[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Disable Windows Menu Options under Local Policy

Posted on 2002-05-26
Medium Priority
Last Modified: 2010-04-13
I have a Standalone Windows 2000 Professional PC. How do I disable Menu options and not allow user/group to install any programs under local policy. i.e I would like to disable access to control panel, run command.

Please help
Question by:vb7guy
LVL 44

Expert Comment

ID: 7036471
Start > Run gpedit.msc

User Configuration > Sdminstrative Templates > Control Panel
double click on "Disable Control Panel" and enable the policy

Official Explaination
"Disables all Control Panel programs.

This policy prevents Control.exe, the program file for Control Panel, from starting. As a result, users cannot start Control Panel or run any Control Panel items.

This policy also removes Control Panel from the Start menu. (To open Control Panel, click Start, point to Settings, and then click Control Panel.) This policy also removes the Control Panel folder from Windows Explorer.

If users try to select a Control Panel item from the Properties item on a context menu, a message appears explaining that a policy prevents the action.

Also, see the "Disable Display in Control Panel" and "Disable programs on Settings menu" policies."

The Crazy One
LVL 44

Expert Comment

ID: 7036478
User Configuration > Administrative Templates > Windows Components > Windows Installer
Disable media source for any install.

Officail Explaination
"Prevents users from installing programs from removable media.

If a user tries to install a program from removable media, such as CD-ROMs, floppy disks, and DVDs, a message appears, stating that the feature cannot be found.

This policy applies even when the installation is running in the user's security context.

If you disable this policy or do not configure it, users can install from removable media when the installation is running in their own security context, but only system administrators can use removable media when an installation is running with elevated system privileges, such as installations offered on the desktop or in Add/Remove Programs.

Also, see the "Enable user to use media source while elevated policy" in Computer Configuration\Administrative Templates\Windows Components\Windows Installer.

Also, see the "Hide the "Add a program from CD-ROM or floppy disk"" policy in User Configuration\Administrative Templates\Control Panel\Add/Remove Programs."

Always install with elevated privliges
Officail Explaination
"Directs Windows Installer to use system permissions when it installs any program on the system.

This policy extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add/Remove Programs in Control Panel. This policy lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.

If you disable this policy or do not configure it, the system applies the current user's permissions when it installs programs that a system administrator does  not distribute or offer.

Note: This policy appears both in the Computer Configuration and User Configuration folders. To make this policy effective, you must enable the policy in both folders.

Caution: Skilled users can take advantage of the permissions this policy grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this policy is not guaranteed to be secure."

User Configuration > Administrative Templates > Start Menu & Taskbar
Remove Run menu from Start Meny.

Officail Explaination
"Removes the Run command from the Start menu and removes the New Task (Run) command from Task Manager. Also, users with extended keyboards can no longer display the Run dialog box by pressing Application key (the key with the Windows logo) + R.

This policy affects the specified interface only. It does not prevents users from using other methods to run programs."

Expert Comment

ID: 7045059
This person hasn't responded eh? Maybe he decided to play around with the newly discovered toy, gpedit that is, probably locked himself outta his machine...
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

LVL 44

Accepted Solution

CrazyOne earned 400 total points
ID: 7045085
Hehehe you got a good sense of humor jatcan. BTW my name is Spencer. Some of the experts here that know me usually refere to me as Crazy or Spencer. :>)

Author Comment

ID: 7058364
Sorry for the delay, I was busy working on another project.
This works, but When I used gpedit.msc under aministrator account and disable the control panel. It disables control panel for Every user on this PC including the Admin. How do I disable if just the regular users.

Expert Comment

ID: 7058876
Hey Guys,

Here is a list of Control Panle files and what they do/are. You can run them by clicking start button\run\<type in the control panel file name> and then click enter to execute the CP applet.

The following list shows the .cpl file that corresponds to each Control Panel tool.
   .cpl File                       Control Panel Tools
   ==============                  ======================
   Wspcpl32.cpl                    Languages, numbers,time
   Timedate. cpl                   Date Time and Time zone
   Telephon.cpl                    Dialing rule and modem
   Sysdm.cpl                       System
   Sticpl.cpl                      Scanner and camera
   Powercfg.cpl                    Power management
   Odbccp32.cpl                    Open database
   Nwc.cpl                         Netware client connectivity
   Ncpa.cpl                        Network and connectivity
   Mmsys.cpl                       Sound and multimedia
   Joy.cpl                         Game controller
   Intl.cpl                        International
   Access.cpl                      Accessibility
   Hdwwiz.cpl                      Add/Remove Hardware
   Main.cpl                        Mouse
   Netcpl.cpl                      Network and Dial-up Connectivity
   Modem.cpl                       Phone and Modem
   Mlcfg.cpl                       Mail
   Wspcpl.cpl                      WSP Client
   Desk.cpl                        Display
   Liccpa.cpl                      Licensing
   Fax.cpl                         Fax wizard
   Desk.cpl                        Printers      
   Appwiz.cpl                      Add/Remove Program

Hope this helps, cheers guys...oh Crazy, glad I could amuse someone ;->


Expert Comment

ID: 7058880

Can you look at this question please...


Expert Comment

ID: 12587560
"It disables control panel for Every user on this PC including the Admin. How do I disable if just the regular users."

anyone know how to do this without editing the registry? Im workin on extra credit and i can't edit the registry but i have to have the control panel available for the admin but not for other users.. We are sopposed to use the gpedit


Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Strategic internal linking is often considered an SEO power technique, especially for content marketing. Do you need to hire an SEO agency to optimize you internal linking? No, this article will help you understand the basics of internal linking and…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month18 days, 21 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question