Login
Latest Code Ticker for Delphi.
Daily Code Email
|
|
|
| | Terms of Agreement:
By using this article, you agree to the following terms...
1) You may use
this article in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
2) You MAY NOT redistribute this article (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
3) You may link to this article from another website, but ONLY if it is not wrapped in a frame.
4) You will abide by any additional copyright restrictions which the author may have placed in the article or article's description. | Windows Security
Documentation Written by John Hall
Documentation
Notes
- Improvements - Originally, I released this documentation in a
format that was a little odd/wild, so, as requested, I've cleaned it up and
added more notes about using it. Hopefully this new organization and these
notes will help you better understand how to use this information and its
limitations. I, however, have not added any additional information to this
documentation because of the limited amount of security information that is
redily available for the newer operating systems.
- Known Limitations - This information does have some limitations of
use. Those are mentioned below:
- Operating Systems - This information will most likely not
work with Microsoft Windows XP or Millennium Edition. It's not been tested,
so I don't recommend trying it. It's known that a lot of this doesn't work
with Microsoft Windows NT 4.0 and below, so I also don't recommend its
application there. If you do decide to try to use it, remember, I'm not
responsible for your actions and you are doing this on your own accord.
- Setting Overrides - Some settings, none that are noted, have been
known to override other settings on certain operating systems. This is most
likely because Microsoft didn't spend the required amount of time making the
Windows 98 security system(probably the most vulnerable to this problem) a
high-performance or very reliable work. If you find that some of these
settings have "holes" or something and it bothers you, I suggest you switch
to a more securified operating system in the Windows class, such as
Microsoft Windows 2000 Professional or greater.
- Special Information - I've reviewed the comments that were posted
on the original copy of this documentation and this section is here to answer
some of the questions that I noticed.
- Disabling these Settings - To disable any of the settings that
are shown in this documentation, simply reverse your process. Just delete
anything that you added to lock or disable a feature or you can make the
value the inverse. If it's a DWORD value, make it "00000000" instead of
"00000001", or a string value "yes" instead of "no" or vice versa.
- Blocking Internet Applications - To disable an application's
internet access, I suggest you download any free firewall available. A
firewall will monitor what information is sent and recieved to your computer
through any network connection and filter it according to rules. The most
popular, free firewall that is available is ZoneAlarm, by ZoneLabs, Inc. It's actually the
most secure when it comes to application internet access prevention.
- Reversing Application Lock - As far as I know, there's not a way
to reverse the application locking method. You might want to experiment with
it by making a seperate user account on your computer and applying the
settings to that user only. Basically, that's what I did throughout the
period that I wrote this documentation and it doesn't harm any of your stuff
and it helps you uncover the truth. Don't afraid to be creative with this
information, just remember my disclaimer about it from
above.
Windows System
Security Settings All the information that is included in this section affects the
main Windows system. These alter actual system functions and/or settings that it
uses to display certain items.
- Disable Wallpaper Change
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper
- Data Type
DWORD (set value of 0x00000001)
- Disable All Active Desktop Changes
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
- Data Type
DWORD (set value of 0x00000001)
- Disable All Desktop Icons
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop
- Data Type
DWORD (set value of 0x00000001)
- Disable Active Desktop
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop
- Data Type
DWORD (set value of 0x00000001)
- Disable HTML Wallpaper
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper
- Data Type
DWORD (set value of 0x00000001)
- Disable Closing Active Desktop Components
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoClosingComponents
- Data Type
DWORD (set value of 0x00000001)
- Disable Deleting Active Desktop Components
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoDeletingComponents
- Data Type
DWORD (set value of 0x00000001)
- Disable Editing Active Desktop Components
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoEditingComponents
- Data Type
DWORD (set value of 0x00000001)
- Disable Adding Active Desktop Components
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoAddingComponents
- Data Type
DWORD (set value of 0x00000001)
- Disable Desktop Internet Icon
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
- Data Type
DWORD (set value of 0x00000001)
- Disable Desktop Network Neighborhood Icon
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood
- Data Type
DWORD (set value of 0x00000001)
- Disable Disk Drive Autorun
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrvieTypeAutoRun
- Data Type
DWORD (set value of 0xb5000000)
- Disable Environment Appearance Properties Access
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDispAppearancePage
- Data Type
DWORD (set value of 0x00000001)
- Disable Desktop Background Properties Access
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDispBackgroundPage
- Data Type
DWORD (set value of 0x00000001)
- Disable Display Icon from Control Panel
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDispCPL
- Data Type
DWORD (set value of 0x00000001)
- Disable Screen Saver Properties Access
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDispScrSavPage
- Data Type
DWORD (set value of 0x00000001)
- Disable All But Selected Applications from Running
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
- Data Type
DWORD (set value of 0x00000001)
- Special Notes - For this setting to work, you will need to make a
list of programs that you want to allow to run. You can do this by creating
a Key inside the Explorer Key and calling it RestrictRun and adding string
values as demonstrated below:
- String Value
Name "1" Value "mspaint.exe" This will allow any program named mspaint.exe to run on the
system
- String Value
Name "2" Value "iexplore.exe" This will allow any program named iexplore.exe to run on the
system
- Disable Start Menu Shut Down Command
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoClose
- Data Type
DWORD (set value of 0x00000001)
- Disable Start Menu Log Off Command
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoLogoff
- Data Type
DWORD (set value of 0x00000001)
- Disable Start Menu Find Command
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoFind
- Data Type
DWORD (set value of 0x00000001)
- Disable Start Menu Documents Menu
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoRecentDocsMenu
- Data Type
DWORD (set value of 0x00000001)
- Disable Start Menu Favorites Menu
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoFavoritesMenu
- Data Type
DWORD (set value of 0x00000001)
- Disable Settings Menu Folder Options
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoFolderOptions
- Data Type
DWORD (set value of 0x00000001)
- Disable Desktop Update
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoDesktopUpdate
- Data Type
DWORD (set value of 0x00000001)
- Disable Settings Menu Active Desktop Settings
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoSetActiveDesktop
- Data Type
DWORD (set value of 0x00000001)
- Disable Settings Menu Folder Settings
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoSetFolders
- Data Type
DWORD (set value of 0x00000001)
- Disable Settings Menu Taskbar Settings
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoSetTaskbar
- Data Type
DWORD (set value of 0x00000001)
- Disable Saving Changed Settings
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoSaveSettings
- Data Type
DWORD (set value of 0x00000001)
- Disable Right-Click on the Taskbar
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoTrayContextMenu
- Data Type
DWORD (set value of 0x00000001)
- Disable Right-Click on the Desktop
- Location
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoViewContextMenu
- Data Type
DWORD (set value of 0x00000001)
- Disable Microsoft Office Tune Up
This
only applies to Microsoft Office 2000
- Location
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\9.0\Common\TuneUp\Disabled
- Data Type
DWORD (set value of 0x00000001)
- Disable AutoComplete in Explorer
- Location
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Use
- Data Type
String (set value of
"no")
Internet
Explorer System Settings All the information that is included in this section affects the
operation of Internet Explorer. Please note that these only affect
Internet Explorer's operation and will not work with any other browsers that may
be installed on your computer.
- Disable Closing Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Restrictions\NoBrowserClose
- Data Type
DWORD (set value of 0x00000001)
- Disable Right-Click in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Restrictions\NoBrowserContextMenu
- Data Type
DWORD (set value of 0x00000001)
- Disable Options in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Restrictions\NoBrowserOptions
- Data Type
DWORD (set value of 0x00000001)
- Disable Saving Pages in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Restrictions\NoBrowserSaveAs
- Data Type
DWORD (set value of 0x00000001)
- Disable Favorites in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Restrictions\NoFavorites
- Data Type
DWORD (set value of 0x00000001)
- Disable File Menu New Object in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Restrictions\NoFileNew
- Data Type
DWORD (set value of 0x00000001)
- Disable File Menu Open Object in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Restrictions\NoFileOpen
- Data Type
DWORD (set value of 0x00000001)
- Disable Finding Files in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Restrictions\NoFindFiles
- Data Type
DWORD (set value of 0x00000001)
- Disable Opening Files in New Window from Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Restrictions\NoOpenInNewWnd
- Data Type
DWORD (set value of 0x00000001)
- Disable Selectable Download Directory in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Restrictions\NoSelectDownloadDir
- Data Type
DWORD (set value of 0x00000001)
- Disable Viewing in Theater Mode in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Restrictions\NoTheaterMode
- Data Type
DWORD (set value of 0x00000001)
- Disable Viewing Source in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Restrictions\NoViewSource
- Data Type
DWORD (set value of 0x00000001)
- Disable Adding Channels in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoAddingChannels
- Data Type
DWORD (set value of 0x00000001)
- Disable Adding Subscriptions in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoAddingSubscriptions
- Data Type
DWORD (set value of 0x00000001)
- Disable Removing Channels in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoRemovingChannels
- Data Type
DWORD (set value of 0x00000001)
- Disable Removing Subscriptions in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoRemovingSubscriptions
- Data Type
DWORD (set value of 0x00000001)
- Disable Search Customization in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoSearchCustomization
- Data Type
DWORD (set value of 0x00000001)
- Disable Running the Connection Wizard
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Control Panel\Restrictions\Connwiz Admin
Lock
- Data Type
DWORD (set value of 0x00000001)
- Disable Importing or Exporting Favorites in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\DisableImportExportFavorites
- Data Type
DWORD (set value of 0x00000001)
- Disable Using the Microsoft Script Debugger in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\Disable Script Debugger
- Data Type
String (set value of "yes")
- Disable Using AutoComplete Forms in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\Use FormSuggest
- Data Type
String (set value of "no")
- Disable Using AutoComplete Passwords in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\FormSuggest Passwords
- Data Type
String (set value of "no")
- Disable Using Download Notification in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\NotifyDownloadComplete
- Data Type
String (set value of "no")
- Disable Error Notification in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\Err Dlg Displayed On Every Error
- Data Type
String (set value of "no")
- Disable Go Button in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\ShowGoButton
- Data Type
String (set value of "no")
- Disable Using a Custom Search Page in Web Browser
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\Use Custom Search URL
- Data Type
DWORD (set value of 0x00000000)
- Disable Custom Title for Web Browser Windows
- Location
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main\Window Title
- Data Type
String (set value of "custom title
text")
- Disable Installation of ISP Distribution Kit for Internet
Explorer
This only applies to Internet
Explorer 5.0 and up
- Location
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Connection Wizard\CanInstallISPKit5
- Data Type
String (set value of
"no")
Windows Media
Player System Settings All the information that is included in this section affects the
operation of Windows Media Player and components. Please note that these
only affect Windows Media Player's operation and will not work with any
other players that may be installed on your computer.
- Disable Finding New Stations in Media Player
- Location
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsMediaPlayer\NoFindNewStations
- Data Type
DWORD (set value of 0x00000001)
- Disable Media Favorites from Media Player
- Location
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsMediaPlayer\NoMediaFavorites
- Data Type
DWORD (set value of 0x00000001)
- Disable Radio Bar for Media Player
- Location
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsMediaPlayer\NoRadioBar
- Data Type
DWORD (set value of 0x00000001)
- Disable Media Player Upgrade Message
- Location
HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\PlayerUpgrade\AskMeAgain
- Data Type
String (set value of "no")
| | | Report Bad Submission | | | Your Vote! |
See Voting Log | | Other User Comments | 1/26/2002 5:31:26 PM:Aterciopelados Es un programa con muchos bugs
| 1/27/2002 10:33:02 AM:craX great just wat i needed
| 2/7/2002 5:10:48 AM:David Ward I can see lots of time and effort has
gone into this. Very useful. Nice one!
| 9/7/2003 3:43:59 PM: How update registry without restart PC?
| | Add Your Feedback! | Note:Not only will your feedback be posted, but an email will be sent to the code's author in your name.
NOTICE: The author of this article has been kind enough to share it with you. If you have a criticism, please state it politely or it will be deleted.
For feedback not related to this particular article, please click here. | | |
|