arunykand
asked on
Windows Logon - Shell
Hi,
Here is what I am trying to do....I want a Win-XP computer to log-in automatically, and our software to start-up after getting into Windows. The user should not have any access to the Desktop, Windows Explorer, etc, only our customized software that is running. If the user exits our application, only a blank screen should be visible in the desktop.... I think I know how to achieve this, and someone can correct me if I am wrong. In regedit, create a new string value called 'Shell' and for the 'Value data' field, enter the path of the software that needs to be run upon startup and also setup auto-login capability in control panel.
My real question here is, what if an Administrator (such as myself) needs to login (or access) Windows to update software, modify settings, etc....If the system is setup to auto-login and the capability to get to Desktop, etc is disabled, how then does an Admin login into Windows?
Thanks for your help.
Here is what I am trying to do....I want a Win-XP computer to log-in automatically, and our software to start-up after getting into Windows. The user should not have any access to the Desktop, Windows Explorer, etc, only our customized software that is running. If the user exits our application, only a blank screen should be visible in the desktop.... I think I know how to achieve this, and someone can correct me if I am wrong. In regedit, create a new string value called 'Shell' and for the 'Value data' field, enter the path of the software that needs to be run upon startup and also setup auto-login capability in control panel.
My real question here is, what if an Administrator (such as myself) needs to login (or access) Windows to update software, modify settings, etc....If the system is setup to auto-login and the capability to get to Desktop, etc is disabled, how then does an Admin login into Windows?
Thanks for your help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry I mistyped a bit its
HKEY_LOCAL_MACHINE\SOFTWAR E\Microsof t\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWAR
Also in reference to 4runners comment. You may want to lock them down to not allow task manager. Otherwise they can just start explorer or any app they want by themselves.
ASKER
Ok, I like all the comments...Let me ask this, is it possible to keep 'CTRL-ALT-DEL' access for the user, but only have the 'Log Off' button enabled, so that all the user can do is log-off, and then I (Admin) can login to access full Windows functionality?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The only problem with using the local gpedit is that it will affect all users. If you have access to Active Directory you can set a policy just for that user. It may not be an issue just an fyi.
ASKER
Correct...as 'Chuck' mentioned, if I disable the 'Lock Computer' for the user, the Admin also has that disabled, not what I wanted....This PC is a stand-alone, not part of 'Active Directory'. any help? :(
Those settings can be easily set for a specific user, using the registry.
Usually those settings will be stored inside the key:
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\Polici es\Explore r
That's however a little bit more "dangerous", but if you want more on that, just look for the string above on Google.
I just found that might be enough: http://www.dewassoc.com/support/useful/registry/policy.htm
Regards!
Usually those settings will be stored inside the key:
HKEY_CURRENT_USER\Software
That's however a little bit more "dangerous", but if you want more on that, just look for the string above on Google.
I just found that might be enough: http://www.dewassoc.com/support/useful/registry/policy.htm
Regards!
Here is another trick. If you use local group policy, it creates a local folder called grouppolicy under C:\Windows\system32 I think. It is a hidden system folder. If you move it out of there and reboot the group policy settings will be removed. Then when you make your changes you can add the folder back and reboot again. I did this like 5 or more years ago so I would recommend testing this to verify and make sure my paths or correct. It is either system or system32
Open an admin privileged CMD window:
Runas /user:YourDomain\administr
Open an admin privileged Explorer window:
Runas /user:YourDomain\administr
Note: if explorer is your shell, you can kill explorer.exe via taskmanager, and when you run the command above, it will open explorer as your shell, with your admin credentials.
Open an admin privileged Notepad:
Runas /user:YourDomain\administr