Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Disable Control Panel on Clients from Server

Posted on 2003-11-14
Last Modified: 2012-05-04

I'm running Windows 2000 Server, and I have about 20 clients in which I want to disable the Control Panel on all of them.  I created a new OU and named it "Disable Control Panel" added the users that I want to disable the control panel on.  And created the Group Policy to Enable "Disable Control Panel."  My question is when I log onto one of the client computers with one of the users name in the OU.  The Control Panel is still visible and I can still enter it.  But if I go to the Server and login in with one of the user names in the OU the control panel is disabled.  So it does work on the Server, but not on the client computers.  

I also ran secedit and gpupdate on both the client and server to see if the Group Policy would kick in but nothing.

Can someone please tell me what I'm doing wrong?

P.S. Clients are running either Windows 2000 Professional or XP Professional.

Thank you,
Question by:DaliSalv22
  • 5
  • 3

Expert Comment

ID: 9768857
Back up your registry !

This is a edit for denying access to the control panel for
*users on a machine
*or the entire system

Disable Control Panel Instuctions with Group Policy

Unfortunately you will be unable to deploy the action from the server unless you know how to write a script that will edit the registry on client machines. I Don't know of any! You will have to take the time and edit these machines by hand if you don't want them to have acces to these functions. but at least they can not change anything on the server side!

USER Accounts shouldn't be able to make system changes anyway!
do you have your client machines set up for special access on the system.


Accepted Solution

wtrmk74 earned 250 total points
ID: 9768875
even quicker
edit one machine
open regedit
export registry file
selected branch


deploy this file on all client machines.


Author Comment

ID: 9772496
Thank you for your reply.

So the Group Policy feature in Windows 2000 server will only disable the control panel on the server for the users that directly login to the server?

So I have to change all my clients registry to disable the control panel, that's stinks.  I thought there was an easier way going through the server.

Thanks anyway,
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud


Expert Comment

ID: 9775410
Good luck
take care


Expert Comment

ID: 9807182
Dear DaliSalv22,
I fell terrible that I have steered you in the improper direction
yet being able to edit the registry is great and usefull, it is definately not what you want to spend you time doing.

even if you edit the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
it wil only effect that user ONLY
and if you edit the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
it will only effect the NEW users added to the USER PROFILES LIST after the registry change.

As I said I feel terrible that I have steered you in a somewhat wrong direction that will ultimately get you nowhere.

please read this entire article about an international electronics company that used the OU to do just what your asking and much much more...

Designing and Implementing an Organizational Units:

feel free to post a request for refund of POINTS in The Community Support section if this article does not help you achieve your goals sucessfully.

unhappily appologetic

Author Comment

ID: 9811802
Hello, wtrmk74.

Don't worry about it, but I do appreciate you responding again with better articles to look at.  I did take a look at the articles that you listed above and they did help me out.  I finally got the the control panel disabled.  It worked two ways either adding the computer to the OU which has the disabled Control Panel policy in it, or having the user under the OU that has the disabled Control Panel policy in it and adding the user to be a member of "Domain Admins."  The Group Policy wouldn't work when the user was only a member of "Domain Users."  

I did run into another problem though, go figure!!  I applied other restrictions to the Group Policy such as disabling the "Properties" under My Computer, disabling access to Network Neighborhood and they all worked fine.  However, when I disabled access to regedit.exe and cmd.exe under the Group Policy it still lets me run both programs, while the other restrictions I set are still working fine.  Can't seem to figure out why these two restrictions don't work.  If you have any ideas what could be causing this, I'd appreciate your help.

Thanks again,

Author Comment

ID: 9813644
Hello, wtrmk74.

Well I figured out why it wasn't updating my Group Policy for the registry and cmd prompt.  I had to have my primary DNS pointing to my DNS Server where I have the Group Policy on.  I had it set up like and that's when my restrictions started working, but then I switched the DNS back to use the ISP DNS servers that's when it stopped working.  I didn't realize that's were the problem was coming from.  But then I saw Userenv errors in my Application Log, and I figured out it was the DNS.  It's always something so easy to figure out, but it took me awhile to realize what I have done wrong.  Oh well, live and learn.    


Expert Comment

ID: 9815083
I am pleased to hear that everything is up and running smooth now. Glad the article helped solve those problems.
Getting everything pointed to the right place can certainly drive you crazy and yet it always seems the simplest solutions are always overlooked!

So I guess that's it then....

thanks for your patience

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Starting your own business is always a daunting process, and for most people it is brand new experience. Avoid the common pitfalls by following these tips to start on the road to success.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question