Visual Basic programming

A

Thread Starter

Alok Khatlawala

Can I enable and disable Windows Task bar, Ctrl+Alt+Esc, Ctrl+Esc, Alt+Esc by
using Windows API in Visual basic?
How do I do it?.
I tried to implement shutdown and restart of Windows NT from Visual basic with
success, but was not able to get information for the above.
Request your help.
 
T

Theo Baarslag

In knowledgebase article Q143164 Microsoft explains how you can replace the
shell (normally explorer.exe) with another program. We use this to prevent
FactoryLink users from accessing the Windows NT environment, so we replaced the
shell with the flrun.bat batch file. Result: the start menu and everything is
gone! Now if you do wish to open an explorer, or the event viewer, you need to
press CTRL-ALT-DEL, and then go to the task manager, and start a new task from
there.

Hope this helps.
KR,

Theo Baarslag
PLC-/CIMspecialist
IAMS Europe bv
Coevorden, The Netherlands

Contents of the article as I know it:
How to Protect Windows NT Desktops in Public Areas

Last reviewed: May 1, 1997
Article ID: Q143164
The information in this article applies to:

Microsoft Windows NT Server version 4.0
Microsoft Windows NT Workstation version 4.0

SUMMARY

In certain environments it necessary to prevent workstation users from harming
the system. For
example, you may want to limit the number of applications a user can use.

This article shows you how to protect a workstation intended for use with Internet Explorer 3.0.
Most of the procedures in this article also apply to other applications.

MORE INFORMATION

To protect a workstation that will be used with Internet Explorer:

WARNING: Using the Registry Editor incorrectly can cause serious, system- wide
problems that
may require you to reinstall Windows NT to correct them. Microsoft cannot
guarantee that any
problems resulting from the use of the Registry Editor can be solved. Use this
tool at your own risk.

1.It is the best that the user works with the guest account. You
should not allow password changes for this account. Don't allow
local shutdown (User Manager: Policies/User Rights). It is also
required that all local drives are formatted in NTFS. Steps 7 and
8 also require the workstations to be member of a domain.
2.Replace Explorer.exe as a shell with Internet Explorer
(HKLM\SOFTWARE\Windows NT\CurrentVersion\Winlogon :
Shell). Be sure to place the full path to Iexplore.exe in this
entry. For other applications, place the main executable file or a
launcher application here.

3.Change the permissions for
%Systemroot%\System32\Taskmgr.exe so the guest account
does not have any privileges for this file (no access). This
prevents the user from running Task Manager off the security
dialog.

4.Rename the administrative account and specify a password so
users have a hard time hacking it.

5.Use AutoAdminLogon so only experienced users know how to
specify a different name for logon (hold shift while logging off).
Even if they manage to get to the logon dialog box, they still have to know about an account.

6.Disable ShutdownWithoutLogon. It's also located in the
Winlogon key mentioned above.

7.Create a Default System Policy that only allows Iexplore.exe to
run and place it on the NETLOGON share of all DCs. It's in
Default User Properties, System\Restrictions\Run only allowed
Windows applications. Instead of Iexplore.exe, you can also
specify the application(s) of your choice. The main executable
file or launcher application does not need to be part of this set.

8.Enable all policy restrictions in Shell\Restrictions so the user only
sees the computer and files to be saved end up in the
%Systemroot%\Profiles\<user>\desktop directory.

9.You can also restrict access to
%Systemroot%\Profiles\<user>\desktop so the user only can read files from there. This is the only folder the user will be able
to see if you checked all items in step 8.

With Internet Explorer 3.0 you can prevent the user from seeing the
Address Toolbar and thus prevent the user from manually entering
URLs:

1.You remove the address toolbar in Internet Explorer
("View\Opition", "General" tab, bottom half of dialog box).

2.Start Registry Editor (Regedt32.exe). In the
HKEY_CURRENT_USER window, open the key

Software\Microsoft\Internet Explorer\Toolbar

3.With the focus on Toolbar, select the menu item
Security\Permissions. Make sure that the guest account is only
allowed to read the key.


When you open the dialog box in Internet Explorer, you will be shown the wrong settings but changes will not take effect. It may be possible to do similar things with other registry keys of Internet Explorer, but only the key mentioned in Step 2 above was tested for this article.
 
Top