| Platform SDK: Group Policy |
Group Policy settings allow administrators to control and manage their users' computing environments by mandating specific user and computer settings across the network. System-level Group Policy settings may be set by administrators to control specific capabilities of the system. For each policy listed below, your application must adhere to any policy settings that are enabled at the time your application is launched. For many applications, no action is required to adhere to these policies. However, if your application replaces or duplicates operating system functionality, specific steps may be required on the part of the application.
Remove Run from Start menu
| Description | When this policy is enabled, Windows 2000 removes Run from the Start menu and disables users from launching the Run dialog box by pressing the Windows Key + R. |
| Application action | If your application has a function that allows a user to start a program by typing in its name and path in a dialog, then your application must disable that functionality when this policy is enabled. |
| Registry information | Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoRun |
Hide specified drives in My Computer
| Description | When enabled, this policy removes the icons representing the selected disk drives from My Computer, Windows Explorer, and My Network Places and from common dialog boxes. |
| Application action | Your application must hide any drives that are hidden by the system when this policy is enabled. This includes any buttons, menu options, icons, or any other visual representation of drives in your application. This does not preclude the user from accessing drives by manually entering drive letters in dialog boxes. |
| Registry information | Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoDrives |
Run only allowed Windows applications
| Description | When this policy is enabled, users can only run applications that are listed under the RestrictRun value. |
| Application action | Your application must not start any application that is not on this list. Note this does not apply when launching applications through COM. If you use ShellExecuteEx, Windows 2000 will perform this check automatically. |
| Registry information | Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: RestrictRun |
Remove Map Network Drive and Disconnect Network Drive
| Description | When this policy is enabled, users are prevented from using Windows Explorer and My Network Places to connect to other computers or to close existing connections. |
| Application action | When this policy is enabled, applications must not provide buttons, menu options, icons, or any other visual representation that enables a user to map or disconnect network drives. |
| Registry information | Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoNetConnectDisconnect |
No Entire Network in My Network Places
| Description | When enabled, this policy removes all computers outside of the user's workgroup or local domain from lists of network resources in Windows Explorer and My Network Places. |
| Application action | When this policy is enabled, applications that allow users to browse network resources must limit browsing functionality to local workgroup or domain. |
| Registry information | Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
Value: NoEntireNetwork |
Do not keep history of recently open documents
| Description | When this policy is enabled, the system does not save shortcuts to most recently used (MRU) documents in the Start menu. |
| Application action | When this policy is enabled, applications must not keep any MRU lists (for example, in common dialog boxes). |
| Registry information | Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoRecentDocsMenu |
Disable or remove the shut down command
| Description | This policy prevents the user from using the Windows user interface to shut down the system. |
| Application action | When this policy is enabled, applications that enable the user to shut down Windows must disable this capability. |
| Registry information | Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoClose |
Hide places bar
| Description | The places bar allows users to navigate directly to the following locations: History folder, Desktop, My Documents, My Computer, and My Network Places. When this policy is enabled, Windows 2000 removes the places bar from the common dialog box. |
| Application action | When this policy is set, applications that provide their own file or open dialog boxes must remove any equivalent functionality to the places bar. Applications that use the common dialog box library will automatically comply with this policy. |
| Registry Information | Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Value: NoPlacesBar |
Hide Back button
| Description | When this policy is enabled, Windows 2000 removes the Back button from the common dialog box, preventing the user from browsing to the previous folder accessed from the dialog box. |
| Application action | When this policy is set, applications that provide their own file and open dialog boxes must remove any Back button functionality from these dialog boxes. Applications that use the common dialog box library will automatically comply with this policy. |
| Registry information | Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Value: NoBackButton |
Remove MRU list
| Description | When this policy is enabled, Windows 2000 removes the MRU list from the common dialog boxes. |
| Application action | When this policy is set, applications that provide their own file or open dialog boxes must not display an MRU list in these dialog boxes. Applications that use the common dialog box library will automatically comply with this policy. |
| Registry Information | Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Value: NoFileMru |
Additional system-level policies exist and it is recommended that your application honor these as well. For example:
Registry settings for system-level policies can be found in the System.adm file. We recommend that developers review the System.adm file to ensure their applications respect any additional policies that the administrator may set.