|
|
The Common File Open and File Save As Dialogs features is specific to Windows Me and Windows 2000/2003/XP. The Windows Security Dialog features are specific to Windows 2000/2003/XP.
The common file open and file save as dialogs have new features that you may wish to disable. (Note that some programs, such as those found in Microsoft Office, do not use common file open and save as dialogs) The back button gives the user the ability to go back to the last folder (cyan colored arrow pointing to the left in the picture below). The recent file list shows the last files that had been opened (pull down for file name field in the picture below). The shortcut bar is the group of icons found on the left with things like History, Desktop, My Documents, My Computer, and My Network Places. Here is a picture of a new file open dialog, before disabling these features:
The Windows Security dialog that comes up when you depress Ctrl-Alt-Delete has several buttons that you may want to disable. The Task Manager, Change Password, and Lock Workstation buttons can all be disabled using the OS Policy dialog in Windows 2000/2003/XP. You can disable Ctrl-Alt-Delete completely via the Registry dialog, but you may not be able to. Even if you disable Ctrl-Alt-Delete, you may want to disable the 3 buttons, in case a user boots up in safe mode.
In the very beginning of the Windows 2000/2003/XP boot up sequence, the user is provided the option of pressing the F8 key, enabling them to pick from several safe modes. If you have Secure Desktop configured as the shell, most of the safe modes will boot with Secure Desktop as the shell. If the user selects the Command Line Safe Mode, the shell is by default set to the Command Line interpreter. To prevent this, use the checkbox shown. When checked, if the user presses F8 and then selects the Command Line Safe Mode, they will get a gray screen telling them to press Ctrl-Alt-Delete to restart. Even if you have Ctrl-Alt-Delete disabled, the user will get the normal Ctrl-Alt-Delete Window in this mode, so it's important to disable the 3 buttons.
Secure Desktop disables the Ctrl-Alt-Delete by using a replacement GINA.DLL file. Other programs also ship with replacement GINA DLL files, such as HMI programs (InTouch, RSView, etc.), Remote Control programs (Symantec pcAnywhere), and Network Software (Novell Netware). Only one GINA DLL may be in use at a time. By disabling these buttons, you may not need to disable Ctrl-Alt-Delete.
Symantec's pcAnywhere program has the ability of chaining to other GINA DLL files. Typically, the pcAnywhere GINA DLL (AWGINA.DLL) would chain to Microsoft's GINA DLL (MSGINA.DLL). Secure Desktop's GINA DLL (SASGINA.DLL) also chains to MSGINA.DLL as do most other replacement GINA DLLs. pcAnywhere has the ability to chain to other GINA DLLs via a registry setting. For more details, please visit Symantec's web site at http://www.symantec.com and search for knowledge base document id 199852785735 titled "What is a GINA?". So, a possible scenario would be to configure the AWGINA.DLL to chain to the SASGINA.DLL which would then chain to the MSGINA.DLL. In this scenario, you could use pcAnywhere for remote configuration and have the Ctrl-Alt-Delete disabled by Secure Desktop.
In Windows NT4/2000/2003/XP, this particular registry key can not be written to by any user that is not in the Administrators group. For each user that you wish to hide drives from, select the user in the User Manager (you must be an administrator to do this). Then select user properties from the user menu, select groups, and make the user a member of Administrators. Keep in mind that this is temporary. Now, login as each user, use Secure Setup and go into the OS Policy dialog, and change any features. When finished, login in as administrator and remove the administrators membership from each of these users.
|
|