From: Roy Smith on 12 Jan 2010 22:15 On 1/12/2010 2:35 PM, David wrote: > Deep Freeze seems a good option. Thanks > > My office workstation has XP/PRO SP3. One difference between XP/PRO & > XP/HOME allows me to see the security tab when right-clicking on a > file & selecting Properties. > > I found an executable file c:\windows\system32\control.exe which > apparently runs the Control Panel. Upon checking the security tab, I > found SYSTEM & Admin accounts have full privileges. However USER > accounts have Read & Read/Execute. > > What would happen if I removed Read/Execute from Control.exe for user > accounts leaving only Read privilege? It seems at least that this > would prevent USERs from using Control panel. If I did this, would > there be any adverse consequences I have not thought of? > > How do I access the security tab on a XP/HOME machine? > > > > > On Tue, 12 Jan 2010 13:26:00 -0600, MICROSOFT <blah(a)blah.blah> wrote: > >> A program called Deep Freeze will reset everything back to what it used to >> be upon restart I believe. Another option is to use something like >> Sandboxie. Deep Freeze might be better though. Sandboxie is a little >> hard to grasp for some people. >> >>> I run a day care center. Part of my program provides PCs with >>> educational software for the children to use. The PCs are all XP/HOME >>> SP3. The accounts available to the kids are all user access accounts >>> with as few privleges as possible. Still, the more inventive kids >>> seem able to make undesireaable system changes. >>> >>> What I want to know is whether or not I can restrict access to the >>> Control Panel. I don't really care if the kids can see Control Panel. >>> What I want is to prevent any user without administrative privleges >>> from actually using the Control Panel. Is this possible? >>> To get the security tab on XP home you need to go into the Folders Options and clear the check mark on the line that says "Use simple file sharing". An alternative to Deep Freeze would be Steadystate from Microsoft available here: http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx -- Roy Smith Windows 7 Timestamp: Tuesday, January 12, 2010 9:15:24 PM
From: David on 13 Jan 2010 16:45 control.exe is an interesting executable. I could not change the permissions because the security tab is missing in XP/HOME. I will try the suggestions others have made. What I did try (reckless?) was to rename control.exe. This did not work either because as soon as I changed the name, Windows immediately created another copy of control.exe with the original date/time. - Amazing The sole point of trying to prevent access to Control Panel is to prevent users from adjusting the sound volume. I am beginning to wonder if this may be a fruitless exercise. I noticed this morning that the stupid keyboard has 3 extra buttons on it. Two for raising/lowering the volume & 1 for mute. The kids found the 3 buttons before I did. There may be only one sure fire way to keep the sound volume down. That is to physically remove the audio cable. I can't remove the speakers as they are integrated into the monitor. I will give Windows Steady State a try. I don't know if it will work, but it may. According to the description, it appears that Deep Freeze will not work. The goal is to keep the sound volume low during a user session, not just at reboot time. On Wed, 13 Jan 2010 00:06:07 -0000, "Tim Meddick" <timmeddick(a)gawab.com> wrote: > >[re]Setting the file permissions on control.exe may have negative and unforeseen >effects on the Window's Explorer shell and would not necessarily stop individual CPLs >(Control Panel Extensions) from being opened. > >This is because in the right-click menu in explorer for [.cpl] files, there are two >ways of opening ; one is "open with Control Panel" and yes, this would *not* work if >you modified the permissions, as you said. > >But the other item "Explore" uses the system command : > >rundll32.exe shell32.dll,Control_RunDLL "%1" > >...to open [.cpl] files and this *still* works (bypassing control.exe). > >So, if you did what you suggested - Control Panel would not show up in "My Computer" >and would not be accessible but may also cause Explorer to crash. > >And, anyway, if the user looked in the system32 folder and right-clicked on a [.cpl] >file it could still be opened by choosing "Explore". > >*([.cpl] files account for most of the items that show up in Control Panel) > >== > >Cheers, Tim Meddick, Peckham, London. :-) > > > > ><David> wrote in message news:9kmpk5hvs3outkf21k38414lv2q7rg3g65(a)4ax.com... >> Deep Freeze seems a good option. Thanks >> >> My office workstation has XP/PRO SP3. One difference between XP/PRO & >> XP/HOME allows me to see the security tab when right-clicking on a >> file & selecting Properties. >> >> I found an executable file c:\windows\system32\control.exe which >> apparently runs the Control Panel. Upon checking the security tab, I >> found SYSTEM & Admin accounts have full privileges. However USER >> accounts have Read & Read/Execute. >> >> What would happen if I removed Read/Execute from Control.exe for user >> accounts leaving only Read privilege? It seems at least that this >> would prevent USERs from using Control panel. If I did this, would >> there be any adverse consequences I have not thought of? >> >> How do I access the security tab on a XP/HOME machine? >> >> >> >> >> On Tue, 12 Jan 2010 13:26:00 -0600, MICROSOFT <blah(a)blah.blah> wrote: >> >>>A program called Deep Freeze will reset everything back to what it used to >>>be upon restart I believe. Another option is to use something like >>>Sandboxie. Deep Freeze might be better though. Sandboxie is a little >>>hard to grasp for some people. >>> >>>> I run a day care center. Part of my program provides PCs with >>>> educational software for the children to use. The PCs are all XP/HOME >>>> SP3. The accounts available to the kids are all user access accounts >>>> with as few privleges as possible. Still, the more inventive kids >>>> seem able to make undesireaable system changes. >>>> >>>> What I want to know is whether or not I can restrict access to the >>>> Control Panel. I don't really care if the kids can see Control Panel. >>>> What I want is to prevent any user without administrative privleges >>>> from actually using the Control Panel. Is this possible? >>>>
From: Twayne on 13 Jan 2010 17:25 In news:64gok51cm2h1q44f0p6lm4ggon6g0qf8g6(a)4ax.com, David <David> typed: > I run a day care center. Part of my program provides PCs with > educational software for the children to use. The PCs are all XP/HOME > SP3. The accounts available to the kids are all user access accounts > with as few privleges as possible. Still, the more inventive kids > seem able to make undesireaable system changes. > > What I want to know is whether or not I can restrict access to the > Control Panel. I don't really care if the kids can see Control Panel. > What I want is to prevent any user without administrative privleges > from actually using the Control Panel. Is this possible? IMO you've had a couple of good programs recommended so far. How about the physical speaker volume controls; are they accessible to the kids? Turn them down so when they max out the PC volume it only rises to a certain level that can be lived with. I liked steadystate the time I tried it. HTH, Twayne
From: David on 14 Jan 2010 05:18 I guess time a big issue is my time. I have been hoping for the simplest possible solution. It appears that may not be possible. The speakers are integrated into the monitor. There are no physical speaker controls. Deep Freeze was suggested, but will not work as it only resets the settings upon a reboot. I found out to my surprise that there were volume controls on the key board which the kids found before I did. You apparently have experence with Steady State. If I install it, will it stop volume changes from the volume keys on the keyboard? It appears that physicaly removing the audio cable between the PC and the monitor may be the best and only possible solution. I have learned the hard way that it is impossible to make any physical control completely out of reach of the kids. You would be supprised how inventive and intelligent 5 year olds are today. Certainly more than I expected. On Wed, 13 Jan 2010 17:25:08 -0500, "Twayne" <nobody(a)spamcop.net> wrote: >In news:64gok51cm2h1q44f0p6lm4ggon6g0qf8g6(a)4ax.com, >David <David> typed: >> I run a day care center. Part of my program provides PCs with >> educational software for the children to use. The PCs are all XP/HOME >> SP3. The accounts available to the kids are all user access accounts >> with as few privleges as possible. Still, the more inventive kids >> seem able to make undesireaable system changes. >> >> What I want to know is whether or not I can restrict access to the >> Control Panel. I don't really care if the kids can see Control Panel. >> What I want is to prevent any user without administrative privleges >> from actually using the Control Panel. Is this possible? > >IMO you've had a couple of good programs recommended so far. > How about the physical speaker volume controls; are they accessible to >the kids? Turn them down so when they max out the PC volume it only rises to >a certain level that can be lived with. > >I liked steadystate the time I tried it. > >HTH, > >Twayne >
From: Tim Meddick on 14 Jan 2010 05:27 David, The function of Windows Steady State is to re-set *all* settings to a pre-defined condition, so it prevents any user from making permanent changes to that profile. However, a user *may* make changes during any given login session (e.g. raising the volume to God knows what) it's just that after they log out, everything will be re-set when they login again. So, it won't prevent a user from changing the volume level, it just won't stay that way - as when the user next logs in, all changes made will be undone! Another suggestion, if I may? If you download the [tiny & free] program "TweakUI.exe" from Microsoft - there is an item within called "Control Panel" where you can "de-select" (un-check) individual items to stop them from showing up in Control Panel. (After hearing about your kids - I should then make very sure that "TweakUI.exe" is then carefully hidden from their view!) You can download the quick install file for "TweakUI.exe" by clicking on the link below : http://download.microsoft.com/download/f/c/a/fca6767b-9ed9-45a6-b352-839afb2a2679/TweakUiPowertoySetup.exe == Cheers, Tim Meddick, Peckham, London. :-) <David> wrote in message news:5vesk59ab0qq3jgvofp7uebpp11ls461pq(a)4ax.com... > > < clipped > > > I will give Windows Steady State a try. I don't know if it will work, > but it may. According to the description, it appears that Deep Freeze > will not work. The goal is to keep the sound volume low during a user > session, not just at reboot time. > > < clipped > >
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Wow, the trolls are coming out of the woodwork again! Next: remove fragmented files |