I'm trying to make a simple program which prevents people from turning my computer on and accessing it fully. But still lets them run firefox and a few other programs.

Im running into a problem tho. I'm using "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" to load up my program from start, which works just fine. When windows loads up my little log in app shows up.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shelll start.exe


However, when i try to shell("Explorer.exe") from my login app, it doesn't load up the desktop or the task bar. Even when i change the "Shell" value back from start.exe to Explorer.exe. It still doesn't load up the task bar or desktop like it normally would, it only loads up a file explorer app. I have to change the registry shell value back to explorer.exe and then restart windows to get the task bar and desktop to load up.

So what i am asking is how once i change the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell : Explorer.exe" value to "start.exe". How do i get the taskbar and desktop to load up like it normally would again.

Appreciated any help you can give.

Once i solve this problem, what could i do to disable to the task manager as well and prevent it from being run. Im a bit rusty with my visual basic 6.

Thanks in advance

~Moon

_________________
http://www.moon.templarian.com/

I'm not sure what your program does, but you can probably achieve better results by using Group Policy.

I'm assuming XP Pro, but this will also work for Win2K, Vista and Win7 as long as they're not 'Home' editions.

With Group Policy you can control access to system settings like control panel, display properties, Internet properties, the run command and regedit. You can also dictate which programs can run, control which drives the user can see, specify what appears on the desktop, etc, etc.

Group Policy can lock down a machine beyond belief. We had a policy file given to us for a super restricted machine where the user had an empty, blue desktop with a red diamond where the Start button normally appears. Clicking the button produced a menu with two options: 'MS Word' and 'Log Off'.

I'm not sure if it works on a single machine, but in a networked environment, Group Policy is reapplied every 15mins, so even if someone does manage to change a setting, it will be changed back by the system very quickly.

Basically, you create a guest account (or even better create a group for Guests and another for Users who will have full access to the machine), use the Group Policy editor (run gpedit.msc) to restrict what the guest account (or group) can do.

Once you've locked down the guests and allowed your account (or group) full control, set a password on your account, allow the guest account to login without a password and you're done.

As a further step you can also set NTFS permissions on drives to prevent guests snooping around your files.

Lastly, you can export Policy settings to a file, so if you get a setup you like, you can easily apply it to another machine.

Here's your start point: http://support.microsoft.com/kb/307882

_________________
10 PRINT "Bad Monkey ";
20 GOTO 10

pffft boot with a linux live cd and access what you like

That works for most home systems, but we have full disc encryption.

_________________
10 PRINT "Bad Monkey ";
20 GOTO 10

Codehead is Boss-mode sysadmin!

_________________
Whatever the mind can conceive and believe, it can achieve

Doesn't that make it work even better? (it prevents guest from browsing all of your stuff)

_________________
Trying is the first step towards failure
b

Depends if it's in relation to the original question or an exploit to get around my solution.

Booting up a different OS when you switch users seems a little long winded.

_________________
10 PRINT "Bad Monkey ";
20 GOTO 10