Quick Search for:  in language:    
document,provides,information,Windows,securit
   Code/Articles » |  Newest/Best » |  Community » |  Jobs » |  Other » |  Goto » | 
CategoriesSearch Newest CodeCoding ContestCode of the DayAsk A ProJobsUpload
Delphi Stats

 Code: 209,911. lines
 Jobs: 14. postings

 How to support the site

 
Sponsored by:

 
You are in:
 

 Does your code think in ink?
Login





Latest Code Ticker for Delphi.
Record From Microphone to Wave File
By Una-Rat on 11/25


List Manager
By james hill on 11/17


Click here to see a screenshot of this code!Skin app
By Jonathan Curry on 11/15

(Screen Shot)
Click here to put this ticker on your site!


Add this ticker to your desktop!


Daily Code Email
To join the 'Code of the Day' Mailing List click here!

Affiliate Sites



 
 
   

Windows Security Documentation

Print
Email
 

Submitted on: 1/22/2002 6:28:45 PM
By: John M. Hall 
Level: Intermediate
User Rating: By 10 Users
Compatibility:Delphi 5, Delphi 4, Pre Delphi 4

Users have accessed this article 8902 times.
 
 
     This document provides information about the Windows security system and what restrictions you can use to limit its functionality.
 
 
Terms of Agreement:   
By using this article, you agree to the following terms...   
1) You may use this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.   
2) You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.   
3) You may link to this article from another website, but ONLY if it is not wrapped in a frame. 
4) You will abide by any additional copyright restrictions which the author may have placed in the article or article's description.

Windows Security Documentation
Written by John Hall

Documentation Notes

  • Improvements - Originally, I released this documentation in a format that was a little odd/wild, so, as requested, I've cleaned it up and added more notes about using it. Hopefully this new organization and these notes will help you better understand how to use this information and its limitations. I, however, have not added any additional information to this documentation because of the limited amount of security information that is redily available for the newer operating systems.
  • Known Limitations - This information does have some limitations of use. Those are mentioned below:
    • Operating Systems - This information will most likely not work with Microsoft Windows XP or Millennium Edition. It's not been tested, so I don't recommend trying it. It's known that a lot of this doesn't work with Microsoft Windows NT 4.0 and below, so I also don't recommend its application there. If you do decide to try to use it, remember, I'm not responsible for your actions and you are doing this on your own accord.
    • Setting Overrides - Some settings, none that are noted, have been known to override other settings on certain operating systems. This is most likely because Microsoft didn't spend the required amount of time making the Windows 98 security system(probably the most vulnerable to this problem) a high-performance or very reliable work. If you find that some of these settings have "holes" or something and it bothers you, I suggest you switch to a more securified operating system in the Windows class, such as Microsoft Windows 2000 Professional or greater.
  • Special Information - I've reviewed the comments that were posted on the original copy of this documentation and this section is here to answer some of the questions that I noticed.
    • Disabling these Settings - To disable any of the settings that are shown in this documentation, simply reverse your process. Just delete anything that you added to lock or disable a feature or you can make the value the inverse. If it's a DWORD value, make it "00000000" instead of "00000001", or a string value "yes" instead of "no" or vice versa.
    • Blocking Internet Applications - To disable an application's internet access, I suggest you download any free firewall available. A firewall will monitor what information is sent and recieved to your computer through any network connection and filter it according to rules. The most popular, free firewall that is available is ZoneAlarm, by ZoneLabs, Inc. It's actually the most secure when it comes to application internet access prevention.
    • Reversing Application Lock - As far as I know, there's not a way to reverse the application locking method. You might want to experiment with it by making a seperate user account on your computer and applying the settings to that user only. Basically, that's what I did throughout the period that I wrote this documentation and it doesn't harm any of your stuff and it helps you uncover the truth. Don't afraid to be creative with this information, just remember my disclaimer about it from above.


Windows System Security Settings
All the information that is included in this section affects the main Windows system. These alter actual system functions and/or settings that it uses to display certain items.

  • Disable Wallpaper Change
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable All Active Desktop Changes
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable All Desktop Icons
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Active Desktop
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable HTML Wallpaper
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Closing Active Desktop Components
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoClosingComponents
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Deleting Active Desktop Components
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoDeletingComponents
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Editing Active Desktop Components
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoEditingComponents
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Adding Active Desktop Components
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoAddingComponents
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Desktop Internet Icon
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Desktop Network Neighborhood Icon
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Disk Drive Autorun
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrvieTypeAutoRun
    • Data Type
      DWORD (set value of 0xb5000000)

  • Disable Environment Appearance Properties Access
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDispAppearancePage
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Desktop Background Properties Access
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDispBackgroundPage
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Display Icon from Control Panel
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDispCPL
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Screen Saver Properties Access
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDispScrSavPage
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable All But Selected Applications from Running
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
    • Data Type
      DWORD (set value of 0x00000001)
    • Special Notes - For this setting to work, you will need to make a list of programs that you want to allow to run. You can do this by creating a Key inside the Explorer Key and calling it RestrictRun and adding string values as demonstrated below:
      • String Value
        Name "1"
        Value "mspaint.exe"
        This will allow any program named mspaint.exe to run on the system
      • String Value
        Name "2"
        Value "iexplore.exe"
        This will allow any program named iexplore.exe to run on the system

  • Disable Start Menu Shut Down Command
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoClose
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Start Menu Log Off Command
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoLogoff
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Start Menu Find Command
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoFind
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Start Menu Documents Menu
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoRecentDocsMenu
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Start Menu Favorites Menu
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoFavoritesMenu
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Settings Menu Folder Options
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoFolderOptions
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Desktop Update
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoDesktopUpdate
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Settings Menu Active Desktop Settings
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoSetActiveDesktop
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Settings Menu Folder Settings
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoSetFolders
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Settings Menu Taskbar Settings
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoSetTaskbar
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Saving Changed Settings
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoSaveSettings
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Right-Click on the Taskbar
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoTrayContextMenu
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Right-Click on the Desktop
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoViewContextMenu
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Microsoft Office Tune Up
    This only applies to Microsoft Office 2000
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\Office\9.0\Common\TuneUp\Disabled
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable AutoComplete in Explorer
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Use
    • Data Type
      String (set value of "no")


Internet Explorer System Settings
All the information that is included in this section affects the operation of Internet Explorer. Please note that these only affect Internet Explorer's operation and will not work with any other browsers that may be installed on your computer.

  • Disable Closing Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoBrowserClose
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Right-Click in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Options in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Saving Pages in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoBrowserSaveAs
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Favorites in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoFavorites
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable File Menu New Object in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoFileNew
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable File Menu Open Object in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoFileOpen
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Finding Files in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoFindFiles
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Opening Files in New Window from Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoOpenInNewWnd
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Selectable Download Directory in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoSelectDownloadDir
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Viewing in Theater Mode in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoTheaterMode
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Viewing Source in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoViewSource
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Adding Channels in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingChannels
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Adding Subscriptions in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubscriptions
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Removing Channels in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoRemovingChannels
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Removing Subscriptions in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoRemovingSubscriptions
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Search Customization in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoSearchCustomization
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Running the Connection Wizard
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel\Restrictions\Connwiz Admin Lock
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Importing or Exporting Favorites in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DisableImportExportFavorites
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Using the Microsoft Script Debugger in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
    • Data Type
      String (set value of "yes")

  • Disable Using AutoComplete Forms in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use FormSuggest
    • Data Type
      String (set value of "no")

  • Disable Using AutoComplete Passwords in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FormSuggest Passwords
    • Data Type
      String (set value of "no")

  • Disable Using Download Notification in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NotifyDownloadComplete
    • Data Type
      String (set value of "no")

  • Disable Error Notification in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Err Dlg Displayed On Every Error
    • Data Type
      String (set value of "no")

  • Disable Go Button in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ShowGoButton
    • Data Type
      String (set value of "no")

  • Disable Using a Custom Search Page in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Custom Search URL
    • Data Type
      DWORD (set value of 0x00000000)

  • Disable Custom Title for Web Browser Windows
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
    • Data Type
      String (set value of "custom title text")

  • Disable Installation of ISP Distribution Kit for Internet Explorer
    This only applies to Internet Explorer 5.0 and up
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Connection Wizard\CanInstallISPKit5
    • Data Type
      String (set value of "no")


Windows Media Player System Settings
All the information that is included in this section affects the operation of Windows Media Player and components. Please note that these only affect Windows Media Player's operation and will not work with any other players that may be installed on your computer.

  • Disable Finding New Stations in Media Player
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsMediaPlayer\NoFindNewStations
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Media Favorites from Media Player
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsMediaPlayer\NoMediaFavorites
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Radio Bar for Media Player
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsMediaPlayer\NoRadioBar
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Media Player Upgrade Message
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\PlayerUpgrade\AskMeAgain
    • Data Type
      String (set value of "no")

 

 
Report Bad Submission
Use this form to notify us if this entry should be deleted (i.e contains no code, is a virus, etc.).
Reason:
 
Your Vote!

What do you think of this article(in the Intermediate category)?
(The article with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor See Voting Log
 
Other User Comments
1/26/2002 5:31:26 PM:Aterciopelados
Es un programa con muchos bugs
Keep the Planet clean! If this comment was disrespectful, please report it:
Reason:

 
1/27/2002 10:33:02 AM:craX
great just wat i needed
Keep the Planet clean! If this comment was disrespectful, please report it:
Reason:

 
2/7/2002 5:10:48 AM:David Ward
I can see lots of time and effort has gone into this. Very useful. Nice one!
Keep the Planet clean! If this comment was disrespectful, please report it:
Reason:

 
9/7/2003 3:43:59 PM:
How update registry without restart PC?
Keep the Planet clean! If this comment was disrespectful, please report it:
Reason:

 
Add Your Feedback!
Note:Not only will your feedback be posted, but an email will be sent to the code's author in your name.

NOTICE: The author of this article has been kind enough to share it with you.  If you have a criticism, please state it politely or it will be deleted.

For feedback not related to this particular article, please click here.
 
Name:
Comment:

 

Categories | Articles and Tutorials | Advanced Search | Recommended Reading | Upload | Newest Code | Code of the Month | Code of the Day | All Time Hall of Fame | Coding Contest | Search for a job | Post a Job | Ask a Pro Discussion Forum | Live Chat | Feedback | Customize | Delphi Home | Site Home | Other Sites | About the Site | Feedback | Link to the Site | Awards | Advertising | Privacy

Copyright© 1997 by Exhedra Solutions, Inc. All Rights Reserved.  By using this site you agree to its Terms and Conditions.  Planet Source Code (tm) and the phrase "Dream It. Code It" (tm) are trademarks of Exhedra Solutions, Inc.