article

Windows Security Documentation

Email
Submitted on: 1/1/2015 9:33:00 AM
By: John M. Hall (from psc cd)  
Level: Intermediate
User Rating: By 13 Users
Compatibility: Delphi 5, Delphi 4, Pre Delphi 4
Views: 1801
 
     This document provides information about the Windows security system and what restrictions you can use to limit its functionality.

 
				

Windows Security Documentation
Written by John Hall


Documentation Notes

  • Improvements - Originally, I released this documentation in a format that was a little odd/wild, so, as requested, I've cleaned it up and added more notes about using it. Hopefully this new organization and these notes will help you better understand how to use this information and its limitations. I, however, have not added any additional information to this documentation because of the limited amount of security information that is redily available for the newer operating systems.
  • Known Limitations - This information does have some limitations of use. Those are mentioned below:
    • Operating Systems - This information will most likely not work with Microsoft Windows XP or Millennium Edition. It's not been tested, so I don't recommend trying it. It's known that a lot of this doesn't work with Microsoft Windows NT 4.0 and below, so I also don't recommend its application there. If you do decide to try to use it, remember, I'm not responsible for your actions and you are doing this on your own accord.
    • Setting Overrides - Some settings, none that are noted, have been known to override other settings on certain operating systems. This is most likely because Microsoft didn't spend the required amount of time making the Windows 98 security system(probably the most vulnerable to this problem) a high-performance or very reliable work. If you find that some of these settings have "holes" or something and it bothers you, I suggest you switch to a more securified operating system in the Windows class, such as Microsoft Windows 2000 Professional or greater.
  • Special Information - I've reviewed the comments that were posted on the original copy of this documentation and this section is here to answer some of the questions that I noticed.
    • Disabling these Settings - To disable any of the settings that are shown in this documentation, simply reverse your process. Just delete anything that you added to lock or disable a feature or you can make the value the inverse. If it's a DWORD value, make it "00000000" instead of "00000001", or a string value "yes" instead of "no" or vice versa.
    • Blocking Internet Applications - To disable an application's internet access, I suggest you download any free firewall available. A firewall will monitor what information is sent and recieved to your computer through any network connection and filter it according to rules. The most popular, free firewall that is available is ZoneAlarm, by ZoneLabs, Inc. It's actually the most secure when it comes to application internet access prevention.
    • Reversing Application Lock - As far as I know, there's not a way to reverse the application locking method. You might want to experiment with it by making a seperate user account on your computer and applying the settings to that user only. Basically, that's what I did throughout the period that I wrote this documentation and it doesn't harm any of your stuff and it helps you uncover the truth. Don't afraid to be creative with this information, just remember my disclaimer about it from above.


Windows System Security Settings
All the information that is included in this section affects the main Windows system. These alter actual system functions and/or settings that it uses to display certain items.

  • Disable Wallpaper Change
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable All Active Desktop Changes
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable All Desktop Icons
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Active Desktop
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable HTML Wallpaper
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Closing Active Desktop Components
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoClosingComponents
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Deleting Active Desktop Components
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoDeletingComponents
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Editing Active Desktop Components
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoEditingComponents
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Adding Active Desktop Components
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoAddingComponents
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Desktop Internet Icon
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Desktop Network Neighborhood Icon
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Disk Drive Autorun
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrvieTypeAutoRun
    • Data Type
      DWORD (set value of 0xb5000000)

  • Disable Environment Appearance Properties Access
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDispAppearancePage
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Desktop Background Properties Access
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDispBackgroundPage
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Display Icon from Control Panel
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDispCPL
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Screen Saver Properties Access
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDispScrSavPage
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable All But Selected Applications from Running
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
    • Data Type
      DWORD (set value of 0x00000001)
    • Special Notes - For this setting to work, you will need to make a list of programs that you want to allow to run. You can do this by creating a Key inside the Explorer Key and calling it RestrictRun and adding string values as demonstrated below:
      • String Value
        Name "1"
        Value "mspaint.exe"
        This will allow any program named mspaint.exe to run on the system
      • String Value
        Name "2"
        Value "iexplore.exe"
        This will allow any program named iexplore.exe to run on the system

  • Disable Start Menu Shut Down Command
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoClose
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Start Menu Log Off Command
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoLogoff
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Start Menu Find Command
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoFind
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Start Menu Documents Menu
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoRecentDocsMenu
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Start Menu Favorites Menu
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoFavoritesMenu
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Settings Menu Folder Options
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoFolderOptions
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Desktop Update
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoDesktopUpdate
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Settings Menu Active Desktop Settings
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoSetActiveDesktop
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Settings Menu Folder Settings
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoSetFolders
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Settings Menu Taskbar Settings
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoSetTaskbar
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Saving Changed Settings
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoSaveSettings
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Right-Click on the Taskbar
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoTrayContextMenu
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Right-Click on the Desktop
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NoViewContextMenu
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Microsoft Office Tune Up
    This only applies to Microsoft Office 2000
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\Office\9.0\Common\TuneUp\Disabled
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable AutoComplete in Explorer
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Use
    • Data Type
      String (set value of "no")


Internet Explorer System Settings
All the information that is included in this section affects the operation of Internet Explorer. Please note that these only affect Internet Explorer's operation and will not work with any other browsers that may be installed on your computer.

  • Disable Closing Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoBrowserClose
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Right-Click in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Options in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Saving Pages in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoBrowserSaveAs
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Favorites in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoFavorites
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable File Menu New Object in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoFileNew
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable File Menu Open Object in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoFileOpen
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Finding Files in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoFindFiles
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Opening Files in New Window from Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoOpenInNewWnd
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Selectable Download Directory in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoSelectDownloadDir
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Viewing in Theater Mode in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoTheaterMode
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Viewing Source in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Restrictions\NoViewSource
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Adding Channels in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingChannels
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Adding Subscriptions in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubscriptions
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Removing Channels in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoRemovingChannels
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Removing Subscriptions in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoRemovingSubscriptions
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Search Customization in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoSearchCustomization
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Running the Connection Wizard
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Control Panel\Restrictions\Connwiz Admin Lock
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Importing or Exporting Favorites in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DisableImportExportFavorites
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Using the Microsoft Script Debugger in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger
    • Data Type
      String (set value of "yes")

  • Disable Using AutoComplete Forms in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use FormSuggest
    • Data Type
      String (set value of "no")

  • Disable Using AutoComplete Passwords in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FormSuggest Passwords
    • Data Type
      String (set value of "no")

  • Disable Using Download Notification in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NotifyDownloadComplete
    • Data Type
      String (set value of "no")

  • Disable Error Notification in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Err Dlg Displayed On Every Error
    • Data Type
      String (set value of "no")

  • Disable Go Button in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\ShowGoButton
    • Data Type
      String (set value of "no")

  • Disable Using a Custom Search Page in Web Browser
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Custom Search URL
    • Data Type
      DWORD (set value of 0x00000000)

  • Disable Custom Title for Web Browser Windows
    • Location
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Window Title
    • Data Type
      String (set value of "custom title text")

  • Disable Installation of ISP Distribution Kit for Internet Explorer
    This only applies to Internet Explorer 5.0 and up
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Connection Wizard\CanInstallISPKit5
    • Data Type
      String (set value of "no")


Windows Media Player System Settings
All the information that is included in this section affects the operation of Windows Media Player and components. Please note that these only affect Windows Media Player's operation and will not work with any other players that may be installed on your computer.

  • Disable Finding New Stations in Media Player
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsMediaPlayer\NoFindNewStations
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Media Favorites from Media Player
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsMediaPlayer\NoMediaFavorites
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Radio Bar for Media Player
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsMediaPlayer\NoRadioBar
    • Data Type
      DWORD (set value of 0x00000001)

  • Disable Media Player Upgrade Message
    • Location
      HKEY_LOCAL_MACHINE\Software\Microsoft\MediaPlayer\PlayerUpgrade\AskMeAgain
    • Data Type
      String (set value of "no")

 


Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this article (in the Intermediate category)?
(The article with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)
 

Other User Comments


 There are no comments on this submission.
 

Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular article, please click here instead.)
 

To post feedback, first please login.