Solved

Disable Windows Menu Options under Local Policy

Posted on 2002-05-26
8
278 Views
Last Modified: 2010-04-13
Hi,
I have a Standalone Windows 2000 Professional PC. How do I disable Menu options and not allow user/group to install any programs under local policy. i.e I would like to disable access to control panel, run command.

Please help
0
Comment
Question by:vb7guy
8 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 7036471
Start > Run gpedit.msc


User Configuration > Sdminstrative Templates > Control Panel
double click on "Disable Control Panel" and enable the policy

Official Explaination
"Disables all Control Panel programs.

This policy prevents Control.exe, the program file for Control Panel, from starting. As a result, users cannot start Control Panel or run any Control Panel items.

This policy also removes Control Panel from the Start menu. (To open Control Panel, click Start, point to Settings, and then click Control Panel.) This policy also removes the Control Panel folder from Windows Explorer.

If users try to select a Control Panel item from the Properties item on a context menu, a message appears explaining that a policy prevents the action.

Also, see the "Disable Display in Control Panel" and "Disable programs on Settings menu" policies."


The Crazy One
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 7036478
User Configuration > Administrative Templates > Windows Components > Windows Installer
Disable media source for any install.

Officail Explaination
"Prevents users from installing programs from removable media.

If a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears, stating that the feature cannot be found.

This policy applies even when the installation is running in the user's security context.

If you disable this policy or do not configure it, users can install from removable media when the installation is running in their own security context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add/Remove Programs.

Also, see the "Enable user to use media source while elevated policy" in Computer Configuration\Administrative Templates\Windows Components\Windows Installer.

Also, see the "Hide the "Add a program from CD-ROM or floppy disk"" policy in User Configuration\Administrative Templates\Control Panel\Add/Remove Programs."


Always install with elevated privliges
Officail Explaination
"Directs Windows Installer to use system permissions when it installs any program on the system.

This policy extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add/Remove Programs in Control Panel. This policy lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.

If you disable this policy or do not configure it, the system applies the current user's permissions when it installs programs that a system administrator does  not distribute or offer.

Note: This policy appears both in the Computer Configuration and User Configuration folders. To make this policy effective, you must enable the policy in both folders.

Caution: Skilled users can take advantage of the permissions this policy grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy is not guaranteed to be secure."




User Configuration > Administrative Templates > Start Menu & Taskbar
Remove Run menu from Start Meny.

Officail Explaination
"Removes the Run command from the Start menu and removes the New Task (Run) command from Task Manager. Also, users with extended keyboards can no longer display the Run dialog box by pressing Application key (the key with the Windows logo) + R.

This policy affects the specified interface only. It does not prevents users from using other methods to run programs."
0
 
LVL 7

Expert Comment

by:jatcan
ID: 7045059
This person hasn't responded eh? Maybe he decided to play around with the newly discovered toy, gpedit that is, probably locked himself outta his machine...
0
 
LVL 44

Accepted Solution

by:
CrazyOne earned 100 total points
ID: 7045085
Hehehe you got a good sense of humor jatcan. BTW my name is Spencer. Some of the experts here that know me usually refere to me as Crazy or Spencer. :>)
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:vb7guy
ID: 7058364
Sorry for the delay, I was busy working on another project.
This works, but When I used gpedit.msc under aministrator account and disable the control panel. It disables control panel for Every user on this PC including the Admin. How do I disable if just the regular users.
0
 
LVL 7

Expert Comment

by:jatcan
ID: 7058876
Hey Guys,

Here is a list of Control Panle files and what they do/are. You can run them by clicking start button\run\<type in the control panel file name> and then click enter to execute the CP applet.

The following list shows the .cpl file that corresponds to each Control Panel tool.
   .cpl File                       Control Panel Tools
   ==============                  ======================
   Wspcpl32.cpl                    Languages, numbers,time
   Timedate. cpl                   Date Time and Time zone
   Telephon.cpl                    Dialing rule and modem
   Sysdm.cpl                       System
   Sticpl.cpl                      Scanner and camera
   Powercfg.cpl                    Power management
   Odbccp32.cpl                    Open database
connectivity                                    
   Nwc.cpl                         Netware client connectivity
   Ncpa.cpl                        Network and connectivity
   Mmsys.cpl                       Sound and multimedia
   Joy.cpl                         Game controller
   Intl.cpl                        International
   Access.cpl                      Accessibility
   Hdwwiz.cpl                      Add/Remove Hardware
   Main.cpl                        Mouse
   Netcpl.cpl                      Network and Dial-up Connectivity
   Modem.cpl                       Phone and Modem
   Mlcfg.cpl                       Mail
   Wspcpl.cpl                      WSP Client
   Desk.cpl                        Display
   Liccpa.cpl                      Licensing
   Fax.cpl                         Fax wizard
   Desk.cpl                        Printers      
   Appwiz.cpl                      Add/Remove Program

Hope this helps, cheers guys...oh Crazy, glad I could amuse someone ;->

0
 
LVL 7

Expert Comment

by:jatcan
ID: 7058880
Crazy,

Can you look at this question please...

http://www.experts-exchange.com/questions/Q_20308165.html
0
 

Expert Comment

by:Aerick711
ID: 12587560
"It disables control panel for Every user on this PC including the Admin. How do I disable if just the regular users."

anyone know how to do this without editing the registry? Im workin on extra credit and i can't edit the registry but i have to have the control panel available for the admin but not for other users.. We are sopposed to use the gpedit

0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Are you unable to connect or configure Hotmail email account in Microsoft Outlook 2010, 2007? Or Outlook.com emails are not downloading to Outlook? Lets’ see the problem and resolve Outlook Connector error syncing folder hierarchy (0x8004102A).
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now