Is there a way in Policy Editor to disable the ALT-CRTL-DEL funtion to open Task Manager but still be able to open as administrator.
Besides PWB we are running Deepfreeze and must be able to have access to make occaisional adjustments.
Policy Editor and Task Manager.
Secure Attention Sequence (Ctrl-Alt-Del)
Start the Group Policy Editor by typing GPEDIT.MSC from "Run" in the Start Menu.
The following key needs to be modified.
User Configuration
...Administrative Templates
......System
.........Ctrl+Alt+Del Options
--Scott
The following key needs to be modified.
User Configuration
...Administrative Templates
......System
.........Ctrl+Alt+Del Options
--Scott
Last edited by Scott on Mon Jan 21, 2008 9:45 am, edited 1 time in total.
To disable the Windows Ctrl-Alt-Del dialog buttons, you can also edit the registry directly, please see below for details.
Run REGEDIT
Edit or add the following Registry DWORD keys, 1 to disable 0 to enable button.
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
...Software\Microsoft\Windows\CurrentVersion\Policies\System
......DisableLockWorkstation
......DisableChangePassword
......DisableTaskMgr
...Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
......NoLogff
......NoClose
--Scott
Run REGEDIT
Edit or add the following Registry DWORD keys, 1 to disable 0 to enable button.
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
...Software\Microsoft\Windows\CurrentVersion\Policies\System
......DisableLockWorkstation
......DisableChangePassword
......DisableTaskMgr
...Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
......NoLogff
......NoClose
--Scott
Last edited by Scott on Mon Jan 21, 2008 9:41 am, edited 1 time in total.
Securing with Group Policy, autologon, and SetPWB ???
I am often going back and forth on the best way to secure a PWB machine.
I have some XP machines with an administartive and a public user on my library domain. I create a ghostable imaga with Symantec Ghost and push it out to my machines. I then use SetPWB to force PWB to be the shell, autlologon to automatically log on my public user. Then just for good measure I activate DeepFreeze, so the machine reverts on reboots. It is still imperfect.
I am currently using SetPWB which makes PWB the shell. Works great, though I have a hard time for certain settings that require logging in as the enduser. I use autologon. I am finding I need to disable ctrl-alt-delete. I deally I would do this with a group policy on my W2k (soon to be 2003) Server. I tried to follow the group policy editing instructions on the server, but some keys weren't there. I don't seem to be able to find diable cntrl-alt-del as an option , do I have to configure the machines directly by enditing the policy on the machine? Am I better off with RegEdit.
I decided to post here because I wanted to get some opions. Every now and then I send Scott a note and when I look them over they say:
My life would be easier if you combined all your security tchotchkes into one application:
which I could run as administrator
saved the original registry setting from before they were run
which displayed both the current setttings
had a check box to turn them off and on.
e.g.
setpwb checkbox - system is initalized
setpwb checkbox - pwb is shell for user public
setpwb checkbox - explorer is shell for user Administrator
autlogon checkbox - autologon is set to logon user public.
The basis for this is of course what would benefit me. I don't know if it would benefit anyone else and it would just create work for Scott. I think it would be nice if these were just things that could be wrapped into PWB.
On the other hand there are apparently lots of other options, I've just been using the method outlined be out of date. The last time I mentioned some of my problems Scott suggested a Hide-Gui add on that I haven't had a chance to test.
I have some XP machines with an administartive and a public user on my library domain. I create a ghostable imaga with Symantec Ghost and push it out to my machines. I then use SetPWB to force PWB to be the shell, autlologon to automatically log on my public user. Then just for good measure I activate DeepFreeze, so the machine reverts on reboots. It is still imperfect.
I am currently using SetPWB which makes PWB the shell. Works great, though I have a hard time for certain settings that require logging in as the enduser. I use autologon. I am finding I need to disable ctrl-alt-delete. I deally I would do this with a group policy on my W2k (soon to be 2003) Server. I tried to follow the group policy editing instructions on the server, but some keys weren't there. I don't seem to be able to find diable cntrl-alt-del as an option , do I have to configure the machines directly by enditing the policy on the machine? Am I better off with RegEdit.
I decided to post here because I wanted to get some opions. Every now and then I send Scott a note and when I look them over they say:
My life would be easier if you combined all your security tchotchkes into one application:
which I could run as administrator
saved the original registry setting from before they were run
which displayed both the current setttings
had a check box to turn them off and on.
e.g.
setpwb checkbox - system is initalized
setpwb checkbox - pwb is shell for user public
setpwb checkbox - explorer is shell for user Administrator
autlogon checkbox - autologon is set to logon user public.
The basis for this is of course what would benefit me. I don't know if it would benefit anyone else and it would just create work for Scott. I think it would be nice if these were just things that could be wrapped into PWB.
On the other hand there are apparently lots of other options, I've just been using the method outlined be out of date. The last time I mentioned some of my problems Scott suggested a Hide-Gui add on that I haven't had a chance to test.