Welcome to HBH V2 ! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Limiting Windows accounts


Limiting Windows accounts

By mikispag avatarmikispag | 5253 Reads |
0     0

Limiting Windows accounts

In this article we will learn how to restrict users' capabilities on a Windows NT - like machine (Windows 2000, XP, 2003, Vista). Please keep in mind that you'll need to manually edit your registry, so a full backup before proceeding may be a wise choice.

  • Restrict file access *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] Value Name: NoDrives (prevents viewing drives' icons) Value Name: NoViewOnDrive (prevents viewing drives' content) Data Type: REG_DWORD (DWORD Value)

This setting allows you to control which drives are visible in My Computer and Explorer. It is possible to hide all drives or just selected ones. To disable all the drives set the value to "67108863"; for single drives:

A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L: 2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144, T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z: 33554432

For example to hide drive A and drive D, you would add 1 (A) + 8 (D) which means the value should be set to "9".

Please keep in mind that you should also deny reading privileges to the restricted account in order to make this measure effective.


  • Restrict Users from Running Specific Applications *

This setting allows you to specify applications and filenames that users are restricted from running.

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] Value Name: DisallowRun

Open your registry and find the key [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer]

Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run.

Then create a new sub-key called [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun] and define the applications the are to be restricted. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be restriced (e.g. "regedit.exe").

Restart Windows for the changes to take effect.


  • Disable Registry Editing Tools *

User Key: [HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System] Value Name: DisableRegistryTools Data Type: REG_DWORD (DWORD Value) Value Data: (0 = allow regedit, 1 = disable regedit)


  • Disable the Windows Hotkeys *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] Value Name: NoWinKeys Data Type: REG_DWORD (DWORD Value) Value Data: (0 = disable restriction, 1 = enable restriction)


  • Disable the Shut Down Command *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] Value Name: NoClose Data Type: REG_DWORD (DWORD Value) Value Data: (0 = shutdown enabled, 1 = shutdown disabled)


  • Disable the Run… dialog *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] Value Name: NoRun Data Type: REG_DWORD (DWORD Value) Value Data: (0 = Run… enabled, 1 = Run… disabled)


  • Disable the Ability to Right Click on the Desktop *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] Value Name: NoViewContextMenu Data Type: REG_DWORD (DWORD Value) Value Data: (0 = disabled, 1 = enabled)


  • Hide All Items on the Desktop *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] Value Name: NoDesktop Data Type: REG_DWORD (DWORD Value) Value Data: (0 = disabled, 1 = enabled)


  • Remove File Menu from Explorer *

User Key: [HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] System Key: [HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer] Value Name: NoFileMenu Data Type: REG_DWORD (DWORD Value) Value Data: (0 = disabled, 1 = enabled)

These are only a few of the possible restricting keys. Knowing them may be useful in many ways, especially in a LAN.

Comments
ghost's avatar
ghost 15 years ago

Finally a good article, original. (Italians are originals) LOL

ghost's avatar
ghost 15 years ago

Nice list.

ghost's avatar
ghost 15 years ago

So there's no way we could make a .REG file to inject data if we want to?

mikispag's avatar
mikispag 15 years ago

@HackingForce: sure we can create a .REG file and import it without any user interaction using "regedit /Q filename.reg", perhaps in a .bat script or using ShellExecute ;)

ghost's avatar
ghost 15 years ago

hope my teachers doesnt find this one :right: