internet Explorer Icon on the Desktop
NoFavoritesMenu	Hides the Favorite menu
NoChangeStartMenu	Disables changes to the Start Menu
NoFolderOptions	Hides the Folder Options in the Explorer
NoSetFolders	Hide Control Panel, Printers and My Computer in Explorer and on the Start Menu.
ClearRecentDocsOnExit	Empty the recent Docs folder on reboot
NoLogoff	Hides the Log Off in the Start Menu
NoSetTaskbar	Only Drag and Drop can be used to alter the Start Menu and Desktop. The Taskbar does not appear on the Start Menu.
NoTrayContextMenu	Do not display upon right click of the taskbar, start button, clock, or taskbar application icons. *NT 4.0 with SP 2 or greater
NoStartMenuSubFolders	Hides the folders at the top section of the Start menu when the value is set to 1. Items appear, but folders are hidden.
NoWindowsUpdate	Disables Windows Update
NoViewContextMenu	Will not display upon right click of the desktop or Explorer’s results pane. *NT 4.0 with SP 2 or greater.
EnforceShellExtensionSecurity	Enforces Shell Extension Security
LinkResolveIgnoreLinkInfo	Disables Link Resolution
NoDriveTypeAutoRun	A bitmapped value that determines whether the autorun feature is disabled on that drive. If the drives bit is set to 1, autorun is disabled.
NoStartBanner	A value of 1 hides the arrow and Click here to begin caption that appear on the taskbar when you start Windows.
NoEntireNetwork	A value of 1 restricts Network Neighborhood from displaying or accessing computers outside the local workgroup or domain. The user can still use the Start/Run, Map/Connect Network Drive, and the Command Prompt.
NoWorkgroupContents	If the value of this entry is 1, Network Neighborhood does not display computers in the local workgroup or domain.
EditLevel	Disables Editing Entirely
NoNetConnectDisconnect	Removes the “Map Network Drive” and Disconnect Network Drive menu and right click options.
RestrictRun	Disables all exe program except those listed in the RestrictRun subkey. Set it to 1 and only programs that you define at: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun can be run on the Workstation.
System key
NoDispCPL	Disable Display Control Panel
NoDispBackgroundPage	Hide Background Page
NoDispScrSavPage	Hide Screen Saver Page
NoDispAppearancePage	Hide Appearance Page
NoDispSettingsPage	Hide Settings Page
NoSecCPL	Disable Password Control Panel
NoPwdPage	Hide Password Change Page
NoAdminPage	Hide Remote Administration Page
NoProfilePage	Hide User Profiles Page
NoDevMgrPage	Hide Device Manager Page
NoConfigPage	Hide Hardware Profiles Page
NoFileSysPage	Hide File System Button
NoVirtMemPage	Hide Virtual Memory Button
Network key
NoNetSetupSecurityPage	Hide Security Page
NoNetSetup	Disable the Network Control Panel
NoNetSetupIDPage	Hide Identification Page
NoNetSetupSecurityPage	Hide Access Control Page
NoFileSharingControl	Disable File Sharing Controls
NoPrintSharing	Disable Print Sharing Controls
WinOldApp key
Disabled	Disable MS-DOS Prompt
NoRealMod	Disables Single-Mode MS-DOS
To really lock down the desktop, replace the Explorer or Progman shell with your own launcher. Edit HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell and replace the current .exe with YourOwnLauncher.exe.
EnforceShellExtensionSecurity – A value of 1 causes only the shell extensions listed in the Approved subkey to load (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved).