Control Panel

[David]

I run a day care center. Part of my program provides PCs with
educational software for the children to use. The PCs are all XP/HOME
SP3. The accounts available to the kids are all user access accounts
with as few privleges as possible. Still, the more inventive kids
seem able to make undesireaable system changes.

What I want to know is whether or not I can restrict access to the
Control Panel. I don't really care if the kids can see Control Panel.
What I want is to prevent any user without administrative privleges
from actually using the Control Panel. Is this possible?

 

[MICROSOFT]

A program called Deep Freeze will reset everything back to what it used to
be upon restart I believe. Another option is to use something like
Sandboxie. Deep Freeze might be better though. Sandboxie is a little
hard to grasp for some people.

 

[Nepatsfan]

I run a day care center. Part of my program provides PCs with
educational software for the children to use. The PCs are all XP/HOME
SP3. The accounts available to the kids are all user access accounts
with as few privleges as possible. Still, the more inventive kids
seem able to make undesireaable system changes.

What I want to know is whether or not I can restrict access to the
Control Panel. I don't really care if the kids can see Control Panel.
What I want is to prevent any user without administrative privleges
from actually using the Control Panel. Is this possible?

You might consider this program.

Windows SteadyState
http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx

For more info on configuring Windows SteadyState, take a look at this web
site.

Windows SteadyState Manual
http://download.microsoft.com/downl...8b7a66beef8a/Windows SteadyState Handbook.pdf

Any other questions you have concerning the program should be posted to this
web site.

Windows SteadyState Forum
http://forums.microsoft.com/WindowsToolsandUtilities/ShowForum.aspx?ForumID=1660&SiteID=69

Good luck

Nepatsfan

 

[David]

Deep Freeze seems a good option. Thanks

My office workstation has XP/PRO SP3. One difference between XP/PRO &
XP/HOME allows me to see the security tab when right-clicking on a
file & selecting Properties.

I found an executable file c:\windows\system32\control.exe which
apparently runs the Control Panel. Upon checking the security tab, I
found SYSTEM & Admin accounts have full privileges. However USER
accounts have Read & Read/Execute.

What would happen if I removed Read/Execute from Control.exe for user
accounts leaving only Read privilege? It seems at least that this
would prevent USERs from using Control panel. If I did this, would
there be any adverse consequences I have not thought of?

How do I access the security tab on a XP/HOME machine?

 

[Tim Meddick]

[re]Setting the file permissions on control.exe may have negative and unforeseen
effects on the Window's Explorer shell and would not necessarily stop individual CPLs
(Control Panel Extensions) from being opened.

This is because in the right-click menu in explorer for [.cpl] files, there are two
ways of opening ; one is "open with Control Panel" and yes, this would *not* work if
you modified the permissions, as you said.

But the other item "Explore" uses the system command :

rundll32.exe shell32.dll,Control_RunDLL "%1"

....to open [.cpl] files and this *still* works (bypassing control.exe).

So, if you did what you suggested - Control Panel would not show up in "My Computer"
and would not be accessible but may also cause Explorer to crash.

And, anyway, if the user looked in the system32 folder and right-clicked on a [.cpl]
file it could still be opened by choosing "Explore".

*([.cpl] files account for most of the items that show up in Control Panel)

==

Cheers, Tim Meddick, Peckham, London.

 

[Roy Smith]

Deep Freeze seems a good option. Thanks

My office workstation has XP/PRO SP3. One difference between XP/PRO &
XP/HOME allows me to see the security tab when right-clicking on a
file & selecting Properties.

I found an executable file c:\windows\system32\control.exe which
apparently runs the Control Panel. Upon checking the security tab, I
found SYSTEM & Admin accounts have full privileges. However USER
accounts have Read & Read/Execute.

What would happen if I removed Read/Execute from Control.exe for user
accounts leaving only Read privilege? It seems at least that this
would prevent USERs from using Control panel. If I did this, would
there be any adverse consequences I have not thought of?

How do I access the security tab on a XP/HOME machine?

To get the security tab on XP home you need to go into the Folders
Options and clear the check mark on the line that says "Use simple file
sharing".

An alternative to Deep Freeze would be Steadystate from Microsoft
available here:

http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx

--

Roy Smith
Windows 7

Timestamp: Tuesday, January 12, 2010 9:15:24 PM

 

[David]

control.exe is an interesting executable. I could not change the
permissions because the security tab is missing in XP/HOME. I will
try the suggestions others have made. What I did try (reckless?) was
to rename control.exe. This did not work either because as soon as I
changed the name, Windows immediately created another copy of
control.exe with the original date/time. - Amazing

The sole point of trying to prevent access to Control Panel is to
prevent users from adjusting the sound volume. I am beginning to
wonder if this may be a fruitless exercise. I noticed this morning
that the stupid keyboard has 3 extra buttons on it. Two for
raising/lowering the volume & 1 for mute. The kids found the 3
buttons before I did.

There may be only one sure fire way to keep the sound volume down.
That is to physically remove the audio cable. I can't remove the
speakers as they are integrated into the monitor.

I will give Windows Steady State a try. I don't know if it will work,
but it may. According to the description, it appears that Deep Freeze
will not work. The goal is to keep the sound volume low during a user
session, not just at reboot time.

[re]Setting the file permissions on control.exe may have negative and unforeseen
effects on the Window's Explorer shell and would not necessarily stop individual CPLs
(Control Panel Extensions) from being opened.

This is because in the right-click menu in explorer for [.cpl] files, there are two
ways of opening ; one is "open with Control Panel" and yes, this would *not* work if
you modified the permissions, as you said.

But the other item "Explore" uses the system command :

rundll32.exe shell32.dll,Control_RunDLL "%1"

...to open [.cpl] files and this *still* works (bypassing control.exe).

So, if you did what you suggested - Control Panel would not show up in "My Computer"
and would not be accessible but may also cause Explorer to crash.

And, anyway, if the user looked in the system32 folder and right-clicked on a [.cpl]
file it could still be opened by choosing "Explore".

*([.cpl] files account for most of the items that show up in Control Panel)

==

Cheers, Tim Meddick, Peckham, London.

Deep Freeze seems a good option. Thanks

My office workstation has XP/PRO SP3. One difference between XP/PRO &
XP/HOME allows me to see the security tab when right-clicking on a
file & selecting Properties.

I found an executable file c:\windows\system32\control.exe which
apparently runs the Control Panel. Upon checking the security tab, I
found SYSTEM & Admin accounts have full privileges. However USER
accounts have Read & Read/Execute.

What would happen if I removed Read/Execute from Control.exe for user
accounts leaving only Read privilege? It seems at least that this
would prevent USERs from using Control panel. If I did this, would
there be any adverse consequences I have not thought of?

How do I access the security tab on a XP/HOME machine?

 

[Twayne]

In

I run a day care center. Part of my program provides PCs with
educational software for the children to use. The PCs are all XP/HOME
SP3. The accounts available to the kids are all user access accounts
with as few privleges as possible. Still, the more inventive kids
seem able to make undesireaable system changes.

What I want to know is whether or not I can restrict access to the
Control Panel. I don't really care if the kids can see Control Panel.
What I want is to prevent any user without administrative privleges
from actually using the Control Panel. Is this possible?

IMO you've had a couple of good programs recommended so far.
How about the physical speaker volume controls; are they accessible to
the kids? Turn them down so when they max out the PC volume it only rises to
a certain level that can be lived with.

I liked steadystate the time I tried it.

HTH,

Twayne

 

[David]

I guess time a big issue is my time. I have been hoping for the
simplest possible solution. It appears that may not be possible.

The speakers are integrated into the monitor. There are no physical
speaker controls. Deep Freeze was suggested, but will not work as it
only resets the settings upon a reboot. I found out to my surprise
that there were volume controls on the key board which the kids found
before I did. You apparently have experence with Steady State. If I
install it, will it stop volume changes from the volume keys on the
keyboard?

It appears that physicaly removing the audio cable between the PC and
the monitor may be the best and only possible solution. I have
learned the hard way that it is impossible to make any physical
control completely out of reach of the kids. You would be supprised
how inventive and intelligent 5 year olds are today. Certainly more
than I expected.

 

[Tim Meddick]

David,
The function of Windows Steady State is to re-set *all* settings to a
pre-defined condition, so it prevents any user from making permanent changes to that
profile.

However, a user *may* make changes during any given login session (e.g. raising the
volume to God knows what) it's just that after they log out, everything will be
re-set when they login again.

So, it won't prevent a user from changing the volume level, it just won't stay that
way - as when the user next logs in, all changes made will be undone!


Another suggestion, if I may? If you download the [tiny & free] program
"TweakUI.exe" from Microsoft - there is an item within called "Control Panel" where
you can "de-select" (un-check) individual items to stop them from showing up in
Control Panel.

(After hearing about your kids - I should then make very sure that "TweakUI.exe" is
then carefully hidden from their view!)

You can download the quick install file for "TweakUI.exe" by clicking on the link
below :

http://download.microsoft.com/downl...a6-b352-839afb2a2679/TweakUiPowertoySetup.exe

==

Cheers, Tim Meddick, Peckham, London.

 

[Tim Meddick]

RE: My earlier reply;

....And with "TweakUI.exe", not only can you make individual Control Panel items
disappear from view, you can re-program those buttons on the keyboard (as in the Vol
up / down / mute - to do nothing instead).

That would be done in the "Explorer" > "Command Keys" item in "TweakUI.exe".

See my earlier post for the download link.

==

Cheers, Tim Meddick, Peckham, London.

 

[John John - MVP]

Buy earplugs and let the kids play.

I guess time a big issue is my time. I have been hoping for the
simplest possible solution. It appears that may not be possible.

The speakers are integrated into the monitor. There are no physical
speaker controls. Deep Freeze was suggested, but will not work as it
only resets the settings upon a reboot. I found out to my surprise
that there were volume controls on the key board which the kids found
before I did. You apparently have experence with Steady State. If I
install it, will it stop volume changes from the volume keys on the
keyboard?

It appears that physicaly removing the audio cable between the PC and
the monitor may be the best and only possible solution. I have
learned the hard way that it is impossible to make any physical
control completely out of reach of the kids. You would be supprised
how inventive and intelligent 5 year olds are today. Certainly more
than I expected.

 

[Twayne]

In

I guess time a big issue is my time. I have been hoping for the
simplest possible solution. It appears that may not be possible.

I think you are right.

The speakers are integrated into the monitor. There are no physical
speaker controls. Deep Freeze was suggested, but will not work as it
only resets the settings upon a reboot. I found out to my surprise
that there were volume controls on the key board which the kids found
before I did. You apparently have experence with Steady State. If I
install it, will it stop volume changes from the volume keys on the
keyboard?

I don't recall; sorry.

It appears that physicaly removing the audio cable between the PC and
the monitor may be the best and only possible solution.

If the speakers aren 't really needed, then that should work fine and would
be reasonably easy to reverse if they were needed for awhile. To get the
System Sounds coming through the computer's internal speaker (tada, beep,
boop, etc) again, it might be necessary to also uninstall the sound card
drivers or at least disable them in System Properties; their presence likely
turned off the system sounds to the internal speaker. IF you care, that is.

Hmm, or just uninstall the sound card? That's turn the system speakers back
on and as long as the installer CD software wasn't available, they couldn't
put the sound card back. Hardware won't run without drivers & support
software.

I have

learned the hard way that it is impossible to make any physical
control completely out of reach of the kids. You would be supprised
how inventive and intelligent 5 year olds are today. Certainly more
than I expected.

Yeah, and they have the luck of the young with them too it seems! BTDT<G>!


HTH,

Twayne

 

[thanatoid]

more it's-amazing-it-works-at-all rather than much cop.

"Much cop"... Is this a Brit expression I am unfamiliar with?
Please clarify.


--
There are only two classifications of disk drives: Broken drives
and those that will break later.
- Chuck Armstrong (This one I think, http://www.cleanreg.com/,
not the ball player. But who knows. I can't remember where I got
the quote. But it's true.)