If you want to restrict the applications that users can access and run in Windows XP from the Start menu, the desktop, and the Control Panel, you can make a few simple modifications to the registry. For example, you can remove common programs, you can remove the All Programs menu, and you can remove the Run command.
To get started, launch the Registry Editor by typing Regedit in the Run dialog box and clicking OK. Then, once the Registry Editor launches, open the following keys in succession:
Adding DWORD values
To add a new DWORD value to the Explorer key, pull down the Edit menu and select the New | DWORD Value command. When you see the New Value appear in the Explorer key, you can identify it using the names described in the next section Once you name a value, press [Enter] twice—once to activate the new name and once to open the Edit DWORD dialog box. You can then add the appropriate setting in Value Data text box. Let’s take a closer look:
Remove common programs
In the default configuration, the Programs menu contains items from the All Users profile as well as items from the user's profile. If you want to remove those items that appear in the All Users profile and leave only those items that appear in the user's profile, you can add a DWORD value named NoCommonGroups and set the Value Data to 1, as shown in Figure A.
|The NoCommonGroups setting removes items from a users Start menu that are contained in the All Users profile.|
Remove the All Programs menu
If you want to prevent users from running any programs besides those that you’ve configured to run at startup, you can remove the All Program menu from the Start menu. To do so, you add a DWORD value named NoStartMenuMorePrograms and set the Value Data to 1, as shown in Figure B.
|You can remove the All Program menu from the Start menu by adding the NoStartMenuMorePrograms setting to the registry.|
Remove the Run command
If users know the name of an executable file, they can run the program manually by using the Run command. However, you can remove the Run command from the Start menu and thus further restrict users from running applications. To do so, you add a DWORD value named NoRun and set the Value Data to 1, as shown in Figure C.
|To prevent users from manually launching applications, you can remove the Run command from the Start menu.|
Remove the Control Panel
If you’d rather not have users run applications in the Control Panel and change Windows XP configuration settings, you can remove it from the Start menu. To do so, you add a DWORD value named NoControlPanel and set the Value Data to 1, as shown in Figure D.
|The NoControlPanel setting prevents users from accessing the Control Panel.|
Hide items on the desktop
Since applications can be run from shortcuts stored on the desktop, you may want to lock down the desktop. To do so, you add a DWORD value named NoDesktop and set the Value Data to 1, as shown in Figure E.
|When you enable the NoDesktop setting, users are unable to create shortcuts to applications on the desktop.|