Samba 3 and Windows Vista Clients
- Overview of Windows Vista's Changes
- Working with User Profiles & Folder Redirection
- Working Around the Lack of System Policies
- Making Vista not Suck (as a Workstation)
- An Example Samba-Vista Deployment
Various System Restrictions
The following sections will show you how you can bypass or change various features within Windows Vista by applying policies or writing certain registry keys. These settings are listed as:
Group Policy - Location within the Local Group Policy Editor where you will find the appropriate Setting. I include both the User and Computer Policies when available.
Computer Registry Key - This is the HKLM registry value that will set the specified policy/preference. This will apply the policy/preference to all the Users logging into the workstation.
User Registry Key - This is the HKCU registry value that will set the specified Policy/Preference. This will only be set for the current User, making this key pretty much worthless. These are only listed if I could not find an appropriate HKLM key.
Non-Admin User Editable Registry Key - This registry key can be written by any user regardless if they are an Administrator or not. These preferences are best used within a Logon Script of some kind.
Remove Internet Explorer Icon from Desktop
Local Group Policy User Conf - Admin Templates - Desktop - Hide Internet Explorer Icon on Desktop Local Machine RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoInternetIcon - 1 (REG_SZ)
Remove Computer Icon from Desktop
Local Group Policy
User Conf - Admin Templates - Desktop - Remove Computer Icon on Desktop
User Registry Key
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NonEnum - {20D04FE0-3AEA-1069-A2D8-08002B30309D}
Remove Network Locations Icon from Desktop
Local Group Policy User Conf - Admin Templates - Desktop - Hide Network Locations Icon on Desktop User Registry Key Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoNetHood - 1
Remove the Manage Option from the Computer
Local Group Policy User Conf - Admin Templates - Windows Explorer - Hide the Manage iten on the Explorer Context Menu Local Machine RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoManageMyComputerVerb - 1 (REG_SZ)
Prevent Access to the Command Prompt - Policy not available to set using Local Computer Registry
Local Group Policy User - System - Prevent access to the command prompt User Registry Key Software\Policies\Microsoft\Windows\System - DisableCMD - 1 (REG_DWORD)
Prevent Access to Registry Editing Tools
Local Group Policy User - System - Prevent access to registry editing tools User Registry Key Software\Microsoft\Windows\CurrentVersion\Policies\System - DisableRegistryTools - 1
Disable the Ability to Change the Password - Policy not available to set using Local Computer Registry
Local Group Policy User - System - Ctl+Alt+Del Options - Remove Change Password User Registry Key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System - DisableChangePassword - 1 (DWORD)
Disable the Ability to Lock the Computer - Policy not available to set using Local Computer Registry
Local Group Policy User - System - Ctl+Alt+Del Options - Remove Lock Computer User Registry Key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System - DisableLockWorkstation - 1 (DWORD)
Disable the Task Manager - Policy not available to set using Local Computer Registry
Local Group Policy User - System - Ctl+Alt+Del Options - Remove Task Manager User Registry Key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System - DisableTaskMgr - 1 (REG_SZ)
Only Allow Read Access to Removable Drives
Local Group Policy
User and CPU - System - Removable Storage Access - Removable Disks: Deny Write Access
User Registry Key
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} - Deny_Write - 1 (DWORD)
Disable Error Reporting
Local Group Policy User and CPU - Windows Components - Windows Error Reporting - Disable Windows Error Reporting User Registry Key oftware\Policies\Microsoft\Windows\Windows Error Reporting - Disabled - 1 (DWORD)
Disable Web Publishing and Online Ordering
Local Group Policy User and CPU - Internet Communication Settings - Turn off Internet download for Web publishing and Online Ordering Wizards User Registry Key Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoWebServices - 1
Disable Order Prints Picture Task
Local Group Policy User and CPU - Internet Communication Settings - Turn off the "Order Prints" picture task User Registry Key Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoOnlinePrintsWizard - 1
Disable Adding Printers
Local Group Policy User - Control Panel - Printers - Prevent addition of Printers Local Computer RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoAddPrinter - 1 (REG_SZ)
Disable Deletion of Printers
Local Group Policy User - Control Panel - Printers - Prevent deletion of Printers User Registry Key Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoDeletePrinter - 1
Disable the Screen Saver - Policy not available to set using Local Computer Registry
Local Group Policy User - Control Panel - Display - Screen Saver User Registry Key HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop - ScreenSaveActive - 0 Non-Admin User Editable Key HKCU\Control Panel\Desktop - ScreenSaveActive - 0 (REG_SZ)
Set Specific Screen Saver - Policy not available to set using Local Computer Registry
Local Group Policy User - Control Panel - Display - Screen Saver executable name User Registry Key HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop - SCRNSAVE.EXE - C:\Windows\system32\logon.scr (REG_SZ) Non-Admin User Editable Key HKCU\Control Panel\Desktop - SCRNSAVE.EXE - C:\Windows\system32\logon.scr (REG_SZ)
Set Specific Screen Saver Timeout - Policy not available to set using Local Computer Registry
Local Group Policy User - Control Panel - Display - Screen Saver timeout User Registry Key HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop - ScreenSaveTimeOut - 600 (REG_SZ) Non-Admin User Editable Key HKCU\Control Panel\Desktop - ScreenSaveTimeOut - 600 (REG_SZ)
Set Enabling of Screen Saver Password - Policy not available to set using Local Computer Registry
Local Group Policy User - Control Panel - Display - Password Protect the Screen Saver User Registry Key HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop - ScreenSaverIsSecure - 0 (REG_SZ) Non-Admin User Editable Key HKCU\Control Panel\Desktop - ScreenSaverIsSecure - 0 (REG_SZ)
Internet Explorer User Restrictions
Disable Favorites
Local Group Policy User - Windows Components - Internet Explorer - Browser Menus - Hide Favorites Menu Local Computer RegKey HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions - NoFavorites - 1 (REG_SZ)
Disable Downloading Files
Local Group Policy User - Windows Components - Internet Explorer - Browser Menus - Disable Save this program to disk option Local Computer RegKey HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions - NoSelectDownloadDir - 1 (REG_SZ)
Disable Internet Options
Local Group Policy User - Windows Components - Internet Explorer - Browser Menus - Tools Menu: Disable Internet Options... Local Computer RegKey HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions - NoBrowserOptions - 1 (REG_SZ)
Disable File Open Option
Local Group Policy User - Windows Components - Internet Explorer - Browser Menus - File Menu: Disable Open menu option Local Computer RegKey HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions - NoFileOpen - 1 (REG_SZ)
Disable Right-Click Context Menu
Local Group Policy User - Windows Components - Internet Explorer - Browser Menus - Disable Context Menu Local Computer RegKey HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions - NoBrowserContextMenu - 1 (REG_SZ)
Disable View Fullscreen Option
Local Group Policy User - Windows Components - Internet Explorer - Browser Menus - View Menu: Disable Full Screen Menu Option Local Computer RegKey HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions - NoTheaterMode - 1 (REG_SZ)
Windows Explorer & Start Menu Restrictions
Only Show Icons instead of Thumbnails
Local Group Policy User - Windows Components - Windows Explorer - Turn off the dislay of thumbnails and only display icons Local Computer RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - DisableThumbnails - 1 (DWORD)
Only Show Icons instead of Thumbnails on Network folders
Local Group Policy User - Windows Components - Windows Explorer - Turn off the dislay of thumbnails and only display icons on network folders Local Computer RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - DisableThumbnailsOnNetworkFolders - 1 (DWORD)
Remove map/remove Network Dirve
Local Group Policy User - Windows Explorer - Remove "Map Network Drive" and "Disconnect Network Drive" Local Computer RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoNetConnectDisconnect - 1 (REG_SZ)
Lock the Taskbar
Local Group Policy User - Start Menu & Taskbar - Lock the Taskbar Local Computer RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - LockTaskbar - 1 (REG_SZ)
Remove Run from Start Menu
Local Group Policy User - Start Menu & Taskbar - Remove Run menu from Start Menu Local Computer RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoRun - 1 (DWORD)
Remove Windows Update from Start Menu
Local Group Policy User - Start Menu & Taskbar - Remove links and access to Windows Update Local Computer RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoWindowsUpdate - 1 (DWORD)
Hide the Notification Area (System Tray)
Local Group Policy User - Start Menu & Taskbar - Hide the notification area Local Computer RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoTrayItemsDisplay - 1 (REG_SZ)
Restrict Access to Windows Components
Disable Windows Backup
Local Group Policy User and CPU - Windows Components - Backup - Client - Prevent the User from running the Backup Status and Configuration Program User Registry Key Software\Policies\Microsoft\Windows\Backup\Client - DisableBackupLauncher - 1
Disable the Windows Calender - Policy not available to set using Local Computer Registry
Local Group Policy User and CPU - Windows Components - Windows Calendar - Turn off Windows Calendar User Registry Key Software\Policies\Microsoft\Windows - TurnOffWinCal - 1
Disable the Digital Locker
Local Group Policy User and CPU - Windows Components - Digital Locker - Do not allow Digital Locker to run User Registry Key Software\Policies\Microsoft\Windows\Digital Locker - DoNotRunDigitalLocker - 1
Disable the Windows Connect Now wizards
Local Group Policy User and CPU - Network - Windows Connect Now - Prohibit Access of the Windows Connect Now Wizards User Registry Key Software\Policies\Microsoft\Windows\WCN\UI - DisableWcnUi - 1
Disable the Windows Connect a Network Projector
Local Group Policy User and CPU - Windows Components - Network Projector - Turn off Connect to a Network Projector Local Computer RegKey HKLM\Software\Policies\Microsoft\NetworkProjector - DisableNetworkProjector - 1 (REG_SZ)
Disable Windows Mail
Local Group Policy User and CPU - Windows Components - Windows Mail - Turn off Windows Mail Application Local Computer RegKey HKLM\Software\Policies\Microsoft\Windows Mail - ManualLaunchAllowed - 0 (REG_SZ)
Disable the Windows Movie Maker - Policy not available to set using Local Computer Registry
Local Group Policy User and CPU - Windows Components - Windows Movie Maker - Do not allow Windows Movie Maker to run User Registry Key Software\Policies\Microsoft\WindowsMovieMaker - MovieMaker - 0
Disable the Windows Presentation Settings
Local Group Policy User and CPU - Windows Components - Windows Presentation Settings - Turn Off Windows Presentation Settings User Registry Key Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings - NoPresentationSettings - 1
Disable the Windows Slideshow - Policy not available to set using Local Computer Registry
User Registry Key Software\Policies\Microsoft\Windows\SlideShow - Disabled - 1
Disable the Windows SoundRecorder
Local Group Policy User and CPU - Windows Components - Sound Recorder - Do not allow Sound Recorder to Run Local Machine RegKey HKLM\Software\Policies\Microsoft\SoundRecorder - Soundrec - 1 (DWORD)
Windows Messenger - Prevent it from Running - Policy not available to set using Local Computer Registry
Local Group Policy User and CPU - Windows Components - Windows Messenger - Do not allow Sound Windows Messenger to Run User Registry Key HKCU\Software\Policies\Microsoft\Messenger\Client - PreventRun - 1 (DWORD)
Windows Messenger - Prevent it from AutoStarting upon Logon
Local Group Policy User and CPU - Windows Components - Windows Messenger - Do not automatically start Windows Messenger initially User Registry Key HKCU\Software\Policies\Microsoft\Messenger\Client - PreventAutoRun - 1 (DWORD)
