Security and user permission settings in the Registry

I. Restriction Control Panel

1. open the primary key [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrenVersion \ Policies \ System] in the registry. "User Name" indicates that a multi-user System is created, the name of the corresponding user. If no user is created, it is ". if the following DWORD Values exist, the corresponding control panel items of the user are disabled:
"NoDispAppearancePage" = 1 (disable the "monitor" attribute)
"NoDispBackgroundPage" = 1 hide the "background" page in the "display" attribute)
"NoDispCPL" = 1 hide the "Screen Saver" page in the "monitor" attribute)
"NoDispScrSavPage" = 1 hide the "appearance" page in the "display" attribute)
2. if the following DWORD Values exist in [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Network], the corresponding control panel items of this user are restricted:
"NoNetSetup" = 1 disable the "network" attribute)
"NoNetSetupIDPage" = 1 hide the "identifier" page in the "network" attribute)
"NoNetSetupSecurityPage" = 1 hide the "access control" page in the "network" attribute)
3. if the following DWORD Values exist under [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System], the corresponding control panel items of this user are restricted:
"NoSecCPL" = 1 disable the "password" attribute)
"NoPwdPage" = 1 hide the "Change Password" page in the "password" attribute)
"NoAdminPage" = 1 hide the "Remote Management" Page)
"NoProfilePage" = 1 hide the "user configuration file" page in the "System" attribute)
"NoDevMgrPage" = 1 hide the "device management" page in the "System" attribute)
"NoConfigPage" = 1 hide the "hardware configuration file" page in the "System" attribute)
"NoFileSysPage" = 1 hide the "File System" button on the "system" attribute "performance" page)
"Notesmempage" = 1 hide the "Virtual Memory" button on the "system" attribute "performance" page)
Ii. Restricted Start Menu
If the DWORD Value "NoRun" = 1 is found in [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, the "run" command in the user's Start Menu is disabled;
If the DWORD Value "NoSetFolders" = 1, the "set \ Folder Options" command in the user's Start Menu is disabled;
If DWORD "NoSetTaskbar" = 1, the "set \ taskbar and Start Menu" command in the user's Start Menu is disabled;
If the DWORD Value "NoFind" = 1, the "Search" command in the user's Start Menu is hidden;
If the DWORD Value "NoStartMenuSubFolders" = 1, the subfolders in the user "start" menu are hidden;
If the DWORD value is "NoClose" = 1, the "close system" command in the user's Start Menu is disabled;
If the DWORD value is NoLogOff = 1, the "logout" command in the user's Start Menu is hidden.
3. Network and user settings

1. if the DWORD Value "NoDrives" = 1 in [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, all the drives in the user "my computer" are hidden;
If the DWORD Value "NoNetHooD" = 1, the user's "Network Neighbor" is hidden;
If the DWORD Value "NoEntioeNetwork" = 1, the "entire network" of the user's "Network neighbors" is hidden;
If the value of the string "NoWorkgroupContents" = 1, the Working Group directory of the user's "Network Neighbor" is hidden;
If the DWORD value is "NoDesktop" = 1, all program groups on the user's desktop are hidden, that is, there is no desktop );
If the DWORD Value "NoSaveSettings" = 1, the settings made by the user when the user exits the system are not saved.
2. Dial-Up Network and sharing settings: In [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft
If the following DWORD value is set under \ Windows \ CurrentVersion \ Policies \ Network, the corresponding limit is valid:
"NoDialIn" = 1 do not dial in)
"NoFileSharing" = 1 disable file sharing)
3. Only list of Windows programs allowed:
If the primary key "RestrictRun" is available under [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer ", the string value indicates the list of Windows programs that the user can only run.
Iv. password settings
If the following DWORD value is set under [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Network], the corresponding setting is valid:
"HideSharePwds" = 1 use an asterisk *) Hide the shared password)
"DisablePwdCaching" = 1 Disable password caching. Note! Please use this setting with caution. In this case, the "password" attribute in the control panel cannot change the password. The user can log on with any password or without a password .)
"AlphanumPwds" = 1 so that the Windows Password Must be numbers and letters)
"MinPwdLen" = n sets the minimum length of the Windows Password. n is greater than or equal to 0 and less than or equal to 8)
5. Disable "MSDOS" and MSDOS applications in a single mode

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System] If a primary key "WinOldApp" has a DWORD Value "Disabled" = 1, the user's "MSDOS" method is disabled. If the value of "NoRealMode" is 1 in "WinOldApp", the user's single-mode MSDOS application is disabled.
6. self-starting programs
The string value under [HKEY_LOCAL_MACHINE \ SOFTWARE \ Mic rosoft \ Windows \ CurrentVersion \ Run] indicates a program self-started through the registry;
The string value under [HKEY_LOCAL_MACHINE \ SOFTWARE \ Mic rosoft \ Windows \ CurrentVersion \ RunOnce] indicates that the program is started only once;
The string value under [HKEY_LOCAL_MACHINE \ SOFTWARE \ Mic rosoft \ Windows \ CurrentVersion \ RunServices] indicates a service program that is self-started through the registry;
The string value under [HKEY_LOCAL_MACHINE \ SOFTWARE \ Mic rosoft \ Windows \ CurrentVersion \ RunServicesOnce] indicates that the service program is started only once.
From this, we can see all the preceding DWORD values. If the value is "1", this value is valid. If the value is "0", this value is invalid; by changing the DWORD value or deleting the DWORD, we can easily make the corresponding restriction valid or invalid.