January 25, 2021
Hot Topics:

The Registry - Now I've got it what can I do?

  • By John Percival
  • Send Email »
  • More Articles »

This idea is mainly applicable to Windows 95, although most work in Windows 98. I have not tried it under NT, but I doubt that it will work. They require a setting being set in the registry, and then some take immediate effect, while some require a restart of Windows to take full effect.

Most of this can be done with the product poledit.exe, available on the internet, but it has a very bad UI, and why not do it in your own applications anyway. The properties that I can set are called policies, and are found in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies...

The four sub keys are Explorer, WinOldApp, Network and System.

i) Explorer

Disable Run Menu: "NoRun" - Prevents users running programs from the run command on the Start Menu. If you restart the computer, the menu item will be invisible.

Disable Find Menu: "NoFind" - Prevents users from searching the computer for files by disabling the find command.

Remove Shutdown Command: "NoClose" - This disables the Shut Down computer command. This prevents users Restarting windows, Shutting Down windows or exiting to DOS.

Don't save Settings: "NoSaveSettings" - This stops Windows saving the settings when you shut down. If this option is off, all the Explorer Windows that Ire open on shut down will reappear when you have restarted.

Hide all Items on the Desktop: "NoDesktop" - This option hides all the shortcuts on the desktop. You must restart your computer for this to take effect.

Disable Details and General Pages: "NoPrinterTabs" - This stops Windows showing the Details and General tabs in the properties of printers. On these tabs, you can change which ports you print to, which driver you use, and several other sensitive settings. Using this prevents users from tampering with these settings.

ii) System

Disable Display System Control Panel: "NoDispCPL" - This prevents the user calling up the Display Control Panel page, preventing them from changing the wallpaper, screensavers, colours and display settings.

Disable Configuration Page: "NoConfigPage" - This disables the hardware profiles tab on the System Control Panel, preventing the user from adding or removing system configurations.

Disable Device Manager Page: "NoDevMgrPage" -  This disables the Device Manager tab on the System Control Panel. This prevents users from adding, removing, or tampering with devices installed on the system.

Disable File System Page: "NoFileSysPage" - This disables the File System button on the performance tab on the System Control Panel. This stops users changing caching and troubleshooting settings. The troubleshooting settings reduce Windows' performance, if some of the features are not compatible.

Disable Virtual Memory Page: "NoVirtMemPage" - This disables the Virtual Memory button on the performance tab on the system control panel. This prevents users tampering with virtual memory settings. Virtual memory is a file on the hard disk, which is being used to complement the system RAM.

Disable Remote Administration Page: "NoAdminPage" -  Disables the Remote Administration tab on the Password Control Panel.

Disable User Profiles Page: "NoProfilePage" - Disables the User Profiles tab on the Password Control Panel. On this tab, you set whether all users use the same settings, or different ones.

Disable Change Passwords Page: "NoPwdPage" - This disables the Change Passwords tab on the Password Control Panel. This prevents users from changing their passwords.

Disable Password Control Panel: "NoSecCPL" - This disables the Password Control Panel page, preventing users from altering any of the above settings.

iii) WinOldApp

Disable MS-DOS prompt: "Disabled" - This prevents the computer running any MS-DOS based programs. The user cannot load the DOS prompt or any other program running in DOS. If there are any DOS programs running when this option is applied, they will not be affected.

iv) Network

Disable Network Control Panel: "NoNetSetup" - This prevents users from changing the settings to do with the network. These include, the network components, file/print sharing, and identification to other computers.

Disable Identification Page: "NoNetSetupIDPage" - This disables the Identification tab on the Network Control Panel, where you can change the computer name and workgroup name.

Disable Access Control Page: "NoNetSetupSecurityPage" - This disables the Access Control tab on the Network Control Panel page. This is where you can set who has what access to the shared resources on you computer.

Disable File and Print Sharing Controls: "NoFileSharingControl" - This removes the File and Print sharing button on the Configuration tab of the Network Control Panel. This button gives you control over whether users can access you files and printers.

Disable Password Caching: "DisablePwdCaching" - This stops the computer from storing Dial-Up Networking Passwords in a cache on the computer. Caching speeds up Windows, but is also a possible security risk.

I recommend that you set the value to 1 (long) if you want to enable it, and delete the value if you want to disable it. We have already written an application, which encompasses all of these features, and is available for download at http://www.jelsoft.com. It is called Stop'Em, and is a quick solution to preventing tampering.

So, to disable MS-DOS prompt, use:

SaveSettingLong HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp", "Disabled", 1

And to re-enable:
DeleteValue HKEY_CURRENT_USER, "Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp", "Disabled"

Be particularly careful with playing with these settings, because in some cases, you may be able to lock yourself out of the computer altogether.

Have a look around the Internet for other tips and things that you can do with the registry. One of the best places that I found is http://www.regedit.com. This site includes things that you can do with windows (not necessarily programming based), and is a very good resource.

Page 5 of 5

This article was originally published on November 20, 2002

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date