Restricting Access to User-Specific Settings

When you double-click the Default User icon in System Policy Editor, a list of Control Panel, desktop, network, shell (user interface), and system settings appears so that you can predefine or restrict access to settings that will apply when the user logs on to the system. These system policy settings are stored in USER.DAT.

Restricting Access to Control Panels

The following table describes the system policies you can apply to restrict access to settings in the Display, Network, Printers, System, and Passwords options of Control Panel.

User Policies for Restricting Access to Control Panel Options

Option

Description

Restrict Display Control Panel

Disable Display Control Panel

Prevents access to the Display option in Control Panel.

Hide Background Page

Hides the Background properties of the Display option in Control Panel.

Hide Screen Saver Page

Hides the Screen Saver properties of the Display option in Control Panel.

Hide Appearance Page

Hides the Appearance properties of the Display option in Control Panel.

Hide Settings Page

Hides the Settings properties of the Display option in Control Panel.

Restrict Network Control Panel

Disable Network Control Panel

Prevents access to the Network option in Control Panel.

Hide Identification Page

Hides the Identification properties of the Network option in Control Panel.

Hide Access Control Page

Hides the Access Control (user level vs. share level) properties of the Network option in Control Panel.

Restrict Passwords Control Panel

Disable Passwords Control Panel

Prevents access to the Passwords option in Control Panel.

Hide Change Passwords Page

Hides the Change Passwords properties of the Passwords option in Control Panel.

Hide Remote Administration Page

Hides the Remote Administration properties of the Passwords option in Control Panel.

Hide User Profiles Page

Hides the Profiles properties of the Passwords option in Control Panel.

Restrict Printers Settings

Hide General And Details Pages

Hides the General and Details properties for the Printer option in Control Panel.

Disable Deletion Of Printers

Prevents the deletion of installed printers.

Disable Addition Of Printers

Prevents the installation of printers.

Restrict System Control Panel

Hide Device Manager Page

Hides the Device Manager properties from the System option in Control Panel.

Hide Hardware Profiles Page

Hides the Hardware Profiles properties from the System option in Control Panel.

Hide File System Button

Hides the File System button from the Performance properties in the System option in Control Panel.

Hide Virtual Memory Button

Hides the Virtual Memory button from the Performance properties in the System option in Control Panel.


Defining User Policies for Desktop Settings

Within this category of options, you can predefine settings or restrict users from defining wallpaper and color scheme settings, as listed in the following table.

User Policies for Wallpaper and Color Scheme Settings

Option

Description

Wallpaper Name

When checked, the specified bitmap will be used as the wallpaper.

Tile Wallpaper

When checked, the wallpaper file will be tiled in the background of the desktop.

Color Scheme

When checked, the user will automatically see the specified color scheme.


Restricting Access to Network Settings

Within this category of options, you can restrict the user's ability to share files and printers. Typically, you might want to set these policies to apply when File and Printer Sharing services are installed, but when you do not want users to change which resources are shared on their computers.

User Policies for Restricting Access to File and Printer Sharing

Option

Description

Sharing

Disable File Sharing Controls

Removes the Sharing properties from directories in Windows Explorer.

Disable Print Sharing Controls

Removes the Sharing properties from the Printer directory.


Restricting Access to Shell Settings

The following table describes the system policies you can apply to directories and user interface options.

User Policies for Restricting Access to Shell Settings

Option

Description

Custom Folders

Custom Programs Folder

Customizes the contents of the Programs directory. You must also type a path for the directory containing complete files or .LNK files that define the Programs directory items.

Custom Desktop Icons

Customizes desktop icons. You must also type a path for the directory containing complete files or .LNK files that define the desktop shortcuts.

Hide Start Menu Subfolders

Check this when you use a custom Programs folder. Otherwise, two Programs entries will appear on the user's Start menu.

Custom Startup Folder

Customizes the contents of the Startup directory. You must also type a path for the directory containing complete files or .LNK files that define the Startup directory items.

Custom Network Neighborhood

Customizes the contents of Network Neighborhood. You must also type a path for the directory containing complete files or .LNK files that define the Network Neighborhood items.

Custom Start Menu

Customizes what is listed on the Start menu. You must also type a path for the directory containing complete files or .LNK files that define the Start menu items.

Restrictions

Remove Run command

Prevents access to the Run command on the Start menu.

Remove Folders From Settings On Start Menu

Prevents access to any item listed under Settings on the Start menu.

Remove Taskbar From Settings On Start Menu

Prevents access to the Taskbar item listed under Settings on the Start menu.

Remove Find Command

Prevents access to any of the items listed under Find on the Start menu.

Hide Drives In My Computer

Prevents access to My Computer.

Hide Network Neighborhood

Prevents access to Network Neighborhood.

No Entire Network In Network Neighborhood

Prevents access to the Entire Network icon in Network Neighborhood.

No Workgroup Contents In Network Neighborhood

Prevents workgroup contents from being displayed in Network Neighborhood.

Hide All Items On Desktop

Prevents access to all items on the desktop.

Disable Shut Down Command

Prevents access to the Shut Down command on the Start menu; displays explanation in a dialog box.

Don't Save Settings At Exit

Prevents settings from being written to the file system.


Restricting Access to System Settings

The system policies in this category restrict the use of Registry editing tools, applications, and MS-DOS – based applications. The following table describes the policies you can set within this category.

User Policies Restricting Access to System Settings

Option

Description

Restrictions

Disable Registry Editing Tools

Prevents access to Registry Editor. It does not prevent access to the Registry mode in System Policy Editor.

Only Run Allowed Windows Applications

Prevents users from running any Windows-based applications except those that are listed. Click Show to define the allowed applications.

Disable MS-DOS Prompt

Prevents access to the MS-DOS prompt.

Disable Single-Mode MS-DOS Applications

Prevents users from running MS-DOS – based applications in MS-DOS Mode.