Announcement

Collapse
No announcement yet.

Software restrictions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Software restrictions

    Hi all,
    Basic history of myself.. I am new to AD and taking over equipment and AD setup done by someone else who left the workplace with no instructions.. So I do apologize if I sound dumb.. What I am trying to do is disable the access of regedit.exe and to prevent students from changing the background or screen resolutions.

    The systems that students use are on Windows XP and have no Administrator access. But yet they can still run regedit.exe and change the color of the background and change the wallpaper.

    Now I have went through gpedit and found out you can disable the use of regedit from there but I have about 100 computers to do. I was wondering if it was possible to set it through their NT account? Same thing with screen resolution or backgrounds?

    I would appreciate any help or guidance. Thanks.

  • #2
    Re: Software restrictions

    Are these computers members of an AD domain? If so, you can accomplish this through the domain Group Policies.

    Comment


    • #3
      Re: Software restrictions

      Yep all the computers are on the same domain controller.. Do you know which policy is for preventing changing the screen settings? I looked but I think I am skipping it ..

      Comment


      • #4
        Re: Software restrictions

        For restricting the display go to:

        User Configuration>Administrative Templates>Control Panel>Display

        For restricting access to regedit go to:

        User Configuration>Administrative Templates>System

        Comment


        • #5
          Re: Software restrictions

          Background works.. thanks

          Now i did the same thing with registry and it worked.. But when I went back and reset the settings to default and waited for like 5 minutes, I still could not run regedit.exe. I had to take it off the domain and join it back to fix it.. Other computers cannot run regedit.exe .. Any ideas .. Thanks
          Last edited by noob; 2nd October 2009, 21:42.

          Comment


          • #6
            Re: Software restrictions

            You need to refresh the GPO on the client after you make changes.

            For user settings you can log off and back on to the computer or run "gpupdate /force" from a command prompt.

            For computer settings you can restart the computer or run "gpupdate /force" from a command prompt.

            Comment


            • #7
              Re: Software restrictions

              Thanks for the help. Apparently it was working, a friend of mine played a practical joke on me so...

              Comment


              • #8
                Re: Software restrictions

                ok.. how do you disable them from arranging icons? looked at gpedit.msc

                Comment


                • #9
                  Re: Software restrictions

                  Originally posted by noob View Post
                  ok.. how do you disable them from arranging icons? looked at gpedit.msc
                  Might be a predefined option but this is the way we've done it.

                  Create a Computer GPO, apply to the computers you want to enable auto arrange.

                  add the following to the Policy->Windows Settings->Security Settings ->Regsitery
                  [HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell \Bags\1\Desktop]
                  "FFlags"=dword:00000225

                  In the GPO use .default under USER

                  Comment


                  • #10
                    Re: Software restrictions

                    I changed the registry setting to 221 from 224 and once I log off and log back on it sets itself back too 224.. Thanks for your help

                    Comment

                    Working...
                    X