Use advanced settings and third-party tools to tailor Windows for non-admins.
Use advanced settings and third-party tools to tailor Windows for non-admins.
This project involves building a program launcher for a school lab setting. The secondary accounts need restricted access to Windows features, with specific limitations in place. I'm planning to disable certain controls like Ctrl+Shift+Esc, restrict Ctrl+Alt+Del to admin prompts, block Win+D, Win+E, and Win+L. The desktop should be locked, the Start menu hidden, and only admin commands like Win+R visible. No control panel or settings without a UAC prompt should be allowed. I'm unsure how to start since these changes usually need group policies or registry edits. Any suggestions would be helpful.
It’s likely many tasks can be handled via group policies or folder permission adjustments. For instance, you might restrict access to Win+R or the control panel through group policies, or as a final step, modify folder permissions on files. Conversely, certain actions like pressing Ctrl+Alt+Del remain protected by a UAC prompt, as they’re built into the operating system for secure authentication. You can still disable these options using the group policy editor under User Config > Admin Templates > System > Ctrl+Alt+Del settings.
It appears the simplest approach is to identify PowerShell commands for activating or deactivating group policies and have your application leverage them for necessary adjustments. While it's feasible to use PowerShell, you'll need to first enable script execution in the GPO Editor.