Secure Desktop 10 is a 32-bit application and is 64-bit aware. Secure Desktop 10 has been tested in Windows XP, Windows Server 2003, Windows 7, Windows Server 2008, Windows 8, Windows 8.1, Windows Server 2012, Windows 10 and Windows Server 2016.
Secure Desktop 10 uses one XML file for configuration data, the same exact file as Secure Desktop 7 and 8. For existing customers who have INI files from version 6 or earlier of Secure Desktop, that configuration data is imported automatically. Thorough re-testing of configuration data should be accomplished. Secure Desktop 10 does not over-write previous versions of Secure Desktop. Secure Desktop 10 tools and Secure Setup from a version 6 can run side-by-side, to double-check configuration data.
The sdesktop.xml file is automatically backed up. There is also a manual backup and restore. When using Secure Desktop with Windows 8 or Windows 10, registry data written to by Secure Desktop is automatically backed up for documentation purposes.
Secure Desktop 10 provides several import mechanisms to bring in program data from Start Menu Shortcuts, Startup Group Shortcuts, Registry Startup, Desktop Shortcuts, Program Files, and My Computer.
Icon importing is accomplished very easily using the Import button in the Icon Configuration. Set any additional details for imported icons along with the ability to manually browse for a program to launch.
A program can be re-started if it's been closed by the user. A program can be set to run a Single Instance Only of that application. Applications can be set to Run As Administrator, should they need Administrator access.
Version 6 and earlier of Secure Desktop used CreateProcess to launch a program. Secure Desktop 10 uses ShellExecuteEx and gains the added benefit of being able to launch a document file, in addition to executables and other file types.
Secure Desktop 10 does not automatically start everything that the Explorer Shell starts. Services are always started, regardless of what shell is running, but any other program needs to be configured into Secure Desktop's Startup Tab (not visible to end user). There are several advantages to this, when Secure Desktop 10 is running as the shell:
Programs can be launched based on a specific time of day, week, or month. Programs can be launched when Secure Desktop is shutting down.
Each icon, group tab, or toolbar button may be individually password protected. A hot-key can be assigned to bring Secure Desktop 10 to the top of the Z-order, and this may also be password protected. Passwords can change dynamically, using the Supervisor feature, to append a calculated number to any Secure Desktop 10 password. This calculation is based on the computer system date in addition to a 5 digit PIN number.
Secure Desktop 10 is now a toolbar window that spans the width of the user's screen, being placed at the top or the bottom. The shell can also be set to be at the top or the bottom of the Z-order. Icon mouse clicks can be set to single or double. The icon background color can changed. Function keys for the icons can be on or off. The tab bar can be removed if only one tab is used. The status bar can be hidden. Mouse clicks for the Tray Icons can be disabled. System icons (Volume, Network, Power) can be displayed, although it is less secure due to starting unknown programs.
Audit data is stored in XML files, in the RSS 2.0 format. Keystrokes, window titles, URLs, user name, along with disk and memory free can be stored in the XML files. Data entered into HTTPS web pages or program fields with the ES_PASSWORD flag are not logged to disk.
Secure Desktop can disable over 350 different hot-key combinations, tuned for the specific operating system in a hardware independent fashion. Please see the sidebar for the full list.
View Audit data with sAudit. View and launch Control Panel applets using sControl. View and launch file icons for a specified folder path with sExplore. View and optionally print text files with sNote. Copy data files from a source folder to a destination folder with sCopy. Show a wallpaper using sWall.
The Window Wizard can manipulate a window or close a program during Secure Desktop 10 shutdown. Windows are picked by title and/or menu items and then acted on to hide the window, force it to min or max state, close the window, or disable menu items for windows with the older style menu items.
Secure Desktop 10 does not have low level file access features. However drives, files, and folders may be hidden from the end user using a combination of file attribute settings and registry settings using the Secure Desktop 10 sTools program.
New features starting with version 10.30 for Windows 7, 8 or 10 include the ability to disable part of the user interface of the common File Open, Browse and Save As Dialogs.
The File Open, Browse and Save As Dialogs are like mini versions of File Explorer. Secure Desktop can disable relevant mouse clicks and keyboard shortcuts while the dialog is on top, preventing unwanted file editing or manipulation. A similar feature is provided for the Print Dialog. Starting with version 10.55, this feature also works in Windows XP and Windows Server 2003.
Disable USB ports. Disable command-line feature of Safe-Mode. Set Auto-Login parameters.
New features starting with version 10.30 for Windows 7, 8 or 10 include the ability to immediately close programs with specific windows classes. Starting with version 10.55, this feature also works in Windows XP and Windows Server 2003.
This includes programs used by administrators, the registry editor, Settings in Windows 10, console windows, file explorer, control panel, task manager and the mobility center.
Secure Desktop has always been designed to launch Classic Windows applications (CWA) (e.g., COM, Win32, WPF, WinForms, etc.). Windows 10 introduced the Universal Windows app (UWA). UWA require the Universal Windows Platform (UWP) which is built into the Explorer shell. Secure Desktop provides security by replacing the Explorer shell. Therefore the UWP and UWA are not supported by Secure Desktop.
Most of our customers use Secure Desktop in a mission-critical setting such as manufacturing, the pharmaceutical industry or for retail point of sale. When using Windows 10 in a mission-critical setting, Microsoft recommends using Windows 10 Enterprise Long-Term Servicing Channel (LTSC) Edition. This LTSC Edition does not support Universal Windows applications. Although Secure Desktop works on any Windows 10 Edition (except Windows 10 S), we recommend that our customers carefully research the various Editions to insure a stable system. Windows 10 Enterprise LTSC Edition may be the best Edition of Windows 10 for your mission-critical setting.