dalk Posted July 1, 2014 Posted July 1, 2014 (edited) Hi... I have a project to replace a bunch of XP kiosks/restricted desktops both on and off the domain where I work. Steadystate is gone, I have to use Win7, and I can't assume that the PC will be domain'd (so I can't rely on just pushing restrictions via Group Policy). Also there is no budget just to buy some of the software that is out there. I was just going to just create a batch script calling some .reg files (like a typical admin), but work is quiet during the summer so I decided to throw together a GUI (for the batch script challenged). The scripts might be of use to others who want to throw together a basic kiosk PC quickly. I'm going to preface this with the fact that I am an occasional autoiter and a copy/paste programmer. So the code is a bit messy, probably doesn't follow conventions, and is inefficient (I should have used arrays for a bunch of other stuff). I've only tested on Win 7 32bit as well. Feel free to improve the scripts. I have pulled code from all over this excellent forum, so a big thanks to everyone. I should have made a note of what came from where and credited people, but didn't think of it at the time... so apologies for that. The first script KioskUserAccountSetup is a SteadyState alternative, for applying various restrictions/settings, mostly to lock down a specified users profile. It lacks the drive freeze capabilities but you can set System Restore points to achieve some this ability. The second script ShowHideUserAccounts is a way to hide (or show) all users logins except for the currently logged on user at the default Win 7 Welcome Screen. Users will be presented with one login (and not the administrator etc. logins). NOTE: I have only tested on Win7 32bit. The script reads and writes to the registry, so there be dragons etc. and it applies restrictions to profiles, so be careful when testing. You don't want to lock yourself out... Kiosk User Account Setup (SteadyState Alternative) UPDATED 07/07/14: Added ability to create System Restore points before and after changes are applied. You will need the udf from '?do=embed' frameborder='0' data-embedContent>> Minor improvements and bug fixes. expandcollapse popup#cs ---------------------------------------------------------------------------- Script Function: AutoIt Version: 3.3.12.0 Kiosk User Account Setup. (SteadyState Alternative, minus the drive freeze capabilities.) Lock down a PC by Applying/Removing Various Restrictions to a User Account (and/or PC). (Created for use on kiosk PCs.) Usage: 1. (Build and configure your Win 7 Kiosk PC. Create an account that Kiosk users will log on to.) 2. Log on as local Admin. (You can also apply changes logged on as the target account.) 3. Run KioskUserAccountSetup.exe. (An ini file is created the first time it runs. Edit this file to check and set your preferred options.) 4. Enter the Account Name that you wish to apply restrictions to. a. Check option(s) and Apply to set option(s). b. Check option(s) and Undo to remove (roll-back) setting(s). Note: Only tested on Win7 32bit OS - dalk 07.07.14 #ce ---------------------------------------------------------------------------- #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Outfile=KioskUserAccountSetup.exe #AutoIt3Wrapper_Res_Fileversion=0.9.9.9 #AutoIt3Wrapper_Res_ProductVersion=5.0 #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** #RequireAdmin #NoTrayIcon #include <Array.au3> #include <FileConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #include <TabConstants.au3> #include <systemrestore.au3> ; http://www.autoitscript.com/forum/topic/134628-system-restore-udf/ $ExeVersion = FileGetVersion (@ScriptFullPath) ; Find version of exe used to launch the Menu $ScriptName = StringTrimRight (@ScriptName, 4) ; Create an .ini the same name as the .exe Global $IniName = @ScriptDir & "\" & $ScriptName & ".ini" Global $Username, $UserSID, $LoadHive, $RegPath, $DisableCtrlAltDel, $EnableCTRL, $RestoreChecked, $UserProfile, $RequireUserName, $RestorePoints Local $Font = "Tahoma" If Not FileExists($IniName) Then ; Create default ini if not found _CreateINI() EndIf ; =============================================================================== ; GUI Start $GUI = GUICreate("Kiosk User Account Setup v" & $ExeVersion, 525, 620, -1, -1) GUICtrlCreateLabel("Account Name:", 40, 507, 113, 20) GUICtrlSetFont(-1, 10, 800, 0) $UserFieldDef = IniRead($IniName, "ProfileUser", "Username", "") $UserField = GUICtrlCreateInput($UserFieldDef, 148, 505, 180, 20) GUICtrlSetFont(-1, 10) $UserFieldCurrentUser = GUICtrlCreateCheckbox("Set current user as Account Name", 148, 526, 200, 20) $DefValues = GUICtrlCreateButton("Select Defaults", 147, 548, 90, 22) GUICtrlSetBkColor(-1, 0xB8B8B8) GUICtrlSetFont(-1, 8.5, 400, 0, $font) $UnCheckAll = GUICtrlCreateButton("Unselect All", 240, 548, 90, 22) GUICtrlSetBkColor(-1, 0xB8B8B8) GUICtrlSetFont(-1, 8.5, 400, 0, $font) $ApplySettings = GUICtrlCreateButton("APPLY", 365, 505, 130, 30) GUICtrlSetBkColor(-1, 0xC80000) GUICtrlSetFont(-1, 8.5, 800, 0, $font) GUICtrlSetColor(-1, 0xFFFFFF) $UndoSettings = GUICtrlCreateButton("UNDO", 365, 540, 130, 30) GUICtrlSetBkColor(-1, 0x006600) GUICtrlSetFont(-1, 8.5, 800, 0, $font) GUICtrlSetColor(-1, 0xFFFFFF) $StatusGroup = GUICtrlCreateGroup( "Status", 20, 570, 490, 40) $StatusMsg = GUICtrlCreateLabel( "", 26, 585, 480, 20) GUICtrlSetFont( $StatusMsg, 8.5, 400, 0, "Courier New") GUICtrlSetColor(-1, 0x000000) GUICtrlSetBkColor(-1, 0xFFFF99) ; =============================================================================== ; Tab Start $Tab = GUICtrlCreateTab(20, 2, 490, 498, $TCS_MULTILINE) GUICtrlSetFont($Tab,9, 800) GUICtrlCreateTabItem("Profile/User") ; Tab $Userbox1 = GUICtrlCreateCheckbox("Add User to Local Admin Group. (Don't forget to remove this.)", 40, 70, 320, 20) $Userbox2 = GUICtrlCreateCheckbox("Remove User From Local Admin Group", 40, 100, 300, 20) $Userbox3 = GUICtrlCreateCheckbox("Make User's Desktop, Start-Menu, and Downloads Folder, Read-Only. ", 40, 130, 420, 20) $Userbox4 = GUICtrlCreateCheckbox("Require User to use Ctrl+Alt+Del to log on. (Ctrl key will be enabled.)", 40, 160, 404, 20) $Userbox5 = GUICtrlCreateCheckbox("Auto-Logon User", 40, 190, 350, 20) $UserBoxField1Def = IniRead($IniName, "ProfileUser", "Login", "Login") $UserBoxField1 = GUICtrlCreateInput($UserBoxField1Def, 60, 215, 180, 20) $UserBoxField2Def = IniRead($IniName, "ProfileUser", "Password", "Password") $UserBoxField2 = GUICtrlCreateInput($UserBoxField2Def, 60, 245, 180, 20) $UserBoxField3Def = IniRead($IniName, "ProfileUser", "Domain", "Domain or Computer Name") $UserBoxField3 = GUICtrlCreateInput($UserBoxField3Def, 60, 275, 180, 20) GUICtrlCreateTabItem("Start Menu") ; Tab $Startbox1 = GUICtrlCreateCheckbox("Remove Shut Down, Restart, Sleep and Hibernate", 40, 70, 300, 20) $Startbox2 = GUICtrlCreateCheckbox("Disable Run", 40, 100, 300, 20) $Startbox3 = GUICtrlCreateCheckbox("Disable Command Prompt", 40, 130, 300, 20) $Startbox4 = GUICtrlCreateCheckbox("Remove Control Panel", 40, 160, 300, 20) $Startbox5 = GUICtrlCreateCheckbox("Remove Set Default Programs", 40, 190, 300, 20) $Startbox6 = GUICtrlCreateCheckbox("Disable Start Menu Personal folder", 40, 220, 300, 20) $Startbox7 = GUICtrlCreateCheckbox("Prevent Start Menu Changes", 40, 250, 300, 20) $Startbox8 = GUICtrlCreateCheckbox("Restrict drag-and-drop and right-click in Start Menu", 40, 280, 300, 20) GUICtrlCreateTabItem("Desktop and Taskbar") ; Tab $Deskbox1 = GUICtrlCreateCheckbox("Remove System Tray icons", 40, 70, 300, 20) $Deskbox2 = GUICtrlCreateCheckbox("Remove Taskbar Properties", 40, 100, 300, 20) $Deskbox3 = GUICtrlCreateCheckbox("Remove System Properties", 40, 130, 300, 20) $Deskbox4 = GUICtrlCreateCheckbox("Remove Locking/Unlocking of Taskbar", 40, 160, 300, 20) $Deskbox5 = GUICtrlCreateCheckbox("Remove right-click on Taskbar", 40, 190, 300, 20) $Deskbox6 = GUICtrlCreateCheckbox("Remove Toolbars in Taskbar", 40, 220, 300, 20) $Deskbox7 = GUICtrlCreateCheckbox("Remove Alt-tab", 40, 250, 300, 20) $Deskbox8 = GUICtrlCreateCheckbox("Remove Active Desktop Feature", 40, 280, 300, 20) $Deskbox9 = GUICtrlCreateCheckbox("Disable Task Manager", 40, 310, 300, 20) $Deskbox10 = GUICtrlCreateCheckbox("Remove Change Password", 40, 340, 300, 20) $Deskbox11 = GUICtrlCreateCheckbox("Disable Fast User Switching. *", 40, 370, 300, 20) $Deskbox12 = GUICtrlCreateCheckbox("Disable Desktop Properties", 40, 400, 300, 20) $Deskbox13 = GUICtrlCreateCheckbox("Remove Windows Key shortcuts", 40, 430, 300, 20) $Deskbox14 = GUICtrlCreateCheckbox("Disable Lock", 40, 460, 300, 20) GUICtrlCreateLabel("* NOTE: Affects all users", 370, 480, 380, 20) GUICtrlCreateTabItem("Computer") ; Tab $Compbox1 = GUICtrlCreateCheckbox("Allow Windows Updates, including IE and Office updates.", 40, 70, 300, 20) $Compbox2 = GUICtrlCreateCheckbox("Prevent Windows Update rebooting the computer while a user is logged on", 40, 100, 380, 20) $Compbox3 = GUICtrlCreateCheckbox("Restrict access to c:", 40, 130, 300, 20) $Compbox4 = GUICtrlCreateCheckbox("Hide C: drive", 40, 160, 300, 20) $Compbox5 = GUICtrlCreateCheckbox("Hide C: and D: drive", 40, 190, 300, 20) $Compbox6 = GUICtrlCreateCheckbox("Hide ALL drives (including DVD/CD-ROM)", 40, 220, 300, 20) $Compbox7 = GUICtrlCreateCheckbox("Disable DVD/CD-ROM ", 40, 250, 300, 20) $Compbox8 = GUICtrlCreateCheckbox("Disable Write to USB Devices *", 40, 280, 300, 20) $Compbox9 = GUICtrlCreateCheckbox("Block USB Devices *", 40, 310, 300, 20) $Compbox10 = GUICtrlCreateCheckbox("Disable F4 key, and therefore Alt+F4 (Close Window) *", 40, 340, 340, 20) $Compbox11 = GUICtrlCreateCheckbox("Disable Ctrl key, and therefore Ctrl+Alt+Del. * (Ctrl+Alt+Del to log on will be disabled)", 40, 370, 440, 20) $Compbox12 = GUICtrlCreateCheckbox("Disable Windows Menu Key *", 40, 400, 340, 20) GUICtrlCreateLabel("* NOTE: Affects all users", 370, 480, 380, 20) GUICtrlCreateTabItem("Restore") ; Tab $Restorebox1 = GUICtrlCreateCheckbox("Enable System Protection", 40, 70, 140, 20) $Restorebox2 = GUICtrlCreateCheckbox("Create Restore Point:", 40, 100, 240, 20) $Restorebox3 = GUICtrlCreateCheckbox("Before changes, named:", 55, 130, 132, 20) $Restorebox3Def = IniRead($IniName, "Restore", "RestoreBeforeName", "Restore Point prior to Kiosk Setup changes being set") $Restorebox3Name = GUICtrlCreateInput($Restorebox3Def, 190, 130, 280, 20) $Restorebox4 = GUICtrlCreateCheckbox("After changes, named:", 55, 160, 132, 20) $Restorebox4Def = IniRead($IniName, "Restore", "RestoreAfterName", "Restore Point after Kiosk Setup changes applied") $Restorebox4Name = GUICtrlCreateInput($Restorebox4Def, 190, 160, 280, 20) $Restorebox5 = GUICtrlCreateCheckbox("Restore System Files And Settings. (NOTE: ALL Other settings will be unchecked.)", 40, 190, 410, 20) $Restorebox5list = GUICtrlCreateList('', 55, 215, 415, 200, $ws_vscroll) $Restorebox5note = GUICtrlCreateLabel("Note: To delete an individual restore point, highlight and choose Undo.", 55, 416, 400, 20) $Restorebox6 = GUICtrlCreateCheckbox("Delete ALL Restore Points", 55, 430, 200, 20) GUICtrlCreateTabItem("Windows Explorer") ; Tab $WExpbox1 = GUICtrlCreateCheckbox("Restrict Folder Options", 40, 70, 150, 20) $WExpbox2 = GUICtrlCreateCheckbox("Restrict Registry Editor", 40, 100, 150, 20) $WExpbox3 = GUICtrlCreateCheckbox("Remove Map Network Drive", 40, 130, 300, 20) $WExpbox4 = GUICtrlCreateCheckbox("Remove adding/removing items to/from Toolbars", 40, 160, 300, 20) $WExpbox5 = GUICtrlCreateCheckbox("Remove adding/removing Toolbars", 40, 190, 300, 20) $WExpbox6 = GUICtrlCreateCheckbox("Remove 'Programs and Features' button", 40, 220, 300, 20) $WExpbox7 = GUICtrlCreateCheckbox("Disable right-click in Explorer", 40, 250, 200, 20) $WExpbox8 = GUICtrlCreateCheckbox("Disable AutoRun/AutoPlay", 40, 280, 200, 20) GUICtrlCreateTabItem("Internet Explorer") ; Tab $IExpbox1 = GUICtrlCreateCheckbox("Set IE HomePage:", 40, 70, 106, 20) $IEHomePageDef = IniRead($IniName, "InternetExplorer", "IEHomePage", "") $IEHomePage = GUICtrlCreateInput($IEHomePageDef , 148, 70, 320, 20) $IExpbox2 = GUICtrlCreateCheckbox("Prevent HomePage from being changed", 40, 100, 300, 20) $IExpbox3 = GUICtrlCreateCheckbox("Block access to Internet Options", 40, 130, 300, 20) $IExpbox4 = GUICtrlCreateCheckbox("Disable Password Caching", 40, 160, 300, 20) $IExpbox5 = GUICtrlCreateCheckbox("Enable Content Restriction in IE to block ALL websites EXCEPT for below whitelist *", 40, 190, 420, 20) $IExpbox5label = GUICtrlCreateLabel("Seperate URLs with a semi-colon. For best results, add each seperate URL in this format: " & _ "http://website.com;*.website.com", 54, 208, 420, 40) GUICtrlSetFont(-1, 8.5, 400, $GUI_FONTITALIC, "Tahoma") GUICtrlSetColor(-1, 0x707070) $URLWhitelistDef = IniRead($IniName, "InternetExplorer", "URLWhitelist", "http://website.com;*.website.com") $URLWhitelist = GUICtrlCreateEdit($URLWhitelistDef, 57, 238, 420, 220, $ES_MULTILINE) $IExpbox6 = GUICtrlCreateCheckbox("Allow Admins to type a password to view a restricted site? (Password is: kiosk.kiosk)", 57, 460, 410, 20) GUICtrlCreateLabel("* NOTE: Affects all users", 370, 480, 380, 20) GUICtrlCreateTabItem("Application") ; Tab $Appbox1 = GUICtrlCreateCheckbox("Enable Application Restrictions *", 40, 70, 300, 20) $Appbox1labelA = GUICtrlCreateLabel("Block all Application executables EXCEPT for:", 57, 90, 380, 20) $Appbox1labelB = GUICtrlCreateLabel("Use the exact executable name. Seperate values with a semi-colon. Don't forget to add " & _ "regedit.exe and this executable, or you may not be able to roll back changes.", 57, 104, 420, 40) GUICtrlSetFont(-1, 8.5, 400, $GUI_FONTITALIC, "Tahoma") GUICtrlSetColor(-1, 0x707070) $AppWhitelistDef = IniRead($IniName, "Application", "AppWhitelist", "regedit.exe;KioskUserAccountSetup.exe") $AppWhitelist = GUICtrlCreateEdit($AppWhitelistDef, 57, 136, 420, 335, $ES_MULTILINE) GUICtrlCreateLabel("* NOTE: Affects all users", 370, 480, 380, 20) GUICtrlCreateTabItem("Additonal Startup Applications") ; Tab GUICtrlCreateLabel("Add Applications to users Startup program list: ", 40, 70, 300, 20) $StartAppbox1 = GUICtrlCreateCheckbox("", 32, 100, 15, 15) GUICtrlCreateLabel("Name: ", 50, 100, 50, 20) $StartAppname1Def = IniRead($IniName, "AdditionalStartupApplications", "AppName1", "Application Name") $StartAppname1 = GUICtrlCreateInput($StartAppname1Def, 82, 98, 180, 20) $StartAppEdit1Def = IniRead($IniName, "AdditionalStartupApplications", "AppExecutable1", '"c:\windows\system32\example.exe" /ExampleSwitch') $StartAppEdit1 = GUICtrlCreateEdit($StartAppEdit1Def, 50, 120, 430, 50) $StartAppbox2 = GUICtrlCreateCheckbox("", 32, 180, 15, 15) GUICtrlCreateLabel("Name: ", 50, 180, 50, 20) $StartAppname2Def = IniRead($IniName, "AdditionalStartupApplications", "AppName2", "") $StartAppname2 = GUICtrlCreateInput($StartAppname2Def, 82, 178, 180, 20) $StartAppEdit2Def = IniRead($IniName, "AdditionalStartupApplications", "AppExecutable2", "") $StartAppEdit2 = GUICtrlCreateEdit($StartAppEdit2Def, 50, 200, 430, 50) $StartAppbox3 = GUICtrlCreateCheckbox("", 32, 260, 15, 15) GUICtrlCreateLabel("Name: ", 50, 260, 50, 20) $StartAppname3Def = IniRead($IniName, "AdditionalStartupApplications", "AppName3", "") $StartAppname3 = GUICtrlCreateInput($StartAppname3Def, 82, 258, 180, 20) $StartAppEdit3Def = IniRead($IniName, "AdditionalStartupApplications", "AppExecutable3", "") $StartAppEdit3 = GUICtrlCreateEdit($StartAppEdit3Def, 50, 280, 430, 50) $StartAppbox4 = GUICtrlCreateCheckbox("", 32, 340, 15, 15) GUICtrlCreateLabel("Name: ", 50, 340, 50, 20) $StartAppname4Def = IniRead($IniName, "AdditionalStartupApplications", "AppName4", "") $StartAppname4 = GUICtrlCreateInput("", 82, 336, 180, 20) $StartAppEdit4Def = IniRead($IniName, "AdditionalStartupApplications", "AppExecutable4", "") $StartAppEdit4 = GUICtrlCreateEdit($StartAppEdit4Def, 50, 360, 430, 50) $StartAppbox5 = GUICtrlCreateCheckbox("", 32, 420, 15, 15) GUICtrlCreateLabel("Name: ", 50, 420, 50, 20) $StartAppname5Def = IniRead($IniName, "AdditionalStartupApplications", "AppName5", "") $StartAppname5 = GUICtrlCreateInput("", 82, 414, 180, 20) $StartAppEdit5Def = IniRead($IniName, "AdditionalStartupApplications", "AppExecutable5", "") $StartAppEdit5 = GUICtrlCreateEdit($StartAppEdit5Def, 50, 440, 430, 50) ; Tab End ; =============================================================================== ; =============================================================================== ; GUI Wait for key presses GUISetState() ; Enable GUI _Defaults() ; Set defaults by reading the ini file $StatusMsgDef = " Choose Options, then Apply (to restrict) or Undo (to restore) ..." Guictrlsetdata($StatusMsg, $StatusMsgDef , "") ; Status message While 1 ; Wait for key presses $Msg = GUIGetMsg() Switch $Msg Case $ApplySettings ; Apply Button Pressed _RequireUserName() ; Check if a username is required and set some vaiables. If $RequireUserName = "Yes" Then _UserProfileCheck() ; Check that user profile exists EndIf If $UserSID = "NotFound" Then ContinueLoop If $RequireUserName = "Yes" Then $SureBox1 = MsgBox(36,"Apply Settings",'Apply Selected Settings/Restrictions to PC and/or Account "' & $Username & '"?') Else $SureBox1 = MsgBox(36,"Apply Settings",'Apply Selected Settings/Restrictions to Computer?') EndIf Select Case $SureBox1 = 6 ; Yes Guictrlsetdata($StatusMsg, " Applying Selected Settings ...", "") ; Status message $Apply = "Yes" ; Set variable for applying setting If $LoadHive = "Yes" Then ; Logged on as the User, do not load hive, apply to HKEY_CURRENT_USER instead. _LoadHive() ; Load users registry hive EndIf _WriteToReg() ; Write changes to users registry hive If $LoadHive = "Yes" Then _UnLoadHive() ; Un-load (save) users registry hive EndIf Guictrlsetdata($StatusMsg, " Selected Settings Applied!", "") ; Status message _Restart() Case $SureBox1 = 7 ; No EndSelect Case $UndoSettings ; Undo Button Pressed _RequireUserName() ; Check if a username is required If $RequireUserName = "Yes" Then _UserProfileCheck() ; Check that user profile exists and set some vaiables. EndIf If $UserSID = "NotFound" Then ContinueLoop If $RequireUserName = "Yes" Then $SureBox2 = MsgBox(36,"","Undo Selected Settings/Restrictions to PC and/or Account " & $Username & "?") Else $SureBox2 = MsgBox(36,"Undo Settings",'Undo Selected Settings/Restrictions on Computer?') EndIf Select Case $SureBox2 = 6 ; Yes Guictrlsetdata($StatusMsg, " Undoing Selected Settings ...", "") ; Status message $Apply = "No" ; Set variable for undoing settings If $LoadHive = "Yes" Then ; Logged on as the User, do not load hive, apply to HKEY_CURRENT_USER instead. _LoadHive() ; Load users registry hive EndIf _WriteToReg() ; Write changes to users registry hive If $LoadHive = "Yes" Then _UnLoadHive() ; Un-load (save) users registry hive EndIf Guictrlsetdata($StatusMsg, " Selected Settings Undone!", "") ; Status message _Restart() Case $SureBox2 = 7 ; No EndSelect Case $UserFieldCurrentUser If GUICtrlRead($UserFieldCurrentUser) == 1 Then ; Checked Guictrlsetdata($UserField, @UserName) EndIf If GUICtrlRead($UserFieldCurrentUser) == 4 Then ; Checked Guictrlsetdata($UserField, $UserFieldDef) EndIf Case $DefValues ; Check default boxes _Defaults() Guictrlsetdata($StatusMsg, " Defaults settings selected ...", "") ; Status message Case $UnCheckAll ; Uncheck all boxes _UnCheckAll() Guictrlsetdata($StatusMsg, " All settings unselected ...", "") ; Status message Case $GUI_EVENT_PRIMARYDOWN ; Clear Defaults entries from various text boxes when you click into entry $CInfo = GUIGetCursorInfo() If $CInfo[4] = $UserField Then GUICtrlSetData($UserField, "") If $CInfo[4] = $UserBoxField1 Then GUICtrlSetData($UserBoxField1, "") If $CInfo[4] = $UserBoxField2 Then GUICtrlSetData($UserBoxField2, "") If $CInfo[4] = $UserBoxField3 Then GUICtrlSetData($UserBoxField3, "") If $CInfo[4] = $IEHomePage Then GUICtrlSetData($IEHomePage, "") Case $Userbox1 ; You can either Add or Remove a user from the local admins group (not both) If GUICtrlRead($Userbox1) == 1 Then ; Checked GUICtrlSetState($Userbox2, $GUI_UNCHECKED) GUICtrlSetState($Userbox3, $GUI_UNCHECKED) EndIf Case $Userbox2 ; You can either Add or Remove a user from the local admins group (not both) If GUICtrlRead($Userbox1) == 1 Then ; Checked GUICtrlSetState($Userbox1, $GUI_UNCHECKED) EndIf Case $Userbox3 ; Make User's Desktop, Start-Menu, and Downloads Folder, Read-Only. If GUICtrlRead($Userbox3) == 1 Then ; Checked GUICtrlSetState($Userbox1, $GUI_UNCHECKED) ; If user is a local admin then they can still write to these folders. GUICtrlSetState($Userbox2, $GUI_CHECKED) EndIf Case $Userbox4 ; Set Ctl-Alt-Del to log on. If GUICtrlRead($Userbox4) == 1 Then ; Checked Global $EnableCtrl = "Yes" GUICtrlSetState($Compbox11, $GUI_UNCHECKED) ; Undo/Uncheck option to disable ctl-alt-del, otherwise no one can log on. EndIf Case $Userbox5 ; Auto logon user. Enable child entries. If GUICtrlRead($Userbox5) == 1 Then ; Checked GUICtrlSetState($UserBoxField1, $GUI_ENABLE) GUICtrlSetState($UserBoxField2, $GUI_ENABLE) GUICtrlSetState($UserBoxField3, $GUI_ENABLE) EndIf If GUICtrlRead($Userbox5) == 4 Then ; Unchecked. Disable child entries. GUICtrlSetState($UserBoxField1, $GUI_DISABLE) GUICtrlSetState($UserBoxField2, $GUI_DISABLE) GUICtrlSetState($UserBoxField3, $GUI_DISABLE) EndIF Case $Compbox4 ; Hide c: drive. You can only choose one drive 'hide' option. If GUICtrlRead($Compbox4) == 1 Then ; Checked GUICtrlSetState($Compbox5, $GUI_UNCHECKED) ; Uncheck Hide c: and d: drives. GUICtrlSetState($Compbox6, $GUI_UNCHECKED) ; Uncheck Hide ALL drives. EndIf Case $Compbox5 ; Hide c: and d: drives. You can only choose one drive 'hide' option. If GUICtrlRead($Compbox5) == 1 Then ; Checked GUICtrlSetState($Compbox4, $GUI_UNCHECKED) ; Uncheck Hide c: drives. GUICtrlSetState($Compbox6, $GUI_UNCHECKED) ; Uncheck Hide ALL drives. EndIf Case $Compbox6 ; Hide ALL drives. You can only choose one drive 'hide' option. If GUICtrlRead($Compbox6) == 1 Then ; Checked GUICtrlSetState($Compbox4, $GUI_UNCHECKED) ; Uncheck Hide c: drives. GUICtrlSetState($Compbox5, $GUI_UNCHECKED) ; Uncheck Hide c: and d: drives. EndIf Case $Compbox11 ; Disable Ctrl and therefore Ctrl+Alt+Del. If GUICtrlRead($Compbox11) == 1 Then ; Checked $DisableCtrlAltDel = "Yes" GUICtrlSetState($Userbox4, $GUI_UNCHECKED) ; Uncheck/Undo option to Require ctl-alt-del to log on, otherwise no one can log on. EndIf Case $Restorebox1 ; Enable System Protection If GUICtrlRead($Restorebox1) == 1 Then ; Checked GUICtrlSetState($Restorebox2, $GUI_ENABLE) GUICtrlSetState($Restorebox5, $GUI_ENABLE) EndIf If GUICtrlRead($Restorebox1) == 4 Then ; UnChecked GUICtrlSetState($Restorebox2, $GUI_UNCHECKED) GUICtrlSetState($Restorebox2, $GUI_DISABLE) GUICtrlSetState($Restorebox3, $GUI_UNCHECKED) GUICtrlSetState($Restorebox3, $GUI_DISABLE) GUICtrlSetState($Restorebox3Name, $GUI_DISABLE) GUICtrlSetState($Restorebox3, $GUI_UNCHECKED) GUICtrlSetState($Restorebox4, $GUI_DISABLE) GUICtrlSetState($Restorebox4Name, $GUI_DISABLE) GUICtrlSetState($Restorebox5, $GUI_DISABLE) GUICtrlSetState($Restorebox5, $GUI_UNCHECKED) GUICtrlSetData($Restorebox5list,"") GUICtrlSetState($Restorebox5list, $GUI_DISABLE) GUICtrlSetState($Restorebox5note, $GUI_DISABLE) GUICtrlSetState($Restorebox6, $GUI_DISABLE) GUICtrlSetState($Restorebox6, $GUI_UNCHECKED) Guictrlsetdata($StatusMsg, $StatusMsgDef , "") ; Status message EndIf Case $Restorebox2 ; Create Restore Point If GUICtrlRead($Restorebox2) == 1 Then ; Checked GUICtrlSetState($Restorebox3, $GUI_ENABLE) GUICtrlSetState($Restorebox4, $GUI_ENABLE) GUICtrlSetState($Restorebox5, $GUI_UNCHECKED) GUICtrlSetData($Restorebox5list,"") GUICtrlSetData($Restorebox5list,"") GUICtrlSetState($Restorebox5list, $GUI_DISABLE) GUICtrlSetState($Restorebox5note, $GUI_DISABLE) GUICtrlSetState($Restorebox6, $GUI_DISABLE) GUICtrlSetState($Restorebox6, $GUI_UNCHECKED) EndIf If GUICtrlRead($Restorebox2) == 4 Then ; Checked GUICtrlSetState($Restorebox3, $GUI_DISABLE) GUICtrlSetState($Restorebox3, $GUI_UNCHECKED) GUICtrlSetState($Restorebox3Name, $GUI_DISABLE) GUICtrlSetState($Restorebox4, $GUI_UNCHECKED) GUICtrlSetState($Restorebox4, $GUI_DISABLE) GUICtrlSetState($Restorebox4Name, $GUI_DISABLE) GUICtrlSetState($Restorebox5, $GUI_UNCHECKED) GUICtrlSetData($Restorebox5list,"") EndIf Case $Restorebox3 ; Create Restore Point > Before changes, named: If GUICtrlRead($Restorebox3) == 1 Then ; Checked GUICtrlSetState($Restorebox3Name, $GUI_ENABLE) EndIf If GUICtrlRead($Restorebox3) == 4 Then ; Un-Checked GUICtrlSetState($Restorebox3Name, $GUI_DISABLE) EndIf Case $Restorebox4 ; Create Restore Point > After changes, named: If GUICtrlRead($Restorebox4) == 1 Then ; Checked GUICtrlSetState($Restorebox4Name, $GUI_ENABLE) EndIf If GUICtrlRead($Restorebox4) == 4 Then ; Un-Checked GUICtrlSetState($Restorebox4Name, $GUI_DISABLE) EndIf Case $Restorebox5 ; Restore System Files And Settings If GUICtrlRead($Restorebox5) == 1 Then ; Checked GUICtrlSetState($Restorebox5list, $GUI_ENABLE) GUICtrlSetState($Restorebox5note, $GUI_ENABLE) GUICtrlSetState($Restorebox6, $GUI_UNCHECKED) GUICtrlSetState($Restorebox6, $GUI_ENABLE) $RestoreChecked = "Yes" _UnCheckAll() ; Uncheck all Settings except for Restore Points. No point in applying settings then restore a PC. Guictrlsetdata($StatusMsg, " Enumerating Restore Points, please wait ...", "") ; Status message _ListRestorePoints() ; Get a list of all the restore points. Guictrlsetdata($StatusMsg, " Choose Apply to Restore on reboot, or Undo to delete Restore ...", "") ; Status message EndIf If GUICtrlRead($Restorebox5) == 4 Then ; UnChecked $RestoreChecked = "Unchecked" GUICtrlSetData($Restorebox5list,"") GUICtrlSetState($Restorebox6, $GUI_UNCHECKED) EndIf Case $Restorebox6 ; Delete ALL Restore Points If GUICtrlRead($Restorebox6) == 1 Then ; Checked GUICtrlSetState($Restorebox5list, $GUI_DISABLE) Guictrlsetdata($StatusMsg, " Choose Apply to Delete all Restore Points ...", "") ; Status message EndIf If GUICtrlRead($Restorebox6) == 4 Then ; Un-Checked GUICtrlSetState($Restorebox5list, $GUI_ENABLE) EndIf Case $IExpbox1 ; IE Homepage If GUICtrlRead($IExpbox1) == 1 Then ; Checked GUICtrlSetState($IEHomePage, $GUI_ENABLE) ; Enable Homepage child options EndIf If GUICtrlRead($IExpbox1) == 4 Then ; Unchecked GUICtrlSetState($IEHomePage, $GUI_DISABLE) ; Disable Homepage child options EndIf Case $IExpbox5 ; IE Content Restriction If GUICtrlRead($IExpbox5) == 1 Then ; Checked GUICtrlSetState($IExpbox5label, $GUI_ENABLE) ; Enable Content Restriction child options GUICtrlSetState($URLWhitelist, $GUI_ENABLE) GUICtrlSetState($IExpbox6, $GUI_ENABLE) EndIf If GUICtrlRead($IExpbox5) == 4 Then ; Unchecked GUICtrlSetState($IExpbox5label, $GUI_DISABLE) ; Disable Content Restriction child options GUICtrlSetState($URLWhitelist, $GUI_DISABLE) GUICtrlSetState($IExpbox6, $GUI_DISABLE) EndIf Case $Appbox1 ; Application Restrictions If GUICtrlRead($Appbox1) == 1 Then ; Checked GUICtrlSetState($AppWhitelist, $GUI_ENABLE) ; Enable Applications Restrictions child options GUICtrlSetState($Appbox1labelA, $GUI_ENABLE) GUICtrlSetState($Appbox1labelB, $GUI_ENABLE) EndIf If GUICtrlRead($Appbox1) == 4 Then ; Unchecked GUICtrlSetState($Appbox1labelA, $GUI_DISABLE) ; Disable Applications Restrictions child options GUICtrlSetState($Appbox1labelB, $GUI_DISABLE) GUICtrlSetState($AppWhitelist, $GUI_DISABLE) EndIf Case $StartAppbox1 ; Startup Program If GUICtrlRead($StartAppbox1) == 1 Then ; Checked GUICtrlSetState($StartAppEdit1, $GUI_ENABLE) ; Enable Startup Program child options GUICtrlSetState($StartAppname1, $GUI_ENABLE) EndIf If GUICtrlRead($StartAppbox1) == 4 Then ; Unchecked GUICtrlSetState($StartAppEdit1, $GUI_DISABLE) ; Disable Startup Program child options GUICtrlSetState($StartAppname1, $GUI_DISABLE) EndIf Case $StartAppbox2 ; Startup Program If GUICtrlRead($StartAppbox2) == 1 Then ; Checked GUICtrlSetState($StartAppEdit2, $GUI_ENABLE) ; Enable Startup Program child options GUICtrlSetState($StartAppname2, $GUI_ENABLE) EndIf If GUICtrlRead($StartAppbox2) == 4 Then ; Unchecked GUICtrlSetState($StartAppEdit2, $GUI_DISABLE) ; Disable Startup Program child options GUICtrlSetState($StartAppname2, $GUI_DISABLE) EndIf Case $StartAppbox3 ; Startup Program If GUICtrlRead($StartAppbox3) == 1 Then ; Checked GUICtrlSetState($StartAppEdit3, $GUI_ENABLE) ; Enable Startup Program child options GUICtrlSetState($StartAppname3, $GUI_ENABLE) EndIf If GUICtrlRead($StartAppbox3) == 4 Then ; Unchecked GUICtrlSetState($StartAppEdit3, $GUI_DISABLE) ; Disable Startup Program child options GUICtrlSetState($StartAppname3, $GUI_DISABLE) EndIf Case $StartAppbox4 ; Startup Program If GUICtrlRead($StartAppbox4) == 1 Then ; Checked GUICtrlSetState($StartAppEdit4, $GUI_ENABLE) ; Enable Startup Program child options GUICtrlSetState($StartAppname4, $GUI_ENABLE) EndIf If GUICtrlRead($StartAppbox4) == 4 Then ; Unchecked GUICtrlSetState($StartAppEdit4, $GUI_DISABLE) ; Disable Startup Program child options GUICtrlSetState($StartAppname4, $GUI_DISABLE) EndIf Case $StartAppbox5 ; Startup Program If GUICtrlRead($StartAppbox5) == 1 Then ; Checked GUICtrlSetState($StartAppEdit5, $GUI_ENABLE) ; Enable Startup Program child options GUICtrlSetState($StartAppname5, $GUI_ENABLE) EndIf If GUICtrlRead($StartAppbox5) == 4 Then ; Unchecked GUICtrlSetState($StartAppEdit5, $GUI_DISABLE) ; Disable Startup Program child options GUICtrlSetState($StartAppname5, $GUI_DISABLE) EndIf Case $GUI_EVENT_CLOSE ; Close GUI Exit EndSwitch WEnd ; GUI END ; =============================================================================== ; =============================================================================== ; Functions Func _CreateINI() ; Create Default ini file IniWrite($IniName, "ProfileUser", "Username", "Username") IniWrite($IniName, "ProfileUser", "AddUsertoLocalAdminGroup", "No") IniWrite($IniName, "ProfileUser", "RemoveUserFromLocalAdminGroup", "Yes") IniWrite($IniName, "ProfileUser", "MakeUsersDesktopStartMenuandDownloadsFolderReadOnly", "Yes") IniWrite($IniName, "ProfileUser", "RequireUsertouseCtrlAltDeltoLogon", "No") IniWrite($IniName, "ProfileUser", "AutoLogonUser", "No") IniWrite($IniName, "ProfileUser", "Login", "Login") IniWrite($IniName, "ProfileUser", "Password", "Password") IniWrite($IniName, "ProfileUser", "Domain", "Domain or Computer Name") IniWrite($IniName, "StartMenu", "RemoveShutDownRestartSleepandHibernate", "Yes") IniWrite($IniName, "StartMenu", "DisableRun", "Yes") IniWrite($IniName, "StartMenu", "DisableCommandPrompt", "Yes") IniWrite($IniName, "StartMenu", "RemoveControlPanel", "Yes") IniWrite($IniName, "StartMenu", "RemoveSetDefaultPrograms", "Yes") IniWrite($IniName, "StartMenu", "DisableStartMenuPersonalfolder", "Yes") IniWrite($IniName, "StartMenu", "PreventStartMenuChanges", "Yes") IniWrite($IniName, "StartMenu", "RestrictDragandDropandRightClickinStartMenu", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "RemoveSystemTrayicons", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "RemoveTaskbarProperties", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "RemoveSystemProperties", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "RemoveLockingUnlockingofTaskbar", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "RemoveRightClickonTaskbar", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "RemoveToolbarsinTaskbar", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "RemoveAltTab", "No") IniWrite($IniName, "DesktopAndTaskbar", "RemoveActiveDesktopFeature", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "DisableTaskManager", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "RemoveChangePassword", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "DisableFastUserSwitching", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "DisableDesktopProperties", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "RemoveWindowsKeyshortcuts", "Yes") IniWrite($IniName, "DesktopAndTaskbar", "DisableLock", "Yes") IniWrite($IniName, "Computer", "AllowWindowsUpdates", "No") IniWrite($IniName, "Computer", "PreventWindowsUpdateRebooting", "No") IniWrite($IniName, "Computer", "RestrictAccesstoC", "Yes") IniWrite($IniName, "Computer", "HideCdrive", "Yes") IniWrite($IniName, "Computer", "HideCandDdrive", "No") IniWrite($IniName, "Computer", "HideALLdrivesincludingDVDCDROM", "No") IniWrite($IniName, "Computer", "DisableDVDCDROM", "No") IniWrite($IniName, "Computer", "DisableWritetoUSBDevices", "No") IniWrite($IniName, "Computer", "BlockUSBDevices", "No") IniWrite($IniName, "Computer", "DisableF4key", "No") IniWrite($IniName, "Computer", "DisableCtrlkey", "No") IniWrite($IniName, "Computer", "DisableWindowsMenuKey", "Yes") IniWrite($IniName, "Restore", "EnableSystemProtection", "No") IniWrite($IniName, "Restore", "CreateRestorePoint", "No") IniWrite($IniName, "Restore", "RestoreBefore", "No") IniWrite($IniName, "Restore", "RestoreBeforeName", "Restore Point prior to Kiosk Setup changes being set") IniWrite($IniName, "Restore", "RestoreAfter", "No") IniWrite($IniName, "Restore", "RestoreAfterName", "Restore Point after Kiosk Setup changes applied") IniWrite($IniName, "WindowsExplorer", "RestrictFolderOptions", "Yes") IniWrite($IniName, "WindowsExplorer", "RestrictRegistryEditor", "Yes") IniWrite($IniName, "WindowsExplorer", "RemoveMapNetworkDrive", "Yes") IniWrite($IniName, "WindowsExplorer", "RemoveAddingRemovingitemstofromToolbars", "Yes") IniWrite($IniName, "WindowsExplorer", "RemoveAddingRemovingToolbars", "Yes") IniWrite($IniName, "WindowsExplorer", "RemoveProgramsandFeaturesbutton", "Yes") IniWrite($IniName, "WindowsExplorer", "DisableRightClickinExplorer", "Yes") IniWrite($IniName, "WindowsExplorer", "DisableAutoRunAutoPlay", "Yes") IniWrite($IniName, "InternetExplorer", "SetIEHomePage", "No") IniWrite($IniName, "InternetExplorer", "IEHomePage", "") IniWrite($IniName, "InternetExplorer", "PreventHomePagefrombeingchanged", "No") IniWrite($IniName, "InternetExplorer", "BlockaccesstoInternetOptions", "Yes") IniWrite($IniName, "InternetExplorer", "DisablePasswordCaching", "Yes") IniWrite($IniName, "InternetExplorer", "EnableContentRestriction", "No") IniWrite($IniName, "InternetExplorer", "URLWhitelist", "http://website.com;*.website.com") IniWrite($IniName, "InternetExplorer", "AllowAdminstoTypeaPasswordToViewaRestrictedSite", "No") IniWrite($IniName, "Application", "EnableApplicationRestrictions", "No") IniWrite($IniName, "Application", "AppWhiteList", "regedit.exe;" & @ScriptName) IniWrite($IniName, "AdditionalStartupApplications", "EnableApp1", "No") IniWrite($IniName, "AdditionalStartupApplications", "AppName1", "Application Name") IniWrite($IniName, "AdditionalStartupApplications", "AppExecutable1", '"c:\windows\system32\example.exe" /ExampleSwitch') IniWrite($IniName, "AdditionalStartupApplications", "EnableApp2", "No") IniWrite($IniName, "AdditionalStartupApplications", "AppName2", "") IniWrite($IniName, "AdditionalStartupApplications", "AppExecutable2", "") IniWrite($IniName, "AdditionalStartupApplications", "EnableApp3", "No") IniWrite($IniName, "AdditionalStartupApplications", "AppName3", "") IniWrite($IniName, "AdditionalStartupApplications", "AppExecutable3", "") IniWrite($IniName, "AdditionalStartupApplications", "EnableApp4", "No") IniWrite($IniName, "AdditionalStartupApplications", "AppName4", "") IniWrite($IniName, "AdditionalStartupApplications", "AppExecutable4", "") IniWrite($IniName, "AdditionalStartupApplications", "EnableApp5", "No") IniWrite($IniName, "AdditionalStartupApplications", "AppName5", "") IniWrite($IniName, "AdditionalStartupApplications", "AppExecutable5", "") EndFunc ;==> Create Default ini file ;-------------------------------------------------------------------------------- Func _Defaults() ; Set defaults set in ini file If IniRead($IniName, "ProfileUser", "AddUsertoLocalAdminGroup", "") = "Yes" Then GUICtrlSetState($Userbox1, $GUI_CHECKED) Else GUICtrlSetState($Userbox1, $GUI_UNCHECKED) EndIf If IniRead($IniName, "ProfileUser", "RemoveUserFromLocalAdminGroup", "") = "Yes" Then GUICtrlSetState($Userbox2, $GUI_CHECKED) Else GUICtrlSetState($Userbox2, $GUI_UNCHECKED) EndIf If IniRead($IniName, "ProfileUser", "MakeUsersDesktopStartMenuandDownloadsFolderReadOnly", "") = "Yes" Then GUICtrlSetState($Userbox3, $GUI_CHECKED) Else GUICtrlSetState($Userbox3, $GUI_UNCHECKED) EndIf If IniRead($IniName, "ProfileUser", "RequireUsertouseCtrlAltDeltoLogon", "") = "Yes" Then GUICtrlSetState($Userbox4, $GUI_CHECKED) Else GUICtrlSetState($Userbox4, $GUI_UNCHECKED) EndIf If IniRead($IniName, "ProfileUser", "AutoLogonUser", "") = "Yes" Then GUICtrlSetState($Userbox5, $GUI_CHECKED) Else GUICtrlSetState($Userbox5, $GUI_UNCHECKED) EndIf GUICtrlSetState($UserBoxField1, $GUI_DISABLE) GUICtrlSetState($UserBoxField2, $GUI_DISABLE) GUICtrlSetState($UserBoxField3, $GUI_DISABLE) If IniRead($IniName, "StartMenu", "RemoveShutDownRestartSleepandHibernate", "") = "Yes" Then GUICtrlSetState($Startbox1, $GUI_CHECKED) Else GUICtrlSetState($Startbox1, $GUI_UNCHECKED) EndIf If IniRead($IniName, "StartMenu", "DisableRun", "") = "Yes" Then GUICtrlSetState($Startbox2, $GUI_CHECKED) Else GUICtrlSetState($Startbox2, $GUI_UNCHECKED) EndIf If IniRead($IniName, "StartMenu", "DisableCommandPrompt", "") = "Yes" Then GUICtrlSetState($Startbox3, $GUI_CHECKED) Else GUICtrlSetState($Startbox3, $GUI_UNCHECKED) EndIf If IniRead($IniName, "StartMenu", "RemoveControlPanel", "") = "Yes" Then GUICtrlSetState($Startbox4, $GUI_CHECKED) Else GUICtrlSetState($Startbox4, $GUI_UNCHECKED) EndIf If IniRead($IniName, "StartMenu", "RemoveSetDefaultPrograms", "") = "Yes" Then GUICtrlSetState($Startbox5, $GUI_CHECKED) Else GUICtrlSetState($Startbox5, $GUI_UNCHECKED) EndIf If IniRead($IniName, "StartMenu", "DisableStartMenuPersonalfolder", "") = "Yes" Then GUICtrlSetState($Startbox6, $GUI_CHECKED) EndIf If IniRead($IniName, "StartMenu", "PreventStartMenuChanges", "") = "Yes" Then GUICtrlSetState($Startbox7, $GUI_CHECKED) EndIf If IniRead($IniName, "StartMenu", "RestrictDragandDropandRightClickinStartMenu", "") = "Yes" Then GUICtrlSetState($Startbox8, $GUI_CHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "RemoveSystemTrayicons", "") = "Yes" Then GUICtrlSetState($Deskbox1, $GUI_CHECKED) Else GUICtrlSetState($Deskbox1, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "RemoveTaskbarProperties", "") = "Yes" Then GUICtrlSetState($Deskbox2, $GUI_CHECKED) Else GUICtrlSetState($Deskbox2, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "RemoveSystemProperties", "") = "Yes" Then GUICtrlSetState($Deskbox3, $GUI_CHECKED) Else GUICtrlSetState($Deskbox3, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "RemoveLockingUnlockingofTaskbar", "") = "Yes" Then GUICtrlSetState($Deskbox4, $GUI_CHECKED) Else GUICtrlSetState($Deskbox4, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "RemoveRightClickonTaskbar", "") = "Yes" Then GUICtrlSetState($Deskbox5, $GUI_CHECKED) Else GUICtrlSetState($Deskbox5, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "RemoveToolbarsinTaskbar", "") = "Yes" Then GUICtrlSetState($Deskbox6, $GUI_CHECKED) Else GUICtrlSetState($Deskbox6, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "RemoveAltTab", "") = "Yes" Then GUICtrlSetState($Deskbox7, $GUI_CHECKED) Else GUICtrlSetState($Deskbox7, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "RemoveActiveDesktopFeature", "") = "Yes" Then GUICtrlSetState($Deskbox8, $GUI_CHECKED) Else GUICtrlSetState($Deskbox8, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "DisableTaskManager", "") = "Yes" Then GUICtrlSetState($Deskbox9, $GUI_CHECKED) Else GUICtrlSetState($Deskbox9, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "RemoveChangePassword", "") = "Yes" Then GUICtrlSetState($Deskbox10, $GUI_CHECKED) Else GUICtrlSetState($Deskbox10, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "DisableFastUserSwitching", "") = "Yes" Then GUICtrlSetState($Deskbox11, $GUI_CHECKED) Else GUICtrlSetState($Deskbox11, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "DisableDesktopProperties", "") = "Yes" Then GUICtrlSetState($Deskbox12, $GUI_CHECKED) Else GUICtrlSetState($Deskbox12, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "RemoveWindowsKeyshortcuts", "") = "Yes" Then GUICtrlSetState($Deskbox13, $GUI_CHECKED) Else GUICtrlSetState($Deskbox13, $GUI_UNCHECKED) EndIf If IniRead($IniName, "DesktopAndTaskbar", "DisableLock", "") = "Yes" Then GUICtrlSetState($Deskbox14, $GUI_CHECKED) Else GUICtrlSetState($Deskbox14, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Computer", "AllowWindowsUpdates", "") = "Yes" Then GUICtrlSetState($Compbox1, $GUI_CHECKED) Else GUICtrlSetState($Compbox1, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Computer", "PreventWindowsUpdateRebooting", "") = "Yes" Then GUICtrlSetState($Compbox2, $GUI_CHECKED) Else GUICtrlSetState($Compbox2, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Computer", "RestrictAccesstoC", "") = "Yes" Then GUICtrlSetState($Compbox3, $GUI_CHECKED) Else GUICtrlSetState($Compbox3, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Computer", "HideCdrive", "") = "Yes" Then GUICtrlSetState($Compbox4, $GUI_CHECKED) Else GUICtrlSetState($Compbox4, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Computer", "HideCandDdrive", "") = "Yes" Then GUICtrlSetState($Compbox5, $GUI_CHECKED) Else GUICtrlSetState($Compbox5, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Computer", "HideALLdrivesincludingDVDCDROM", "") = "Yes" Then GUICtrlSetState($Compbox6, $GUI_CHECKED) Else GUICtrlSetState($Compbox6, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Computer", "DisableDVDCDROM", "") = "Yes" Then GUICtrlSetState($Compbox7, $GUI_CHECKED) Else GUICtrlSetState($Compbox7, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Computer", "DisableWritetoUSBDevices", "") = "Yes" Then GUICtrlSetState($Compbox8, $GUI_CHECKED) Else GUICtrlSetState($Compbox8, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Computer", "BlockUSBDevices", "") = "Yes" Then GUICtrlSetState($Compbox9, $GUI_CHECKED) Else GUICtrlSetState($Compbox9, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Computer", "DisableF4key", "") = "Yes" Then GUICtrlSetState($Compbox10, $GUI_CHECKED) Else GUICtrlSetState($Compbox10, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Computer", "DisableCtrlkey", "") = "Yes" Then GUICtrlSetState($Compbox11, $GUI_CHECKED) Else GUICtrlSetState($Compbox11, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Computer", "DisableWindowsMenuKey", "") = "Yes" Then GUICtrlSetState($Compbox12, $GUI_CHECKED) Else GUICtrlSetState($Compbox12, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Restore", "EnableSystemProtection", "") = "Yes" Then GUICtrlSetState($Restorebox1, $GUI_CHECKED) GUICtrlSetState($Restorebox5, $GUI_ENABLE) Else GUICtrlSetState($Restorebox1, $GUI_UNCHECKED) GUICtrlSetState($Restorebox5, $GUI_DISABLE) GUICtrlSetState($Restorebox5list, $GUI_DISABLE) GUICtrlSetState($Restorebox5note, $GUI_DISABLE) GUICtrlSetState($Restorebox6, $GUI_DISABLE) EndIf If IniRead($IniName, "Restore", "CreateRestorePoint", "") = "Yes" Then GUICtrlSetState($Restorebox2, $GUI_CHECKED) Else GUICtrlSetState($Restorebox2, $GUI_UNCHECKED) GUICtrlSetState($Restorebox2, $GUI_DISABLE) GUICtrlSetState($Restorebox2, $GUI_UNCHECKED) GUICtrlSetState($Restorebox3, $GUI_DISABLE) GUICtrlSetState($Restorebox3Name, $GUI_DISABLE) GUICtrlSetState($Restorebox4, $GUI_DISABLE) GUICtrlSetState($Restorebox4Name, $GUI_DISABLE) GUICtrlSetData($Restorebox5list,"") EndIf If IniRead($IniName, "Restore", "RestoreBefore", "") = "Yes" Then GUICtrlSetState($Restorebox3, $GUI_CHECKED) GUICtrlSetState($Restorebox3Name, $GUI_ENABLE) Else GUICtrlSetState($Restorebox3Name, $GUI_DISABLE) EndIf If IniRead($IniName, "Restore", "RestoreAfter", "") = "Yes" Then GUICtrlSetState($Restorebox4, $GUI_CHECKED) GUICtrlSetState($Restorebox4Name, $GUI_ENABLE) Else GUICtrlSetState($Restorebox4Name, $GUI_DISABLE) EndIf If $RestoreChecked = "Unchecked" Then GUICtrlSetState($Restorebox1, $GUI_CHECKED) GUICtrlSetState($Restorebox2, $GUI_ENABLE) GUICtrlSetState($Restorebox5, $GUI_ENABLE) GUICtrlSetState($Restorebox6, $GUI_UNCHECKED) $RestoreChecked = "" EndIf If IniRead($IniName, "WindowsExplorer", "RestrictFolderOptions", "") = "Yes" Then GUICtrlSetState($WExpbox1, $GUI_CHECKED) Else GUICtrlSetState($WExpbox1, $GUI_UNCHECKED) EndIf If IniRead($IniName, "WindowsExplorer", "RestrictRegistryEditor", "") = "Yes" Then GUICtrlSetState($WExpbox2, $GUI_CHECKED) Else GUICtrlSetState($WExpbox2, $GUI_UNCHECKED) EndIf If IniRead($IniName, "WindowsExplorer", "RemoveMapNetworkDrive", "") = "Yes" Then GUICtrlSetState($WExpbox3, $GUI_CHECKED) Else GUICtrlSetState($WExpbox3, $GUI_UNCHECKED) EndIf If IniRead($IniName, "WindowsExplorer", "RemoveAddingRemovingitemstofromToolbars", "") = "Yes" Then GUICtrlSetState($WExpbox4, $GUI_CHECKED) Else GUICtrlSetState($WExpbox4, $GUI_UNCHECKED) EndIf If IniRead($IniName, "WindowsExplorer", "RemoveAddingRemovingToolbars", "") = "Yes" Then GUICtrlSetState($WExpbox5, $GUI_CHECKED) Else GUICtrlSetState($WExpbox5, $GUI_UNCHECKED) EndIf If IniRead($IniName, "WindowsExplorer", "RemoveProgramsandFeaturesbutton", "") = "Yes" Then GUICtrlSetState($WExpbox6, $GUI_CHECKED) Else GUICtrlSetState($WExpbox6, $GUI_UNCHECKED) EndIf If IniRead($IniName, "WindowsExplorer", "DisableRightClickinExplorer", "") = "Yes" Then GUICtrlSetState($WExpbox7, $GUI_CHECKED) Else GUICtrlSetState($WExpbox7, $GUI_UNCHECKED) EndIf If IniRead($IniName, "WindowsExplorer", "DisableAutoRunAutoPlay", "") = "Yes" Then GUICtrlSetState($WExpbox8, $GUI_CHECKED) Else GUICtrlSetState($WExpbox8, $GUI_UNCHECKED) EndIf If IniRead($IniName, "InternetExplorer", "SetIEHomePage", "") = "Yes" Then GUICtrlSetState($IExpbox1, $GUI_CHECKED) GUICtrlSetState($IEHomePage, $GUI_ENABLE) Else GUICtrlSetState($IExpbox1, $GUI_UNCHECKED) GUICtrlSetState($IEHomePage, $GUI_DISABLE) EndIf If IniRead($IniName, "InternetExplorer", "PreventHomePagefrombeingchanged", "") = "Yes" Then GUICtrlSetState($IExpbox2, $GUI_CHECKED) Else GUICtrlSetState($IExpbox2, $GUI_UNCHECKED) EndIf If IniRead($IniName, "InternetExplorer", "BlockaccesstoInternetOptions", "") = "Yes" Then GUICtrlSetState($IExpbox3, $GUI_CHECKED) Else GUICtrlSetState($IExpbox3, $GUI_UNCHECKED) EndIf If IniRead($IniName, "InternetExplorer", "DisablePasswordCaching", "") = "Yes" Then GUICtrlSetState($IExpbox4, $GUI_CHECKED) Else GUICtrlSetState($IExpbox4, $GUI_UNCHECKED) EndIf If IniRead($IniName, "InternetExplorer", "EnableContentRestriction", "") = "Yes" Then GUICtrlSetState($IExpbox5, $GUI_CHECKED) Else GUICtrlSetState($IExpbox5, $GUI_UNCHECKED) GUICtrlSetState($IExpbox5label, $GUI_DISABLE) GUICtrlSetState($URLWhitelist, $GUI_DISABLE) GUICtrlSetState($IExpbox6, $GUI_DISABLE) EndIf If IniRead($IniName, "InternetExplorer", "AllowAdminstoTypeaPasswordToViewaRestrictedSite", "") = "Yes" Then GUICtrlSetState($IExpbox6, $GUI_CHECKED) Else GUICtrlSetState($IExpbox6, $GUI_UNCHECKED) EndIf If IniRead($IniName, "Application", "EnableApplicationRestrictions", "") = "Yes" Then GUICtrlSetState($Appbox1, $GUI_CHECKED) Else GUICtrlSetState($Appbox1, $GUI_UNCHECKED) GUICtrlSetState($Appbox1labelA, $GUI_DISABLE) GUICtrlSetState($Appbox1labelB, $GUI_DISABLE) GUICtrlSetState($AppWhitelist, $GUI_DISABLE) EndIf If IniRead($IniName, "AdditionalStartupApplications", "EnableApp1", "") = "Yes" Then GUICtrlSetState($StartAppbox1, $GUI_CHECKED) Else GUICtrlSetState($StartAppbox1, $GUI_UNCHECKED) GUICtrlSetState($StartAppname1, $GUI_DISABLE) GUICtrlSetState($StartAppEdit1, $GUI_DISABLE) EndIf If IniRead($IniName, "AdditionalStartupApplications", "EnableApp2", "") = "Yes" Then GUICtrlSetState($StartAppbox2, $GUI_CHECKED) Else GUICtrlSetState($StartAppbox2, $GUI_UNCHECKED) GUICtrlSetState($StartAppname2, $GUI_DISABLE) GUICtrlSetState($StartAppEdit2, $GUI_DISABLE) EndIf If IniRead($IniName, "AdditionalStartupApplications", "EnableApp3", "") = "Yes" Then GUICtrlSetState($StartAppbox3, $GUI_CHECKED) Else GUICtrlSetState($StartAppbox3, $GUI_UNCHECKED) GUICtrlSetState($StartAppname3, $GUI_DISABLE) GUICtrlSetState($StartAppEdit3, $GUI_DISABLE) EndIf If IniRead($IniName, "AdditionalStartupApplications", "EnableApp4", "") = "Yes" Then GUICtrlSetState($StartAppbox4, $GUI_CHECKED) Else GUICtrlSetState($StartAppbox4, $GUI_UNCHECKED) GUICtrlSetState($StartAppname4, $GUI_DISABLE) GUICtrlSetState($StartAppEdit4, $GUI_DISABLE) EndIf If IniRead($IniName, "AdditionalStartupApplications", "EnableApp5", "") = "Yes" Then GUICtrlSetState($StartAppbox5, $GUI_CHECKED) Else GUICtrlSetState($StartAppbox5, $GUI_UNCHECKED) GUICtrlSetState($StartAppname5, $GUI_DISABLE) GUICtrlSetState($StartAppEdit5, $GUI_DISABLE) EndIf EndFunc ;=> Set defaults ;-------------------------------------------------------------------------------- Func _UnCheckAll() ; Uncheck all settings GUICtrlSetState($Userbox1, $GUI_UNCHECKED) GUICtrlSetState($Userbox2, $GUI_UNCHECKED) GUICtrlSetState($Userbox3, $GUI_UNCHECKED) GUICtrlSetState($Userbox4, $GUI_UNCHECKED) GUICtrlSetState($Userbox5, $GUI_UNCHECKED) GUICtrlSetState($UserBoxField1, $GUI_DISABLE) GUICtrlSetState($UserBoxField2, $GUI_DISABLE) GUICtrlSetState($UserBoxField3, $GUI_DISABLE) GUICtrlSetState($Startbox1, $GUI_UNCHECKED) GUICtrlSetState($Startbox2, $GUI_UNCHECKED) GUICtrlSetState($Startbox3, $GUI_UNCHECKED) GUICtrlSetState($Startbox4, $GUI_UNCHECKED) GUICtrlSetState($Startbox5, $GUI_UNCHECKED) GUICtrlSetState($Startbox6, $GUI_UNCHECKED) GUICtrlSetState($Startbox7, $GUI_UNCHECKED) GUICtrlSetState($Startbox8, $GUI_UNCHECKED) GUICtrlSetState($Deskbox1, $GUI_UNCHECKED) GUICtrlSetState($Deskbox2, $GUI_UNCHECKED) GUICtrlSetState($Deskbox3, $GUI_UNCHECKED) GUICtrlSetState($Deskbox4, $GUI_UNCHECKED) GUICtrlSetState($Deskbox5, $GUI_UNCHECKED) GUICtrlSetState($Deskbox6, $GUI_UNCHECKED) GUICtrlSetState($Deskbox7, $GUI_UNCHECKED) GUICtrlSetState($Deskbox8, $GUI_UNCHECKED) GUICtrlSetState($Deskbox9, $GUI_UNCHECKED) GUICtrlSetState($Deskbox10, $GUI_UNCHECKED) GUICtrlSetState($Deskbox11, $GUI_UNCHECKED) GUICtrlSetState($Deskbox12, $GUI_UNCHECKED) GUICtrlSetState($Deskbox13, $GUI_UNCHECKED) GUICtrlSetState($Deskbox14, $GUI_UNCHECKED) GUICtrlSetState($WExpbox1, $GUI_UNCHECKED) GUICtrlSetState($WExpbox2, $GUI_UNCHECKED) GUICtrlSetState($WExpbox3, $GUI_UNCHECKED) GUICtrlSetState($WExpbox4, $GUI_UNCHECKED) GUICtrlSetState($WExpbox5, $GUI_UNCHECKED) GUICtrlSetState($WExpbox6, $GUI_UNCHECKED) GUICtrlSetState($WExpbox7, $GUI_UNCHECKED) GUICtrlSetState($WExpbox8, $GUI_UNCHECKED) GUICtrlSetState($Compbox1, $GUI_UNCHECKED) GUICtrlSetState($Compbox2, $GUI_UNCHECKED) GUICtrlSetState($Compbox3, $GUI_UNCHECKED) GUICtrlSetState($Compbox4, $GUI_UNCHECKED) GUICtrlSetState($Compbox5, $GUI_UNCHECKED) GUICtrlSetState($Compbox6, $GUI_UNCHECKED) GUICtrlSetState($Compbox7, $GUI_UNCHECKED) GUICtrlSetState($Compbox8, $GUI_UNCHECKED) GUICtrlSetState($Compbox9, $GUI_UNCHECKED) GUICtrlSetState($Compbox10, $GUI_UNCHECKED) GUICtrlSetState($Compbox11, $GUI_UNCHECKED) GUICtrlSetState($Compbox12, $GUI_UNCHECKED) If $RestoreChecked = "Yes" Then GUICtrlSetState($Restorebox2, $GUI_UNCHECKED) $RestoreChecked = "" ElseIf $RestoreChecked = "Unchecked" Then GUICtrlSetState($Restorebox1, $GUI_CHECKED) GUICtrlSetState($Restorebox5, $GUI_UNCHECKED) GUICtrlSetState($Restorebox5, $GUI_DISABLE) GUICtrlSetState($Restorebox5list, $GUI_DISABLE) GUICtrlSetData($Restorebox5list,"") GUICtrlSetState($Restorebox6, $GUI_UNCHECKED) $RestoreChecked = "" Else GUICtrlSetState($Restorebox1, $GUI_UNCHECKED) GUICtrlSetState($Restorebox2, $GUI_DISABLE) GUICtrlSetState($Restorebox5, $GUI_UNCHECKED) GUICtrlSetState($Restorebox5, $GUI_DISABLE) GUICtrlSetState($Restorebox5list, $GUI_DISABLE) GUICtrlSetData($Restorebox5list,"") GUICtrlSetState($Restorebox5note, $GUI_DISABLE) GUICtrlSetState($Restorebox6, $GUI_UNCHECKED) GUICtrlSetState($Restorebox6, $GUI_DISABLE) EndIf GUICtrlSetState($Restorebox2, $GUI_UNCHECKED) GUICtrlSetState($Restorebox3, $GUI_UNCHECKED) GUICtrlSetState($Restorebox3, $GUI_DISABLE) GUICtrlSetState($Restorebox4, $GUI_UNCHECKED) GUICtrlSetState($Restorebox4, $GUI_DISABLE) GUICtrlSetState($Restorebox3Name, $GUI_DISABLE) GUICtrlSetState($Restorebox4Name, $GUI_DISABLE) GUICtrlSetState($IExpbox1, $GUI_UNCHECKED) GUICtrlSetState($IExpbox2, $GUI_UNCHECKED) GUICtrlSetState($IExpbox3, $GUI_UNCHECKED) GUICtrlSetState($IExpbox5, $GUI_UNCHECKED) GUICtrlSetState($IExpbox5label, $GUI_DISABLE) GUICtrlSetState($URLWhitelist, $GUI_DISABLE) GUICtrlSetState($IExpbox6, $GUI_UNCHECKED) GUICtrlSetState($IExpbox6, $GUI_DISABLE) GUICtrlSetState($IExpbox4, $GUI_UNCHECKED) GUICtrlSetState($Appbox1, $GUI_UNCHECKED) GUICtrlSetState($Appbox1labelA, $GUI_DISABLE) GUICtrlSetState($Appbox1labelB, $GUI_DISABLE) GUICtrlSetState($AppWhitelist, $GUI_DISABLE) GUICtrlSetState($StartAppbox1, $GUI_UNCHECKED) GUICtrlSetState($StartAppbox2, $GUI_UNCHECKED) GUICtrlSetState($StartAppbox3, $GUI_UNCHECKED) GUICtrlSetState($StartAppbox4, $GUI_UNCHECKED) GUICtrlSetState($StartAppbox5, $GUI_UNCHECKED) GUICtrlSetState($IEHomePage, $GUI_DISABLE) GUICtrlSetState($StartAppEdit1, $GUI_DISABLE) GUICtrlSetState($StartAppname1, $GUI_DISABLE) GUICtrlSetState($StartAppEdit2, $GUI_DISABLE) GUICtrlSetState($StartAppname2, $GUI_DISABLE) GUICtrlSetState($StartAppEdit3, $GUI_DISABLE) GUICtrlSetState($StartAppname3, $GUI_DISABLE) GUICtrlSetState($StartAppEdit4, $GUI_DISABLE) GUICtrlSetState($StartAppname4, $GUI_DISABLE) GUICtrlSetState($StartAppEdit5, $GUI_DISABLE) GUICtrlSetState($StartAppname5, $GUI_DISABLE) EndFunc ;=> Uncheck all settings ;-------------------------------------------------------------------------------- Func _RequireUserName() ;Check if user name is required $UserName = GUICtrlRead($UserField) ; Read the User Name If GUICtrlRead($Userbox1) == 1 Or GUICtrlRead($Userbox2) == 1 Or GUICtrlRead($Userbox3) == 1 Or GUICtrlRead($Userbox4) == 1 Or _ GUICtrlRead($Userbox5) == 1 Or GUICtrlRead($Startbox1) == 1 Or GUICtrlRead($Startbox2) == 1 Or GUICtrlRead($Startbox3) == 1 Or _ GUICtrlRead($Startbox4) == 1 Or GUICtrlRead($Startbox5) == 1 Or GUICtrlRead($Startbox6) == 1 Or GUICtrlRead($Startbox7) == 1 Or _ GUICtrlRead($Startbox8) == 1 Or GUICtrlRead($Deskbox1) == 1 Or GUICtrlRead($Deskbox2) == 1 Or GUICtrlRead($Deskbox3) == 1 Or _ GUICtrlRead($Deskbox4) == 1 Or GUICtrlRead($Deskbox5) == 1 Or GUICtrlRead($Deskbox6) == 1 Or GUICtrlRead($Deskbox7) == 1 Or _ GUICtrlRead($Deskbox8) == 1 Or GUICtrlRead($Deskbox9) == 1 Or GUICtrlRead($Deskbox10) == 1 Or GUICtrlRead($Deskbox12) == 1 Or _ GUICtrlRead($Deskbox13) == 1 Or GUICtrlRead($Deskbox14) == 1 Or GUICtrlRead($Compbox2) == 1 Or GUICtrlRead($Compbox3) == 1 Or _ GUICtrlRead($Compbox4) == 1 Or GUICtrlRead($Compbox5) == 1 Or GUICtrlRead($Compbox6) == 1 Or GUICtrlRead($Compbox7) == 1 Or _ GUICtrlRead($WExpbox1) == 1 Or GUICtrlRead($WExpbox2) == 1 Or GUICtrlRead($WExpbox3) == 1 Or GUICtrlRead($WExpbox4) == 1 Or _ GUICtrlRead($WExpbox5) == 1 Or GUICtrlRead($WExpbox6) == 1 Or GUICtrlRead($WExpbox6) == 1 Or GUICtrlRead($WExpbox8) == 1 Or _ GUICtrlRead($IExpbox1) == 1 Or GUICtrlRead($IExpbox2) == 1 Or GUICtrlRead($IExpbox3) == 1 Or GUICtrlRead($IExpbox4) == 1 Or _ GUICtrlRead($StartAppbox1) == 1 Or GUICtrlRead($StartAppbox2) == 1 Or GUICtrlRead($StartAppbox3) == 1 Or GUICtrlRead($StartAppbox4) == 1 Or _ GUICtrlRead($StartAppbox5) == 1 Then $RequireUserName = "Yes" EndIf If $Username = @UserName Then $RegPath = "HKEY_CURRENT_USER" Else $RegPath = "HKEY_LOCAL_MACHINE\" & $Username $LoadHive = "Yes" EndIf EndFunc ;-------------------------------------------------------------------------------- Func _UserProfileCheck() ; Check that user profile exists Local $p = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList' ; Get Target Users SID Local $s, $v, $u = '\' & $UserName For $i = 1 To 20 $s = RegEnumKey($p, $i) If @error <> 0 Then ExitLoop $v = RegRead($p & '\' & $s, 'ProfileImagePath') ; Look for users profile path If StringRight($v, StringLen($u)) = $u Then Global $UserSID = $s ; Set variable for Users SID Global $UserProfile = $v ; Set variable for path to users local profile If FileExists($v & "\NTUSER.DAT") Then ; Check that local Profil e has been created. Return EndIf EndIf Next ; Profile Not Found. Global $UserSID = "NotFound" MsgBox(16, "ERROR!", "User Profile Not Found!" & @CRLF & _ ; Profile not found " - Verify Local User Account Exists. (If not, create it.)" & @CRLF & _ " - You must have logged on as the User at least once." & @CRLF & _ " - (Make Changes to profile.)" & @CRLF & _ " - Reboot the PC." & @CRLF & _ " - Log on as Admin and re-try this Setup." , "") Return EndFunc ;=> Check that user profile exists ;-------------------------------------------------------------------------------- Func _ListRestorePoints() ; Get a list of Restore Points GUICtrlSetData($Restorebox5list, "") $RestorePoints = _SR_EnumRestorePoints() ; Get the list of Restore Points if ubound($RestorePoints) = "1" Then GUICtrlSetData($Restorebox5list, "No Restore points found!") Else for $i = 1 to ubound($RestorePoints) - 1 GUICtrlSetData($Restorebox5list,$RestorePoints[$i][0] & ": " & $RestorePoints[$i][1] & " - " & $RestorePoints[$i][2]) next EndIf EndFunc ;==> Get a list of Restore Points ;-------------------------------------------------------------------------------- Func _LoadHive() ; Load Users Registry Hive If RegRead("HKEY_LOCAL_MACHINE\" & $Username, "") <> 0 Then ; Key already Exists. Maybe it didn't unload correctly. Sleep(500) _UnLoadHive() ; Unload Hive Else ; Key does not exist RunWait(@ComSpec & " /c reg.exe load HKLM\" & $UserName & " " & $UserProfile & "\NTUSER.DAT", "", @SW_HIDE) ; Load the users registry hive Sleep(500) EndIf EndFunc ;-------------------------------------------------------------------------------- Func _WriteToReg() ; Write Changes to Registry and/or PC. If (GUICtrlRead($Restorebox1) == $GUI_CHECKED) Then ; Enable System Restore If $Apply = "Yes" Then ; Apply Restriction Guictrlsetdata($StatusMsg, " Enabling System Restore ...", "") _SR_Enable() Sleep(1000) Else ; Remove Restriction _SR_Disable() EndIF EndIf If (GUICtrlRead($Restorebox3) == $GUI_CHECKED) Then ; Create Restore Point before everything If $Apply = "Yes" Then ; Apply Restriction $RestoreName = GUICtrlRead($Restorebox3Name) If $RestoreName <> "" Then Guictrlsetdata($StatusMsg, " Creating Restore Point before making changes...", "") _SR_CreateRestorePoint($RestoreName) EndIf EndIF EndIf Guictrlsetdata($StatusMsg, " Writing Changes ...", "") If GUICtrlRead($Userbox4) == 1 Then ; Require User to use Ctrl+Alt+Del to log on If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon", "DisableCAD", "REG_DWORD", "00000000") Else ; Remove Restriction If RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon", "DisableCAD") = 0 Then RegDelete ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon", "DisableCAD") EndIf EndIF EndIf If $DisableCtrlAltDel = "Yes" Then ; If the user has choosen the option to disable 'ctrl' key we will disable the requirement for ctrl-alt-del at logon. RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon", "DisableCAD", "REG_DWORD", "00000001") EndIf If GUICtrlRead($Userbox5) == 1 Then ; Auto-Logon User If $Apply = "Yes" Then ; Apply Restriction $LogonUser = GUICtrlRead($UserBoxField1) $LogonPass = GUICtrlRead($UserBoxField2) $LogonDom = GUICtrlRead($UserBoxField3) RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon", "REG_DWORD", "00000001") RegWrite ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon", "DefaultUserName", "REG_SZ", $LogonUser) RegWrite ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon", "DefaultPassword", "REG_SZ", $LogonPass) RegWrite ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon", "DefaultDomainName", "REG_SZ", $LogonDom) Else ; Remove Restriction If RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon ") = 0 Then RegDelete ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon") RegDelete ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon", "DefaultUserName") RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon", "DefaultPassword") RegDelete ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon", "DefaultDomainName") EndIf EndIF EndIf If GUICtrlRead($Startbox1) == 1 Then ; Remove Shut Down, Restart, Sleep and Hibernate If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoClose", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoClose") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoClose", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Startbox2) == 1 Then ; Disable Run If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRun", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRun") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRun", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Startbox3) == 1 Then ; Disable Command Prompt If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableCMD", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableCMD") = 1 Then RegWrite ($RegPath & "Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableCMD", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Startbox4) == 1 Then ; Remove Control Panel If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoControlPanel", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoControlPanel") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoControlPanel", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Startbox5) == 1 Then ; Remove Set Default Programs If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSMConfigurePrograms", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSMConfigurePrograms") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSMConfigurePrograms", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Startbox6) == 1 Then ; Disable Start Menu Personal folder If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "Start_ShowUser", "REG_DWORD", "00000000") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "No Close") = 0 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "No Close", "REG_DWORD", "00000001") EndIf EndIF EndIf If GUICtrlRead($Startbox6) == 1 Then ; Prevent Start Menu Changes If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoChangeStartMenu", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoChangeStartMenu") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoChangeStartMenu", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Startbox8) == 1 Then ; Restrict drag-and-drop and right-click in Start Menu If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoChangeStartMenu", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoChangeStartMenu") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoChangeStartMenu", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox1) == 1 Then ; Remove system tray icons If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoTrayItemsDisplay", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoTrayItemsDisplay") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoTrayItemsDisplay", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox2) == 1 Then ; Remove Taskbar Properties If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSetTaskbar", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSetTaskbar") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSetTaskbar", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox3) == 1 Then ; Remove System Properties If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoPropertiesMyComputer", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoPropertiesMyComputer") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoPropertiesMyComputer", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox4) == 1 Then ; Remove Locking/Unlocking of Taskbar If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LockTaskbar", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LockTaskbar") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LockTaskbar", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox5) == 1 Then ; Remove right-click on Taskbar If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoTrayContextMenu", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoTrayContextMenu") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoTrayContextMenu", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox6) == 1 Then ; Remove Toolbars in Taskbar If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoToolbarsOnTaskbar", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoToolbarsOnTaskbar") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoToolbarsOnTaskbar", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox7) == 1 Then ; Remove Alt-tab If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer", "AltTabSettings", "REG_SZ", "1") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer", "AltTabSettings") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer", "AltTabSettings", "REG_SZ", "0") EndIf EndIF EndIf If GUICtrlRead($Deskbox8) == 1 Then ; Remove Active Desktop Feature If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoActiveDesktop", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoActiveDesktop") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoActiveDesktop", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox9) == 1 Then ; Disable Task Manager If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox10) == 1 Then ; Remove Change Password If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableChangePassword", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableChangePassword") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableChangePassword", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox11) == 1 Then ; Disable Fast User Switching If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "HideFastUserSwitching", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "HideFastUserSwitching") = 1 Then RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "HideFastUserSwitching", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox12) == 1 Then ; Disable Desktop Properties If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoDispCPL", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoDispCPL") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoDispCPL", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox13) == 1 Then ; Remove Windows Key shortcuts If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoWinKeys", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoWinKeys") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoWinKeys", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Deskbox14) == 1 Then ; Disable Lock If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableLockWorkstation", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableLockWorkstation") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableLockWorkstation", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($WExpbox1) == 1 Then ; Restrict Folder Options If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoFolderOptions", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoFolderOptions") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoFolderOptions", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($WExpbox2) == 1 Then ; Restrict Registry Editor If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "DisableRegistryTools", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "DisableRegistryTools") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "DisableRegistryTools", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($WExpbox3) == 1 Then ; Remove Map Network Drive If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoNetConnectDisconnect", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoNetConnectDisconnect") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoNetConnectDisconnect", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($WExpbox4) == 1 Then ; Remove adding/removing items to/from Toolbars If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoToolbarCustomize", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoToolbarCustomize") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoToolbarCustomize", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($WExpbox5) == 1 Then ; Remove adding/removing Toolbars If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoBandCustomize", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoBandCustomize") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoBandCustomize", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($WExpbox6) == 1 Then ; Remove 'Programs and Features' button If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Programs", "NoProgramsCPL", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Programs", "NoProgramsCPL") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Programs", "NoProgramsCPL", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($WExpbox7) == 1 Then ; Disable right-click in Explorer If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewContextMenu", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewContextMenu") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewContextMenu", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($WExpbox8) == 1 Then ; Disable AutoRun/AutoPlay If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers", "DisableAutoplay", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", "255") ; 000000ff Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers", "DisableAutoplay") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers", "DisableAutoplay", "REG_DWORD", "00000000") EndIf If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun") = 255 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Compbox1) == 1 Then ; Allow Windows Updates, including IE and Office updates. If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoUpdate", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoUpdate") = 1 Then RegWrite ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "AUOptions", "REG_DWORD", "00000004") RegWrite ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoUpdate", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Compbox2) == 1 Then ; Prevent Windows Update rebooting the computer while a user is logged on If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoRebootWithLoggedOnUsers", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoRebootWithLoggedOnUsers") = 1 Then RegWrite ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoRebootWithLoggedOnUsers", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Compbox3) == 1 Then ; Restrict access to c: If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewOnDrive", "REG_DWORD", "00000004") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewOnDrive") = 4 Then RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewOnDrive") EndIf EndIF EndIf If GUICtrlRead($Compbox4) == 1 Then ; Hide c: drive in explorer If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives", "REG_DWORD", "00000004") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives") = 4 Then RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives") EndIf EndIF EndIf If GUICtrlRead($Compbox5) == 1 Then ; Disable c: and d: drives in explorer If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives", "REG_DWORD", "15") ; 0000000f Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives") = 15 Then RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives") EndIf EndIF EndIf If GUICtrlRead($Compbox6) == 1 Then ; Disable ALL drives in explorer If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives", "REG_DWORD", "67108863") ; 03FFFFFF Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives") = 67108863 Then RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives") EndIf EndIF EndIf If GUICtrlRead($Compbox7) == 1 Then ; Disable DVD/CD-ROM If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom", "Start", "REG_DWORD", "00000004") Else ; Remove Restriction If RegRead ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom", "Start") = 4 Then RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom", "Start", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Compbox8) == 1 Then ; Disable Write to USB Devices If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies", "WriteProtect", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies", "WriteProtect") = 1 Then RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies", "WriteProtect", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($Compbox9) == 1 Then ; Block USB Devices If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USBSTOR", "Start", "REG_DWORD", "00000004") Else ; Remove Restriction If RegRead ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USBSTOR", "Start") = 4 Then RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USBSTOR", "Start", "REG_DWORD", "00000000") EndIf EndIF EndIf If $EnableCtrl = "Yes" Then ; We need to make doubly sure that the Ctrl key has not been disabled if the option to make users log on with ctrl+al+del RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "") EndIf If (GUICtrlRead($Compbox10) == 1) And (GUICtrlRead($Compbox11) == $GUI_UNCHECKED) And (GUICtrlRead($Compbox12) == $GUI_UNCHECKED) Then ; Disable F4 key (and therefore <ALT>+F4) If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; F4 Binary('0x00000000000000000200000000003e0000000000')) Else ; Remove Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "") EndIF EndIf If (GUICtrlRead($Compbox10) == $GUI_UNCHECKED) And (GUICtrlRead($Compbox11) == 1) And (GUICtrlRead($Compbox12) == $GUI_UNCHECKED) Then ; Disable Ctrl (and therefore Ctrl+Alt+Del) If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; Ctrl Binary('0x00000000000000000300000000001d0000001de000000000')) Else ; Remove Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "") EndIF EndIf If (GUICtrlRead($Compbox10) == $GUI_UNCHECKED) And (GUICtrlRead($Compbox11) == $GUI_UNCHECKED) And (GUICtrlRead($Compbox12) == 1) Then ; Disable Windows Menu Key If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; Windows Menu Key Binary('0x00000000000000000200000000005de000000000')) Else ; Remove Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "") EndIF EndIf If (GUICtrlRead($Compbox10) == 1) And (GUICtrlRead($Compbox11) == 1) And (GUICtrlRead($Compbox12) == $GUI_UNCHECKED) Then ; Disable F4 key and Ctrl If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; F4/Ctrl Binary('0x00000000000000000400000000003e0000001d0000001de00000000')) Else ; Remove Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "") EndIF EndIf If (GUICtrlRead($Compbox10) == 1) And (GUICtrlRead($Compbox11) == $GUI_UNCHECKED) And (GUICtrlRead($Compbox12) == 1) Then ; Disable F4 key and Windows Menu Key If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; F4/Windows Menu Key Binary('0x00000000000000000300000000003e0000005de000000000')) Else ; Remove Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "") EndIF EndIf If (GUICtrlRead($Compbox10) == 1) And (GUICtrlRead($Compbox11) == 1) And (GUICtrlRead($Compbox12) == 1) Then ; Disable F4 key and Ctrl and Windows Menu Key If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; F4/Windows Menu Key/Ctrl Binary('0x00000000000000000500000000003e0000005de000001d0000001de000000000')) Else ; Remove Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "") EndIF EndIf If (GUICtrlRead($Compbox10) == $GUI_UNCHECKED) And (GUICtrlRead($Compbox11) == 1) And (GUICtrlRead($Compbox12) == 1) Then ; Disable Ctrl and Windows Menu Key If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; Windows Menu Key/Ctrl Binary('0x00000000000000000400000000005de000001d0000001de000000000')) Else ; Remove Restriction RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "") EndIF EndIf If (GUICtrlRead($Restorebox5) == $GUI_CHECKED) And (GUICtrlRead($Restorebox6) == $GUI_UNCHECKED) Then ; Restore PC $RestoreFull = GUICtrlRead($Restorebox5list) $RestoreShort = StringLeft($RestoreFull, StringInStr($RestoreFull, ": ")-1) ; Remove the date and name from the line. We only want the number If $Apply = "Yes" Then ; Apply Restriction Guictrlsetdata($StatusMsg, " Restoring PC ...", "") _SR_Restore($RestoreShort) Else ; Delete individual restore point Guictrlsetdata($StatusMsg, " Deleting Restore Point #" & $RestoreShort, "") _SR_RemoveRestorePoint($RestoreShort) Sleep(2000) _ListRestorePoints() ; Relist restore Points EndIf EndIf If (GUICtrlRead($Restorebox6) == $GUI_CHECKED) Then ; Delete all restore points If $Apply = "Yes" Then ; Apply Restriction Guictrlsetdata($StatusMsg, " Deleting all Restoring Points ...", "") _SR_RemoveAllRestorePoints() Sleep(2000) _ListRestorePoints() ; Relist restore Points EndIF EndIf If GUICtrlRead($IExpbox1) == 1 Then ; Set IE HomePage If $Apply = "Yes" Then ; Apply Restriction $Homepage = GUICtrlRead($IEHomePage) RegWrite ($RegPath & "\Software\Microsoft\Internet Explorer\Main", "Start Page", "REG_SZ", $Homepage) Else ; Remove Restriction RegWrite ($RegPath & "\Software\Microsoft\Internet Explorer\Main", "Start Page", "REG_SZ", "") EndIF EndIf If GUICtrlRead($IExpbox2) == 1 Then ; Prevent HomePage from being changed If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "HomePage", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "HomePage") = 1 Then RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "HomePage", "REG_DWORD", "00000000") EndIf EndIF EndIf If GUICtrlRead($IExpbox3) == 1 Then ; Restrict IE Internet Options. Should probably split this up a bit... If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Advanced", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "History", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Cache", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Connection Settings", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Certificates", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Colors", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Fonts", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Languages", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Profiles", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Links", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "HomePage", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Ratings", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Check_If_Default", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Proxy", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Autoconfig", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Connection Wizard", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CalendarContact", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Messaging", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Wallet", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ResetWebSettings", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "AdvancedTab", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CertifPers", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CertifSite", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "FormSuggest", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "FormSuggest Passwords", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "GeneralTab", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "SecurityTab", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ContentTab", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ConnectionsTab", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ProgramsTab", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "SecChangeSettings", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "SecAddSites", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Connwiz Admin Lock", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Settings", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Accessibility", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "PrivacyTab", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CertifPub", "REG_DWORD", "00000001") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Privacy Settings", "REG_DWORD", "00000001") Else ; Remove Restriction RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Advanced", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "History", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Cache", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Connection Settings", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Certificates", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Colors", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Fonts", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Languages", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Profiles", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Links", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "HomePage", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Ratings", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Check_If_Default", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Proxy", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Autoconfig", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Connection Wizard", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CalendarContact", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Messaging", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Wallet", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ResetWebSettings", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "AdvancedTab", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CertifPers", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CertifSite", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "FormSuggest", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "FormSuggest Passwords", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "GeneralTab", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "SecurityTab", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ContentTab", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ConnectionsTab", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ProgramsTab", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "SecChangeSettings", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "SecAddSites", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Connwiz Admin Lock", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Settings", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Accessibility", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "PrivacyTab", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CertifPub", "REG_DWORD", "00000000") RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Privacy Settings", "REG_DWORD", "00000000") EndIF EndIf If GUICtrlRead($IExpbox5) == 1 Then ; Enable Content Restrictions in IE If $Apply = "Yes" Then ; Apply Restriction If Not FileExists("c:\windows\system32\noaccess.rat") Then _NoAccessRat() ; Create the noaccess.rat file (if not found). This file is required to block access to all sites except for whitelist. EndIf RegDelete ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0") ; Remove Previous rules RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings", "Key", "REG_BINARY", Binary('0x570aff3036153b5e9f7cdb8cf72d1759')) RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings", "FileName0", "REG_SZ", "C:\Windows\System32\noaccess.rat") RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "Allow_Unknowns", "REG_DWORD", "00000000") RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "Enabled", "REG_DWORD", "00000001") RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default", "NumSys", "REG_DWORD", "00000000") RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0", "dwFlags", "REG_DWORD", "00000000") RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0", "errLine", "REG_DWORD", "00000000") RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy", "PRNumPolicy", "REG_DWORD", "00000002") $URLWhitelistAll = GUICtrlRead($URLWhitelist) ; Get the list of URLs to whitelist $URLWhitelistSplit = StringSplit($URLWhitelistAll, ";") ; Split the URLs up. Semi-colon is seperator. For $i = 1 To $URLWhitelistSplit[0] ; Loop through the array returned by StringSplit to display the individual values. If $i = "1" Then ; We need the number to start at zero and not one. $Num = "0" Else $Num = ($i-1) ; Values other than 1 will have 1 deleted. EndIf $URL = $URLWhitelistSplit[$i] ; Set URL value $URLCount = Ubound($URLWhitelistSplit) ; Count the number of URLs to be added $URLActual = ($URLCount-1) ; Count includes "0" so reduce number by one. RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\", _ "PRNumPolicy", "REG_DWORD", $URLActual) RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num, _ "PRPPolicyAttribute", "REG_DWORD", "00000002") RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _ "\PRPPolicySub", "PRNumURLExpressions", "REG_DWORD", "00000001") RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _ "\PRPPolicySub", "PRNumURLExpressions", "REG_DWORD", "00000001") RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _ "\PRPPolicySub\0", "PRBUInternetPattern", "REG_DWORD", "00000001") If StringInStr($URL, "*") Then ; Wildcard used in URL RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _ "\PRPPolicySub\0", "PRBUNonWild", "REG_DWORD", "12") Else ; No Wilcard in URL RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _ "\PRPPolicySub\0", "PRBUNonWild", "REG_DWORD", "13") EndIf if StringInStr($URL, "http://") or StringInStr($URL, "https://") Then ; Strip http:// and https:// from URL (if found) if StringInStr($URL, "http://") Then Local $URLnoHTTP = StringReplace($URL, "http://", "") EndIf if StringInStr($URL, "https://") Then Local $URLnoHTTP = StringReplace($URL, "http://", "") EndIf RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _ "\PRPPolicySub\0", "PRBUHost", "REG_SZ", $URLnoHTTP) Else RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _ "\PRPPolicySub\0", "PRBUHost", "REG_SZ", $URL) EndIf RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _ "\PRPPolicySub\0", "PRBUSpecified", "REG_DWORD", "31") if StringInStr ($URL, "http://") = 1 Then RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _ "\PRPPolicySub\0", "PRBUScheme", "REG_SZ", "http") EndIf RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _ "\PRPPolicySub\0", "PRBUPort", "REG_SZ", "80") RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _ "\PRPPolicySub\0", "PRBUUrl", "REG_SZ", $URL) Next Else ; Remove Restriction RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "Enabled", "REG_DWORD", "00000000") RegDelete ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0") EndIF EndIf If GUICtrlRead($IExpbox6) == 1 Then ; Allow Admins to type a password to allow Restricted Sites. If $Apply = "Yes" Then ; Apply Restriction RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "PleaseMom", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "PleaseMom") = 1 Then RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "PleaseMom", "REG_DWORD", "00000000") EndIf EndIF Else RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "PleaseMom", "REG_DWORD", "00000000") EndIf If GUICtrlRead($IExpbox4) == 1 Then ; Disable password manager If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Internet Settings", "DisablePasswordCaching", "REG_DWORD", "00000001") Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Internet Settings", "DisablePasswordCaching") = 1 Then RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Internet Settings", "DisablePasswordCaching", "REG_DWORD", "00000000") EndIf EndIf EndIf If GUICtrlRead($Appbox1) == 1 Then ; Enable Application Restrictions If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "RestrictRun", "REG_DWORD", "00000001") $AppWhitelistAll = GUICtrlRead($AppWhitelist) $AppWhitelistSplit = StringSplit($AppWhitelistAll, ";") For $i = 1 To $AppWhitelistSplit[0] ; Loop through the array returned by StringSplit to display the individual values. $Num = $i $App = $AppWhitelistSplit[$i] RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun", $Num, "REG_SZ", $App) Next Else ; Remove Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "RestrictRun", "REG_DWORD", "00000000") RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun") EndIF EndIf If GUICtrlRead($StartAppbox1) == 1 Then ; Add programs to users Startup program list $AppName1 = GUICtrlRead($StartAppname1) $AppConfig1 = GUICtrlRead($StartAppEdit1) If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName1, "REG_SZ", $AppConfig1) Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName1) = $AppConfig1 Then RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName1) EndIf EndIF EndIf If GUICtrlRead($StartAppbox2) == 1 Then ; Add programs to users Startup program list $AppName2 = GUICtrlRead($StartAppname2) $AppConfig2 = GUICtrlRead($StartAppEdit2) If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName2, "REG_SZ", $AppConfig2) Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName2) = $AppConfig2 Then RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName2) EndIf EndIF EndIf If GUICtrlRead($StartAppbox3) == 1 Then ; Add programs to users Startup program list $AppName3 = GUICtrlRead($StartAppname3) $AppConfig3 = GUICtrlRead($StartAppEdit3) If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName3, "REG_SZ", $AppConfig3) Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName3) = $AppConfig3 Then RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName3) EndIf EndIF EndIf If GUICtrlRead($StartAppbox4) == 1 Then ; Add programs to users Startup program list $AppName4 = GUICtrlRead($StartAppname4) $AppConfig4 = GUICtrlRead($StartAppEdit4) If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName4, "REG_SZ", $AppConfig4) Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName4) = $AppConfig4 Then RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName4) EndIf EndIF EndIf If GUICtrlRead($StartAppbox5) == 1 Then ; Add programs to users Startup program list $AppName5 = GUICtrlRead($StartAppname5) $AppConfig5 = GUICtrlRead($StartAppEdit5) If $Apply = "Yes" Then ; Apply Restriction RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName5, "REG_SZ", $AppConfig5) Else ; Remove Restriction If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName5) = $AppConfig5 Then RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName5) EndIf EndIF EndIf If GUICtrlRead($Userbox1) == 1 Then ; Add User to Local Admin Group RunWait(@ComSpec & " /c net localgroup Administrators " & $Username & " /add", "", @SW_HIDE) EndIf If GUICtrlRead($Userbox3) == 1 Then ; Write-Protect, and Disable Delete on Desktop and Start-Menu and Downloads If $Apply = "Yes" Then ; Apply Restriction RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /inheritance:r', "", @SW_HIDE) ; Make Desktop read-only Sleep(200) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /remove ' & $UserName, "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /grant SYSTEM:(OI)(CI)F', "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /grant Administrators:(OI)(CI)F', "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /grant ' & $UserName & ':(OI)(CI)RX', "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /inheritance:r', "", @SW_HIDE) ; Make Downloads read-only Sleep(200) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /remove ' & $UserName, "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /grant SYSTEM:(OI)(CI)F', "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /grant Administrators:(OI)(CI)F', "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /grant ' & $UserName & ':(OI)(CI)RX', "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /inheritance:r', "", @SW_HIDE) ; Make Start Menu read-only Sleep(200) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /remove ' & $UserName, "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /grant SYSTEM:(OI)(CI)F', "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /grant Administrators:(OI)(CI)F', "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /grant ' & $UserName & ':(OI)(CI)RX', "", @SW_HIDE) Else ; Remove Restriction RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /inheritance:e', "", @SW_HIDE) ; Restore rights to Desktop Sleep(200) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /remove ' & $UserName, "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /grant ' & $UserName & ':(OI)(CI)F', "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /inheritance:e', "", @SW_HIDE) ; Restore rights to Downloads Sleep(200) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /remove ' & $UserName, "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /grant ' & $UserName & ':(OI)(CI)F', "", @SW_HIDE) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /inheritance:e', "", @SW_HIDE) ; Restore rights to Start Menu Sleep(200) RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /grant ' & $UserName & ':(OI)(CI)F', "", @SW_HIDE) EndIF EndIf If GUICtrlRead($Userbox2) == 1 Then ; Remove User From Local Admin Group RunWait(@ComSpec & " /c net localgroup Administrators " & $Username & " /delete", "", @SW_HIDE) EndIf If (GUICtrlRead($Restorebox4) == $GUI_CHECKED) Then ; Create Restore Point before everything If $Apply = "Yes" Then ; Apply Restriction $RestoreName = GUICtrlRead($Restorebox4Name) If $RestoreName <> "" Then Guictrlsetdata($StatusMsg, " Creating Restore Point ...", "") _SR_CreateRestorePoint($RestoreName) EndIf EndIF EndIf Sleep(1000) EndFunc ;=> Write Changes to Registry ;-------------------------------------------------------------------------------- Func _NoAccessRat() ; Create noaccess.rat file if not found. This is used to block websites other than in the whitelist. $NA0 = '((PICS-version 1.0)' $NA1 = '' $NA2 = '(rating-system "http://www.microsoft.com")' $NA3 = '(rating-service "http://www.microsoft.com")' $NA4 = '(name "Noaccess")' $NA5 = '(description "This file will block all sites.")' $NA6 = '' $NA7 = '(category' $NA8 = '(transmit-as "m")' $NA9 = '(name "Yes")' $NA10 = '(label' $NA11 = '(name "Level 0: No Setting")' $NA12 = '(description "No Setting")' $NA13 = '(value 0))' $NA14 = '(label' $NA15 = '(name "Level 1: No Setting")' $NA16 = '(description "No Setting")' $NA17 = '(value 1))))' $NoAccessFile = "c:\windows\system32\noaccess.rat" FileWrite($NoAccessFile, $NA0) Local $FileOpen = FileOpen($NoAccessFile, $FO_APPEND) FileWriteLine($NoAccessFile, $NA1) FileWriteLine($NoAccessFile, $NA2) FileWriteLine($NoAccessFile, $NA3) FileWriteLine($NoAccessFile, $NA4) FileWriteLine($NoAccessFile, $NA5) FileWriteLine($NoAccessFile, $NA6) FileWriteLine($NoAccessFile, $NA7) FileWriteLine($NoAccessFile, $NA8) FileWriteLine($NoAccessFile, $NA9) FileWriteLine($NoAccessFile, $NA10) FileWriteLine($NoAccessFile, $NA11) FileWriteLine($NoAccessFile, $NA12) FileWriteLine($NoAccessFile, $NA13) FileWriteLine($NoAccessFile, $NA14) FileWriteLine($NoAccessFile, $NA15) FileWriteLine($NoAccessFile, $NA16) FileWriteLine($NoAccessFile, $NA17) FileClose($FileOpen) EndFunc ;==> Create noaccess.rat file if not found. ;-------------------------------------------------------------------------------- Func _UnLoadHive() ; Un-load Users Registry Hive If RegRead ("HKEY_LOCAL_MACHINE\" & $Username, "") = 0 Then ; Key Exists RunWait(@ComSpec & " /c reg.exe unload HKLM\" & $UserName, "", @SW_HIDE) Sleep(500) EndIf EndFunc ;=> Un-load Users Registry Hive ;-------------------------------------------------------------------------------- Func _Restart(); Reboot PC? $RestartBox = MsgBox(36,"Restart PC?","You may need to Reboot the PC for all changes to take effect." & @CRLF & @CRLF & "Click Yes, to reboot the PC.") Select Case $RestartBox = 6 ; Yes Run("cmd /c shutdown -r -t 0", "", @SW_HIDE) Guictrlsetdata($StatusMsg, " Restarting PC ... ", "") Case $RestartBox = 7 ; No EndSelect EndFunc;==> Reboot PC? Show Hide User Accounts (at Welcome Screen) expandcollapse popup#cs ---------------------------------------------------------------------------- Script Function: At the Welcome Screen, either: - Hide all Local Accounts EXCEPT for Current Logged on User Accunt. - Restore/Show all Local Accounts. (Created for use on kiosk PCs.) Usage: 1. Set the script to Run at User Login. (You can set this in the KioskUserAccountSetup script.) - ShowHideUserAccounts.exe PASSWORD - Where PASSWORD is the password used to Hide/Show Accounts. 2. Logon as the User that you want to be available as the kiosk desktop. 3. ShowHideUserAccounts.exe runs in the background waiting for the "secret" keystroke. 4. Press shift+alt+u, when prompted enter the password to either: a. If accounts are not hidden, hide All Accounts, EXCEPT for Current Logged On User, at the Welcome Screen. b. If accounts are hidden, show All Accounts at the welcome screen. All accounts visible at Welcome Screen. 5. At the Welcome Screen, accounts will be either shown/hidden. - If accounts are "hidden" the kiosk user only has a single logon choice (to a locked down account). - If accounts are "shown" the admin can log on as a different account to update/apply settings etc. Note: Only tested on Win7 32bit OS - dalk 26.06.14 AutoIt Version: 3.3.10.2 #ce ---------------------------------------------------------------------------- #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Outfile=ShowHideUserAccounts.exe #AutoIt3Wrapper_Res_Fileversion=1.0.0.1 #AutoIt3Wrapper_Res_ProductVersion=5.0 #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** #NoTrayIcon #include <MsgBoxConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #include <File.au3> ; -- "Secret" Hotkey ----------------------------------------------------------------- $KeyStroke = "+!u" ; shift+alt+u ; ------------------------------------------------------------------------------------ If ($CmdLine[0] = "0") Then ; No pasword parameter passed. MsgBox(48, "ERROR", "No Password Specified!" & @CRLF & @CRLF & _ "USAGE: ShowHideAccounts.exe PASSWORD" _ , 30) Exit EndIf $Password = $CmdLine[1] Global $sWow64 = "" ; X64 running support If @AutoItX64 Then $sWow64 = "\Wow6432Node" Global $colUsers, $sTmp, $Array[1] = ["user"] $colUsers = ObjGet("WinNT://" & @ComputerName) Global $LocalAccount ="" HotKeySet($KeyStroke, "_HotKeyPressed") ; Wait for shift+alt+u HotKey to Initiate Show/Hide. While 1 Sleep(100) WEnd ; -- Functions ----------------------------------------------------------------------- Func _HotKeyPressed() ; Hot Key Pressed HotKeySet($KeyStroke) ; Disable hotkey. Switch @HotKeyPressed ; The last hotkey pressed. Case $KeyStroke ; Hot key pressed. Local $PassCheck = InputBox("Show/Hide Accounts", "Enter the Password.", "", "*", 240, 130) ; Prompt for password. If ($PassCheck = $Password) Then ; Check if password is correct. If IsObj($colUsers) Then ; Get Local User Accounts $colUsers.Filter = $Array For $objUser In $colUsers $LocalAccount = $objUser.Name if ($LocalAccount <> @UserName) AND _ ; We do not want to show/hide current user. ($LocalAccount <> "Guest") AND _ ; Or Built-in Guest Account. ($LocalAccount<> "Administrator") Then ; Or Built-in Administrator Account. If RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE" & $sWow64 & _ ; SHOW User(s). Delete key IF it exists. "\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList", $LocalAccount) = 1 Then $State = "Show User " Else $State = "Hide User " RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE" & $sWow64 & _ ; HIDE User(s). Key NOT found, so add it. "\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList", $LocalAccount, "REG_DWORD", "00000000") EndIf $MSG = GUICreate("", 420, 30, -1, -1, BitOR($WS_POPUP,$WS_BORDER), $WS_EX_TOPMOST) ; Create GUI GUISetBkColor(0xF0F0F0 ) GUICtrlCreateLabel($State & "<" & $LocalAccount & "> at Welcome Screen.", 5, 4, 420, 30) GUICtrlSetFont(-1, 11, 400, 0, "Tahoma") GUICtrlSetColor(-1, 0x000000) GUISetState(@SW_SHOW, $MSG) Sleep(1000) GUISetState(@SW_HIDE, $MSG) EndIf Next EndIF Else If ($PassCheck = "") Or _ ; Password field empty. ($PassCheck <> $Password) Then ; Incorrect Password. MsgBox (48, "Error", "Password Blank or Incorrect.", 5) EndIf EndIf EndSwitch HotKeySet($KeyStroke, "_HotKeyPressed") ; Re-enable HotKey to Initiate Show/Hide. EndFunc ;==>Hot Key Pressed Edited July 7, 2014 by dalk
SGASaint Posted June 12, 2015 Posted June 12, 2015 This works great and the GUI is pretty nice. I do have one issue, I keep getting a "access denied" window, with the title desktop. I have local GPO also, so I'll remove that 1st and try again. Thank you for this tho!!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now