When you double-click the Default User icon in System Policy Editor, a list of Control Panel, desktop, network, shell (user interface), and system settings appears so that you can predefine or restrict access to settings that will apply when the user logs on to the system. These system policy settings are stored in USER.DAT.
The following table describes the system policies you can apply to restrict access to settings in the Display, Network, Printers, System, and Passwords options of Control Panel.
User Policies for Restricting Access to Control Panel Options
Option | Description |
Restrict Display Control Panel | |
Disable Display Control Panel | Prevents access to the Display option in Control Panel. |
Hide Background Page | Hides the Background properties of the Display option in Control Panel. |
Hide Screen Saver Page | Hides the Screen Saver properties of the Display option in Control Panel. |
Hide Appearance Page | Hides the Appearance properties of the Display option in Control Panel. |
Hide Settings Page | Hides the Settings properties of the Display option in Control Panel. |
Restrict Network Control Panel | |
Disable Network Control Panel | Prevents access to the Network option in Control Panel. |
Hide Identification Page | Hides the Identification properties of the Network option in Control Panel. |
Hide Access Control Page | Hides the Access Control (user level vs. share level) properties of the Network option in Control Panel. |
Restrict Passwords Control Panel | |
Disable Passwords Control Panel | Prevents access to the Passwords option in Control Panel. |
Hide Change Passwords Page | Hides the Change Passwords properties of the Passwords option in Control Panel. |
Hide Remote Administration Page | Hides the Remote Administration properties of the Passwords option in Control Panel. |
Hide User Profiles Page | Hides the Profiles properties of the Passwords option in Control Panel. |
Restrict Printers Settings | |
Hide General And Details Pages | Hides the General and Details properties for the Printer option in Control Panel. |
Disable Deletion Of Printers | Prevents the deletion of installed printers. |
Disable Addition Of Printers | Prevents the installation of printers. |
Restrict System Control Panel | |
Hide Device Manager Page | Hides the Device Manager properties from the System option in Control Panel. |
Hide Hardware Profiles Page | Hides the Hardware Profiles properties from the System option in Control Panel. |
Hide File System Button | Hides the File System button from the Performance properties in the System option in Control Panel. |
Hide Virtual Memory Button | Hides the Virtual Memory button from the Performance properties in the System option in Control Panel. |
Within this category of options, you can predefine settings or restrict users from defining wallpaper and color scheme settings, as listed in the following table.
User Policies for Wallpaper and Color Scheme Settings
Option | Description |
Wallpaper Name | When checked, the specified bitmap will be used as the wallpaper. |
Tile Wallpaper | When checked, the wallpaper file will be tiled in the background of the desktop. |
Color Scheme | When checked, the user will automatically see the specified color scheme. |
Within this category of options, you can restrict the user's ability to share files and printers. Typically, you might want to set these policies to apply when File and Printer Sharing services are installed, but when you do not want users to change which resources are shared on their computers.
User Policies for Restricting Access to File and Printer Sharing
Option | Description |
Sharing | |
Disable File Sharing Controls | Removes the Sharing properties from directories in Windows Explorer. |
Disable Print Sharing Controls | Removes the Sharing properties from the Printer directory. |
The following table describes the system policies you can apply to directories and user interface options.
User Policies for Restricting Access to Shell Settings
Option | Description |
Custom Folders | |
Custom Programs Folder | Customizes the contents of the Programs directory. You must also type a path for the directory containing complete files or .LNK files that define the Programs directory items. |
Custom Desktop Icons | Customizes desktop icons. You must also type a path for the directory containing complete files or .LNK files that define the desktop shortcuts. |
Hide Start Menu Subfolders | Check this when you use a custom Programs folder. Otherwise, two Programs entries will appear on the user's Start menu. |
Custom Startup Folder | Customizes the contents of the Startup directory. You must also type a path for the directory containing complete files or .LNK files that define the Startup directory items. |
Custom Network Neighborhood | Customizes the contents of Network Neighborhood. You must also type a path for the directory containing complete files or .LNK files that define the Network Neighborhood items. |
Custom Start Menu | Customizes what is listed on the Start menu. You must also type a path for the directory containing complete files or .LNK files that define the Start menu items. |
Restrictions | |
Remove Run command | Prevents access to the Run command on the Start menu. |
Remove Folders From Settings On Start Menu | Prevents access to any item listed under Settings on the Start menu. |
Remove Taskbar From Settings On Start Menu | Prevents access to the Taskbar item listed under Settings on the Start menu. |
Remove Find Command | Prevents access to any of the items listed under Find on the Start menu. |
Hide Drives In My Computer | Prevents access to My Computer. |
Hide Network Neighborhood | Prevents access to Network Neighborhood. |
No Entire Network In Network Neighborhood | Prevents access to the Entire Network icon in Network Neighborhood. |
No Workgroup Contents In Network Neighborhood | Prevents workgroup contents from being displayed in Network Neighborhood. |
Hide All Items On Desktop | Prevents access to all items on the desktop. |
Disable Shut Down Command | Prevents access to the Shut Down command on the Start menu; displays explanation in a dialog box. |
Don't Save Settings At Exit | Prevents settings from being written to the file system. |
The system policies in this category restrict the use of Registry editing tools, applications, and MS-DOS – based applications. The following table describes the policies you can set within this category.
User Policies Restricting Access to System Settings
Option | Description |
Restrictions | |
Disable Registry Editing Tools | Prevents access to Registry Editor. It does not prevent access to the Registry mode in System Policy Editor. |
Only Run Allowed Windows Applications | Prevents users from running any Windows-based applications except those that are listed. Click Show to define the allowed applications. |
Disable MS-DOS Prompt | Prevents access to the MS-DOS prompt. |
Disable Single-Mode MS-DOS Applications | Prevents users from running MS-DOS – based applications in MS-DOS Mode. |