Disable Windows Menu Options under Local Policy

I have a Standalone Windows 2000 Professional PC. How do I disable Menu options and not allow user/group to install any programs under local policy. i.e I would like to disable access to control panel, run command.

Please help
Who is Participating?
CrazyOneConnect With a Mentor Commented:
Hehehe you got a good sense of humor jatcan. BTW my name is Spencer. Some of the experts here that know me usually refere to me as Crazy or Spencer. :>)
Start > Run gpedit.msc

User Configuration > Sdminstrative Templates > Control Panel
double click on "Disable Control Panel" and enable the policy

Official Explaination
"Disables all Control Panel programs.

This policy prevents Control.exe, the program file for Control Panel, from starting. As a result, users cannot start Control Panel or run any Control Panel items.

This policy also removes Control Panel from the Start menu. (To open Control Panel, click Start, point to Settings, and then click Control Panel.) This policy also removes the Control Panel folder from Windows Explorer.

If users try to select a Control Panel item from the Properties item on a context menu, a message appears explaining that a policy prevents the action.

Also, see the "Disable Display in Control Panel" and "Disable programs on Settings menu" policies."

The Crazy One
User Configuration > Administrative Templates > Windows Components > Windows Installer
Disable media source for any install.

Officail Explaination
"Prevents users from installing programs from removable media.

If a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears, stating that the feature cannot be found.

This policy applies even when the installation is running in the user's security context.

If you disable this policy or do not configure it, users can install from removable media when the installation is running in their own security context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add/Remove Programs.

Also, see the "Enable user to use media source while elevated policy" in Computer Configuration\Administrative Templates\Windows Components\Windows Installer.

Also, see the "Hide the "Add a program from CD-ROM or floppy disk"" policy in User Configuration\Administrative Templates\Control Panel\Add/Remove Programs."

Always install with elevated privliges
Officail Explaination
"Directs Windows Installer to use system permissions when it installs any program on the system.

This policy extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add/Remove Programs in Control Panel. This policy lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.

If you disable this policy or do not configure it, the system applies the current user's permissions when it installs programs that a system administrator does  not distribute or offer.

Note: This policy appears both in the Computer Configuration and User Configuration folders. To make this policy effective, you must enable the policy in both folders.

Caution: Skilled users can take advantage of the permissions this policy grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy is not guaranteed to be secure."

User Configuration > Administrative Templates > Start Menu & Taskbar
Remove Run menu from Start Meny.

Officail Explaination
"Removes the Run command from the Start menu and removes the New Task (Run) command from Task Manager. Also, users with extended keyboards can no longer display the Run dialog box by pressing Application key (the key with the Windows logo) + R.

This policy affects the specified interface only. It does not prevents users from using other methods to run programs."
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

This person hasn't responded eh? Maybe he decided to play around with the newly discovered toy, gpedit that is, probably locked himself outta his machine...
vb7guyAuthor Commented:
Sorry for the delay, I was busy working on another project.
This works, but When I used gpedit.msc under aministrator account and disable the control panel. It disables control panel for Every user on this PC including the Admin. How do I disable if just the regular users.
Hey Guys,

Here is a list of Control Panle files and what they do/are. You can run them by clicking start button\run\<type in the control panel file name> and then click enter to execute the CP applet.

The following list shows the .cpl file that corresponds to each Control Panel tool.
   .cpl File                       Control Panel Tools
   ==============                  ======================
   Wspcpl32.cpl                    Languages, numbers,time
   Timedate. cpl                   Date Time and Time zone
   Telephon.cpl                    Dialing rule and modem
   Sysdm.cpl                       System
   Sticpl.cpl                      Scanner and camera
   Powercfg.cpl                    Power management
   Odbccp32.cpl                    Open database
   Nwc.cpl                         Netware client connectivity
   Ncpa.cpl                        Network and connectivity
   Mmsys.cpl                       Sound and multimedia
   Joy.cpl                         Game controller
   Intl.cpl                        International
   Access.cpl                      Accessibility
   Hdwwiz.cpl                      Add/Remove Hardware
   Main.cpl                        Mouse
   Netcpl.cpl                      Network and Dial-up Connectivity
   Modem.cpl                       Phone and Modem
   Mlcfg.cpl                       Mail
   Wspcpl.cpl                      WSP Client
   Desk.cpl                        Display
   Liccpa.cpl                      Licensing
   Fax.cpl                         Fax wizard
   Desk.cpl                        Printers      
   Appwiz.cpl                      Add/Remove Program

Hope this helps, cheers guys...oh Crazy, glad I could amuse someone ;->


Can you look at this question please...

"It disables control panel for Every user on this PC including the Admin. How do I disable if just the regular users."

anyone know how to do this without editing the registry? Im workin on extra credit and i can't edit the registry but i have to have the control panel available for the admin but not for other users.. We are sopposed to use the gpedit

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.