Remove items in Startmenu by editing windows-register

Hi!
We are trying to setup a secure computer to ensure that a user doesn't destroy something in the system.
But I don't know how I can remove items in the programfolder in the Startmenu. I need to remove "cmd.exe" and "Win NT Explorer".
Does anyone know what key/value to set in the register?

/Micke
mickehallgrenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sramesh2kCommented:
The shortcut will be available in the following location. Delete it.

C:\Documents and Settings\All Users\Start Menu\Programs
and
C:\Documents and Settings\<UserNAME>\Start Menu\Programs

substitute <username> with a valid username.

0
sramesh2kCommented:
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
0
sramesh2kCommented:
C:\Documents and Settings\<Username>\Start Menu\Programs
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

mickehallgrenAuthor Commented:
I don't wan't to change the profile of a user. I wan't to do the changes in the windows-registry.

The reason why I want to do this is to complicated to write about here.

/M
0
PaulBobbyCommented:
Then you're talking about setting Policy.

You didn't mention which flavour of windows you're running, Policy settings for NT and 2000, talking about running group edit for XP... so let us know.

If you're serious about locking down a PC and turning it in to something of a kiosk (running only a few applications), then that is a separate problem but one that even Microsoft has documented the procedure for. Norton and others even make products that can lock your PC down.

If you're worried about the end-user buggering up the computer, it requires a solution greater than just removing cmd.exe and windows NT explorer.

Users download all sorts of stuff, you can run 'things' from the browser location line if you've disabled start->run, etc etc.... tons of other ways.

I suggest you define "ensure that a user doesn't destroy something in the system".... 'cause that could mean covering the computer in a waterproof casing in the event the user spills coffee on to it :)
0
mickehallgrenAuthor Commented:
I'm using WinNT 4.0.

I don't wan't to do a permanent change in the system. I'm using a cryptocard to get access to the windows-login. In the cryptocard there is info about what kind of user it is. Later during the login I set up the environment by editing the windows-registry. And depending on usertype I want to hide items in startmenu.

This is the only thing left to do a "usersafe" computer... All other stuff is closed down. The only thing a user can do is to start notepad.exe or our own developed program.
0
oBdACommented:
That can be accomplished with a system policy. Redirect the default start menu path to a customized one with only the shortcuts in it you need.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mickehallgrenAuthor Commented:
Thank's! The reason the answer is "Average" is that you could've told me which keys in registry to edit. Anyway, here is my solution:

void SetUserDeskTop(int ValueData)
{
  HKEY  StartRegKeyHandle;
  WCHAR StartRegKeyPath[]             = L"Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders";
  WCHAR StartMenuData[80];
  WCHAR StartMenuProgramData[80];

...
...

  if(ValueData==SAFEMODE)
  {
    NoDriveTypeAutoRunValueData=95;
    wcscpy(StartMenuData,L"c:\\program\\gina\\Start Menu");
    wcscpy(StartMenuProgramData,L"c:\\program\\gina\\Start Menu\\Programs");
  }
  else if(ValueData==OPENMODE)
  {
    NoDriveTypeAutoRunValueData=0;
    wcscpy(StartMenuData,L"%USERPROFILE%\\Start Menu");
    wcscpy(StartMenuProgramData,L"%USERPROFILE%\\Start Menu\\Programs");
  }

  // ----------------Open key and assign a new path for the Start menu----------------
  RegCreateKey( HKEY_CURRENT_USER,
              StartRegKeyPath,
              &StartRegKeyHandle );
  wcscpy(ValueName,L"Start Menu");  
  RegSetValueEx(StartRegKeyHandle,ValueName, 0, REG_EXPAND_SZ, (PBYTE)&StartMenuData, sizeof(StartMenuData) );

  wcscpy(ValueName,L"Programs");  
  RegSetValueEx(StartRegKeyHandle,ValueName, 0, REG_EXPAND_SZ, (PBYTE)&StartMenuProgramData, sizeof(StartMenuProgramData) );

  RegCloseKey(StartRegKeyHandle);

...
...

}
0
oBdACommented:
The answer would have just been a question away ...
When I suggested the system policy, I was at home and didn't have the .adm file at hand to extract the key, and then I thought "Oh well, he's going to ask if he really needs it ..."
May I ask anyway why you manipulate the registry directly instead of using an already existing system policy?
0
mickehallgrenAuthor Commented:
We have developed an own gina.dll so we have full controll of the loginbehaviour. To the computer we have connected a smartcardreader for extended loginprotection. So every user have their own logincard and we need to change the user-rights depending on what kind of smartcard the user has inserted to the reader.

So the rights are changed by editing the registry in C++ when a user is logged on.

Hope you understand, my english is not so good...
/Micke
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.