dalk

Kiosk PC scripts

2 posts in this topic

#1 ·  Posted (edited)

Hi...

I have a project to replace a bunch of XP kiosks/restricted desktops both on and off the domain where I work. Steadystate is gone, I have to use Win7, and I can't assume that the PC will be domain'd (so I can't rely on just pushing restrictions via Group Policy). Also there is no budget just to buy some of the software that is out there. I was just going to just create a batch script calling some .reg files (like a typical admin), but work is quiet during the summer so I decided to throw together a GUI (for the batch script challenged). The scripts might be of use to others who want to throw together a basic kiosk PC quickly.

I'm going to preface this with the fact that I am an occasional autoiter and a copy/paste programmer. So the code is a bit messy, probably doesn't follow conventions, and is inefficient (I should have used arrays for a bunch of other stuff). I've only tested on Win 7 32bit as well. Feel free to improve the scripts. :)

I have pulled code from all over this excellent forum, so a big thanks to everyone. I should have made a note of what came from where and credited people, but didn't think of it at the time... so apologies for that.

The first script KioskUserAccountSetup is a SteadyState alternative, for applying various restrictions/settings, mostly to lock down a specified users profile. It lacks the drive freeze capabilities but you can set System Restore points to achieve some this ability. The second script ShowHideUserAccounts is a way to hide (or show) all users logins except for the currently logged on user at the default Win 7 Welcome Screen. Users will be presented with one login (and not the administrator etc. logins).

NOTE: I have only tested on Win7 32bit. The script reads and writes to the registry, so there be dragons etc. and it applies restrictions to profiles, so be careful when testing. You don't want to lock yourself out...

 

Kiosk User Account Setup (SteadyState Alternative)

UPDATED 07/07/14:

#cs ----------------------------------------------------------------------------
 Script Function:

  AutoIt Version: 3.3.12.0

    Kiosk User Account Setup. (SteadyState Alternative, minus the drive freeze capabilities.)

    Lock down a PC by Applying/Removing Various Restrictions to a User Account (and/or PC).

    (Created for use on kiosk PCs.)

    Usage:
        1. (Build and configure your Win 7 Kiosk PC. Create an account that Kiosk users will log on to.)
        2. Log on as local Admin. (You can also apply changes logged on as the target account.)
        3. Run KioskUserAccountSetup.exe. (An ini file is created the first time it runs. Edit this file to check and set your preferred options.)
        4. Enter the Account Name that you wish to apply restrictions to.
            a. Check option(s) and Apply to set option(s).
            b. Check option(s) and Undo to remove (roll-back) setting(s).

    Note: Only tested on Win7 32bit OS

    - dalk 07.07.14

#ce ----------------------------------------------------------------------------

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Outfile=KioskUserAccountSetup.exe
#AutoIt3Wrapper_Res_Fileversion=0.9.9.9
#AutoIt3Wrapper_Res_ProductVersion=5.0
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#RequireAdmin
#NoTrayIcon
#include <Array.au3>
#include <FileConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <TabConstants.au3>
#include <systemrestore.au3> ; http://www.autoitscript.com/forum/topic/134628-system-restore-udf/

$ExeVersion = FileGetVersion (@ScriptFullPath) ; Find version of exe used to launch the Menu

$ScriptName = StringTrimRight (@ScriptName, 4) ; Create an .ini the same name as the .exe
Global $IniName = @ScriptDir & "\" & $ScriptName & ".ini"
Global $Username, $UserSID, $LoadHive, $RegPath, $DisableCtrlAltDel, $EnableCTRL, $RestoreChecked, $UserProfile, $RequireUserName, $RestorePoints
Local $Font = "Tahoma"

If Not FileExists($IniName) Then ; Create default ini if not found
    _CreateINI()
EndIf

; ===============================================================================
; GUI Start

$GUI = GUICreate("Kiosk User Account Setup v" & $ExeVersion, 525, 620, -1, -1)

GUICtrlCreateLabel("Account Name:", 40, 507, 113, 20)
GUICtrlSetFont(-1, 10, 800, 0)

$UserFieldDef = IniRead($IniName, "ProfileUser", "Username", "")
$UserField = GUICtrlCreateInput($UserFieldDef, 148, 505, 180, 20)
GUICtrlSetFont(-1, 10)
$UserFieldCurrentUser = GUICtrlCreateCheckbox("Set current user as Account Name", 148, 526, 200, 20)

$DefValues = GUICtrlCreateButton("Select Defaults", 147, 548, 90, 22)
GUICtrlSetBkColor(-1, 0xB8B8B8)
GUICtrlSetFont(-1, 8.5, 400, 0, $font)

$UnCheckAll = GUICtrlCreateButton("Unselect All", 240, 548, 90, 22)
GUICtrlSetBkColor(-1, 0xB8B8B8)
GUICtrlSetFont(-1, 8.5, 400, 0, $font)

$ApplySettings = GUICtrlCreateButton("APPLY", 365, 505, 130, 30)
GUICtrlSetBkColor(-1, 0xC80000)
GUICtrlSetFont(-1, 8.5, 800, 0, $font)
GUICtrlSetColor(-1, 0xFFFFFF)

$UndoSettings = GUICtrlCreateButton("UNDO", 365, 540, 130, 30)
GUICtrlSetBkColor(-1, 0x006600)
GUICtrlSetFont(-1, 8.5, 800, 0, $font)
GUICtrlSetColor(-1, 0xFFFFFF)

$StatusGroup = GUICtrlCreateGroup( "Status", 20, 570, 490, 40)
$StatusMsg = GUICtrlCreateLabel( "", 26, 585, 480, 20)
GUICtrlSetFont( $StatusMsg, 8.5, 400, 0, "Courier New")
GUICtrlSetColor(-1, 0x000000)
GUICtrlSetBkColor(-1, 0xFFFF99)

; ===============================================================================
; Tab Start
$Tab = GUICtrlCreateTab(20, 2, 490, 498, $TCS_MULTILINE)
GUICtrlSetFont($Tab,9, 800)
GUICtrlCreateTabItem("Profile/User") ; Tab
    $Userbox1 = GUICtrlCreateCheckbox("Add User to Local Admin Group. (Don't forget to remove this.)", 40, 70, 320, 20)
    $Userbox2 = GUICtrlCreateCheckbox("Remove User From Local Admin Group", 40, 100, 300, 20)
    $Userbox3 = GUICtrlCreateCheckbox("Make User's Desktop, Start-Menu, and Downloads Folder, Read-Only. ", 40, 130, 420, 20)
    $Userbox4 = GUICtrlCreateCheckbox("Require User to use Ctrl+Alt+Del to log on. (Ctrl key will be enabled.)", 40, 160, 404, 20)
    $Userbox5 = GUICtrlCreateCheckbox("Auto-Logon User", 40, 190, 350, 20)
    $UserBoxField1Def = IniRead($IniName, "ProfileUser", "Login", "Login")
    $UserBoxField1 = GUICtrlCreateInput($UserBoxField1Def, 60, 215, 180, 20)
    $UserBoxField2Def = IniRead($IniName, "ProfileUser", "Password", "Password")
    $UserBoxField2 = GUICtrlCreateInput($UserBoxField2Def, 60, 245, 180, 20)
    $UserBoxField3Def = IniRead($IniName, "ProfileUser", "Domain", "Domain or Computer Name")
    $UserBoxField3 = GUICtrlCreateInput($UserBoxField3Def, 60, 275, 180, 20)

GUICtrlCreateTabItem("Start Menu") ; Tab
    $Startbox1 = GUICtrlCreateCheckbox("Remove Shut Down, Restart, Sleep and Hibernate", 40, 70, 300, 20)
    $Startbox2 = GUICtrlCreateCheckbox("Disable Run", 40, 100, 300, 20)
    $Startbox3 = GUICtrlCreateCheckbox("Disable Command Prompt", 40, 130, 300, 20)
    $Startbox4 = GUICtrlCreateCheckbox("Remove Control Panel", 40, 160, 300, 20)
    $Startbox5 = GUICtrlCreateCheckbox("Remove Set Default Programs", 40, 190, 300, 20)
    $Startbox6 = GUICtrlCreateCheckbox("Disable Start Menu Personal folder", 40, 220, 300, 20)
    $Startbox7 = GUICtrlCreateCheckbox("Prevent Start Menu Changes", 40, 250, 300, 20)
    $Startbox8 = GUICtrlCreateCheckbox("Restrict drag-and-drop and right-click in Start Menu", 40, 280, 300, 20)

GUICtrlCreateTabItem("Desktop and Taskbar") ; Tab
    $Deskbox1 = GUICtrlCreateCheckbox("Remove System Tray icons", 40, 70, 300, 20)
    $Deskbox2 = GUICtrlCreateCheckbox("Remove Taskbar Properties", 40, 100, 300, 20)
    $Deskbox3 = GUICtrlCreateCheckbox("Remove System Properties", 40, 130, 300, 20)
    $Deskbox4 = GUICtrlCreateCheckbox("Remove Locking/Unlocking of Taskbar", 40, 160, 300, 20)
    $Deskbox5 = GUICtrlCreateCheckbox("Remove right-click on Taskbar", 40, 190, 300, 20)
    $Deskbox6 = GUICtrlCreateCheckbox("Remove Toolbars in Taskbar", 40, 220, 300, 20)
    $Deskbox7 = GUICtrlCreateCheckbox("Remove Alt-tab", 40, 250, 300, 20)
    $Deskbox8 = GUICtrlCreateCheckbox("Remove Active Desktop Feature", 40, 280, 300, 20)
    $Deskbox9 = GUICtrlCreateCheckbox("Disable Task Manager", 40, 310, 300, 20)
    $Deskbox10 = GUICtrlCreateCheckbox("Remove Change Password", 40, 340, 300, 20)
    $Deskbox11 = GUICtrlCreateCheckbox("Disable Fast User Switching. *", 40, 370, 300, 20)
    $Deskbox12 = GUICtrlCreateCheckbox("Disable Desktop Properties", 40, 400, 300, 20)
    $Deskbox13 = GUICtrlCreateCheckbox("Remove Windows Key shortcuts", 40, 430, 300, 20)
    $Deskbox14 = GUICtrlCreateCheckbox("Disable Lock", 40, 460, 300, 20)
    GUICtrlCreateLabel("* NOTE: Affects all users", 370, 480, 380, 20)

GUICtrlCreateTabItem("Computer") ; Tab
    $Compbox1 = GUICtrlCreateCheckbox("Allow Windows Updates, including IE and Office updates.", 40, 70, 300, 20)
    $Compbox2 = GUICtrlCreateCheckbox("Prevent Windows Update rebooting the computer while a user is logged on", 40, 100, 380, 20)
    $Compbox3 = GUICtrlCreateCheckbox("Restrict access to c:", 40, 130, 300, 20)
    $Compbox4 = GUICtrlCreateCheckbox("Hide C: drive", 40, 160, 300, 20)
    $Compbox5 = GUICtrlCreateCheckbox("Hide C: and D: drive", 40, 190, 300, 20)
    $Compbox6 = GUICtrlCreateCheckbox("Hide ALL drives (including DVD/CD-ROM)", 40, 220, 300, 20)
    $Compbox7 = GUICtrlCreateCheckbox("Disable DVD/CD-ROM ", 40, 250, 300, 20)
    $Compbox8 = GUICtrlCreateCheckbox("Disable Write to USB Devices *", 40, 280, 300, 20)
    $Compbox9 = GUICtrlCreateCheckbox("Block USB Devices *", 40, 310, 300, 20)
    $Compbox10 = GUICtrlCreateCheckbox("Disable F4 key, and therefore Alt+F4 (Close Window)  *", 40, 340, 340, 20)
    $Compbox11 = GUICtrlCreateCheckbox("Disable Ctrl key, and therefore Ctrl+Alt+Del. * (Ctrl+Alt+Del to log on will be disabled)", 40, 370, 440, 20)
    $Compbox12 = GUICtrlCreateCheckbox("Disable Windows Menu Key  *", 40, 400, 340, 20)
    GUICtrlCreateLabel("* NOTE: Affects all users", 370, 480, 380, 20)

GUICtrlCreateTabItem("Restore") ; Tab
    $Restorebox1 = GUICtrlCreateCheckbox("Enable System Protection", 40, 70, 140, 20)
    $Restorebox2 = GUICtrlCreateCheckbox("Create Restore Point:", 40, 100, 240, 20)
    $Restorebox3 = GUICtrlCreateCheckbox("Before changes, named:", 55, 130, 132, 20)
    $Restorebox3Def = IniRead($IniName, "Restore", "RestoreBeforeName", "Restore Point prior to Kiosk Setup changes being set")
    $Restorebox3Name = GUICtrlCreateInput($Restorebox3Def, 190, 130, 280, 20)
    $Restorebox4 = GUICtrlCreateCheckbox("After changes, named:", 55, 160, 132, 20)
    $Restorebox4Def = IniRead($IniName, "Restore", "RestoreAfterName", "Restore Point after Kiosk Setup changes applied")
    $Restorebox4Name = GUICtrlCreateInput($Restorebox4Def, 190, 160, 280, 20)
    $Restorebox5 = GUICtrlCreateCheckbox("Restore System Files And Settings. (NOTE: ALL Other settings will be unchecked.)", 40, 190, 410, 20)
    $Restorebox5list = GUICtrlCreateList('', 55, 215, 415, 200, $ws_vscroll)
    $Restorebox5note = GUICtrlCreateLabel("Note: To delete an individual restore point, highlight and choose Undo.", 55, 416, 400, 20)
    $Restorebox6 = GUICtrlCreateCheckbox("Delete ALL Restore Points", 55, 430, 200, 20)

GUICtrlCreateTabItem("Windows Explorer") ; Tab
    $WExpbox1 = GUICtrlCreateCheckbox("Restrict Folder Options", 40, 70, 150, 20)
    $WExpbox2 = GUICtrlCreateCheckbox("Restrict Registry Editor", 40, 100, 150, 20)
    $WExpbox3 = GUICtrlCreateCheckbox("Remove Map Network Drive", 40, 130, 300, 20)
    $WExpbox4 = GUICtrlCreateCheckbox("Remove adding/removing items to/from Toolbars", 40, 160, 300, 20)
    $WExpbox5 = GUICtrlCreateCheckbox("Remove adding/removing Toolbars", 40, 190, 300, 20)
    $WExpbox6 = GUICtrlCreateCheckbox("Remove 'Programs and Features' button", 40, 220, 300, 20)
    $WExpbox7 = GUICtrlCreateCheckbox("Disable right-click in Explorer", 40, 250, 200, 20)
    $WExpbox8 = GUICtrlCreateCheckbox("Disable AutoRun/AutoPlay", 40, 280, 200, 20)

GUICtrlCreateTabItem("Internet Explorer") ; Tab
    $IExpbox1 = GUICtrlCreateCheckbox("Set IE HomePage:", 40, 70, 106, 20)
    $IEHomePageDef = IniRead($IniName, "InternetExplorer", "IEHomePage", "")
    $IEHomePage = GUICtrlCreateInput($IEHomePageDef , 148, 70, 320, 20)
    $IExpbox2 = GUICtrlCreateCheckbox("Prevent HomePage from being changed", 40, 100, 300, 20)
    $IExpbox3 = GUICtrlCreateCheckbox("Block access to Internet Options", 40, 130, 300, 20)
    $IExpbox4 = GUICtrlCreateCheckbox("Disable Password Caching", 40, 160, 300, 20)
    $IExpbox5 = GUICtrlCreateCheckbox("Enable Content Restriction in IE to block ALL websites EXCEPT for below whitelist *", 40, 190, 420, 20)
    $IExpbox5label = GUICtrlCreateLabel("Seperate URLs with a semi-colon. For best results, add each seperate URL in this format: " & _
                                        "http://website.com;*.website.com", 54, 208, 420, 40)
    GUICtrlSetFont(-1, 8.5, 400, $GUI_FONTITALIC, "Tahoma")
    GUICtrlSetColor(-1, 0x707070)
    $URLWhitelistDef = IniRead($IniName, "InternetExplorer", "URLWhitelist", "http://website.com;*.website.com")
    $URLWhitelist = GUICtrlCreateEdit($URLWhitelistDef, 57, 238, 420, 220, $ES_MULTILINE)
    $IExpbox6 = GUICtrlCreateCheckbox("Allow Admins to type a password to view a restricted site? (Password is: kiosk.kiosk)", 57, 460, 410, 20)
    GUICtrlCreateLabel("* NOTE: Affects all users", 370, 480, 380, 20)

GUICtrlCreateTabItem("Application") ; Tab
    $Appbox1 = GUICtrlCreateCheckbox("Enable Application Restrictions *", 40, 70, 300, 20)
    $Appbox1labelA = GUICtrlCreateLabel("Block all Application executables EXCEPT for:", 57, 90, 380, 20)
    $Appbox1labelB = GUICtrlCreateLabel("Use the exact executable name. Seperate values with a semi-colon. Don't forget to add " & _
                                        "regedit.exe and this executable, or you may not be able to roll back changes.", 57, 104, 420, 40)
    GUICtrlSetFont(-1, 8.5, 400, $GUI_FONTITALIC, "Tahoma")
    GUICtrlSetColor(-1, 0x707070)
    $AppWhitelistDef = IniRead($IniName, "Application", "AppWhitelist", "regedit.exe;KioskUserAccountSetup.exe")
    $AppWhitelist = GUICtrlCreateEdit($AppWhitelistDef, 57, 136, 420, 335, $ES_MULTILINE)
    GUICtrlCreateLabel("* NOTE: Affects all users", 370, 480, 380, 20)

GUICtrlCreateTabItem("Additonal Startup Applications") ; Tab
    GUICtrlCreateLabel("Add Applications to users Startup program list: ", 40, 70, 300, 20)

    $StartAppbox1 = GUICtrlCreateCheckbox("", 32, 100, 15, 15)
    GUICtrlCreateLabel("Name: ", 50, 100, 50, 20)
    $StartAppname1Def = IniRead($IniName, "AdditionalStartupApplications", "AppName1", "Application Name")
    $StartAppname1 = GUICtrlCreateInput($StartAppname1Def, 82, 98, 180, 20)
    $StartAppEdit1Def = IniRead($IniName, "AdditionalStartupApplications", "AppExecutable1", '"c:\windows\system32\example.exe" /ExampleSwitch')
    $StartAppEdit1 = GUICtrlCreateEdit($StartAppEdit1Def, 50, 120, 430, 50)

    $StartAppbox2 = GUICtrlCreateCheckbox("", 32, 180, 15, 15)
    GUICtrlCreateLabel("Name: ", 50, 180, 50, 20)
    $StartAppname2Def = IniRead($IniName, "AdditionalStartupApplications", "AppName2", "")
    $StartAppname2 = GUICtrlCreateInput($StartAppname2Def, 82, 178, 180, 20)
    $StartAppEdit2Def = IniRead($IniName, "AdditionalStartupApplications", "AppExecutable2", "")
    $StartAppEdit2 = GUICtrlCreateEdit($StartAppEdit2Def, 50, 200, 430, 50)

    $StartAppbox3 = GUICtrlCreateCheckbox("", 32, 260, 15, 15)
    GUICtrlCreateLabel("Name: ", 50, 260, 50, 20)
    $StartAppname3Def = IniRead($IniName, "AdditionalStartupApplications", "AppName3", "")
    $StartAppname3 = GUICtrlCreateInput($StartAppname3Def, 82, 258, 180, 20)
    $StartAppEdit3Def = IniRead($IniName, "AdditionalStartupApplications", "AppExecutable3", "")
    $StartAppEdit3 = GUICtrlCreateEdit($StartAppEdit3Def, 50, 280, 430, 50)

    $StartAppbox4 = GUICtrlCreateCheckbox("", 32, 340, 15, 15)
    GUICtrlCreateLabel("Name: ", 50, 340, 50, 20)
    $StartAppname4Def = IniRead($IniName, "AdditionalStartupApplications", "AppName4", "")
    $StartAppname4 = GUICtrlCreateInput("", 82, 336, 180, 20)
    $StartAppEdit4Def = IniRead($IniName, "AdditionalStartupApplications", "AppExecutable4", "")
    $StartAppEdit4 = GUICtrlCreateEdit($StartAppEdit4Def, 50, 360, 430, 50)

    $StartAppbox5 = GUICtrlCreateCheckbox("", 32, 420, 15, 15)
    GUICtrlCreateLabel("Name: ", 50, 420, 50, 20)
    $StartAppname5Def = IniRead($IniName, "AdditionalStartupApplications", "AppName5", "")
    $StartAppname5 = GUICtrlCreateInput("", 82, 414, 180, 20)
    $StartAppEdit5Def = IniRead($IniName, "AdditionalStartupApplications", "AppExecutable5", "")
    $StartAppEdit5 = GUICtrlCreateEdit($StartAppEdit5Def, 50, 440, 430, 50)

; Tab End
; ===============================================================================

; ===============================================================================
; GUI Wait for key presses

GUISetState() ; Enable GUI

_Defaults() ; Set defaults by reading the ini file

$StatusMsgDef = " Choose Options, then Apply (to restrict) or Undo (to restore) ..."
Guictrlsetdata($StatusMsg, $StatusMsgDef , "") ; Status message

While 1 ; Wait for key presses
    $Msg = GUIGetMsg()
    Switch $Msg
        Case $ApplySettings ; Apply Button Pressed
            _RequireUserName() ; Check if a username is required and set some vaiables.
            If $RequireUserName = "Yes" Then
                _UserProfileCheck() ; Check that user profile exists
            EndIf
            If $UserSID = "NotFound" Then ContinueLoop
                If $RequireUserName = "Yes" Then
                        $SureBox1 = MsgBox(36,"Apply Settings",'Apply Selected Settings/Restrictions to PC and/or Account "' & $Username & '"?')
                    Else
                        $SureBox1 = MsgBox(36,"Apply Settings",'Apply Selected Settings/Restrictions to Computer?')
                EndIf
                Select
                Case $SureBox1 = 6 ; Yes
                    Guictrlsetdata($StatusMsg, "   Applying Selected Settings ...", "") ; Status message
                    $Apply = "Yes" ; Set variable for applying setting
                    If $LoadHive = "Yes" Then ; Logged on as the User, do not load hive, apply to HKEY_CURRENT_USER instead.
                        _LoadHive() ; Load users registry hive
                    EndIf
                    _WriteToReg() ; Write changes to users registry hive
                    If $LoadHive = "Yes" Then
                        _UnLoadHive()  ; Un-load (save) users registry hive
                    EndIf
                    Guictrlsetdata($StatusMsg, "   Selected Settings Applied!", "") ; Status message
                    _Restart()
                Case $SureBox1 = 7 ; No
                EndSelect

        Case $UndoSettings ; Undo Button Pressed
            _RequireUserName() ; Check if a username is required
            If $RequireUserName = "Yes" Then
                _UserProfileCheck() ; Check that user profile exists and set some vaiables.
            EndIf
            If $UserSID = "NotFound" Then ContinueLoop
                If $RequireUserName = "Yes" Then
                        $SureBox2 = MsgBox(36,"","Undo Selected Settings/Restrictions to PC and/or Account " & $Username & "?")
                    Else
                        $SureBox2 = MsgBox(36,"Undo Settings",'Undo Selected Settings/Restrictions on Computer?')
                EndIf
                Select
                Case $SureBox2 = 6 ; Yes
                    Guictrlsetdata($StatusMsg, "   Undoing Selected Settings ...", "") ; Status message
                    $Apply = "No" ; Set variable for undoing settings
                    If $LoadHive = "Yes" Then ; Logged on as the User, do not load hive, apply to HKEY_CURRENT_USER instead.
                        _LoadHive() ; Load users registry hive
                    EndIf
                    _WriteToReg() ; Write changes to users registry hive
                    If $LoadHive = "Yes" Then
                        _UnLoadHive() ; Un-load (save) users registry hive
                    EndIf
                    Guictrlsetdata($StatusMsg, "   Selected Settings Undone!", "") ; Status message
                    _Restart()
                Case $SureBox2 = 7 ; No
                EndSelect

        Case $UserFieldCurrentUser
            If GUICtrlRead($UserFieldCurrentUser) == 1 Then ; Checked
                Guictrlsetdata($UserField, @UserName)
            EndIf
            If GUICtrlRead($UserFieldCurrentUser) == 4 Then ; Checked
                Guictrlsetdata($UserField, $UserFieldDef)
            EndIf

        Case $DefValues ; Check default boxes
            _Defaults()
            Guictrlsetdata($StatusMsg, "   Defaults settings selected ...", "") ; Status message

        Case $UnCheckAll ; Uncheck all boxes
            _UnCheckAll()
            Guictrlsetdata($StatusMsg, "   All settings unselected ...", "") ; Status message

        Case $GUI_EVENT_PRIMARYDOWN ; Clear Defaults entries from various text boxes when you click into entry
            $CInfo = GUIGetCursorInfo()
            If $CInfo[4] = $UserField Then GUICtrlSetData($UserField, "")
            If $CInfo[4] = $UserBoxField1 Then GUICtrlSetData($UserBoxField1, "")
            If $CInfo[4] = $UserBoxField2 Then GUICtrlSetData($UserBoxField2, "")
            If $CInfo[4] = $UserBoxField3 Then GUICtrlSetData($UserBoxField3, "")
            If $CInfo[4] = $IEHomePage Then GUICtrlSetData($IEHomePage, "")

        Case $Userbox1 ; You can either Add or Remove a user from the local admins group (not both)
            If GUICtrlRead($Userbox1) == 1 Then ; Checked
                GUICtrlSetState($Userbox2, $GUI_UNCHECKED)
                GUICtrlSetState($Userbox3, $GUI_UNCHECKED)
            EndIf

        Case $Userbox2 ; You can either Add or Remove a user from the local admins group (not both)
            If GUICtrlRead($Userbox1) == 1 Then ; Checked
                GUICtrlSetState($Userbox1, $GUI_UNCHECKED)
            EndIf

        Case $Userbox3 ; Make User's Desktop, Start-Menu, and Downloads Folder, Read-Only.
            If GUICtrlRead($Userbox3) == 1 Then ; Checked
                GUICtrlSetState($Userbox1, $GUI_UNCHECKED) ; If user is a local admin then they can still write to these folders.
                GUICtrlSetState($Userbox2, $GUI_CHECKED)
            EndIf

        Case $Userbox4 ; Set Ctl-Alt-Del to log on.
            If GUICtrlRead($Userbox4) == 1 Then ; Checked
                Global $EnableCtrl = "Yes"
                GUICtrlSetState($Compbox11, $GUI_UNCHECKED) ; Undo/Uncheck option to disable ctl-alt-del, otherwise no one can log on.
            EndIf

        Case $Userbox5 ; Auto logon user. Enable child entries.
            If GUICtrlRead($Userbox5) == 1 Then ; Checked
                GUICtrlSetState($UserBoxField1, $GUI_ENABLE)
                GUICtrlSetState($UserBoxField2, $GUI_ENABLE)
                GUICtrlSetState($UserBoxField3, $GUI_ENABLE)
            EndIf

            If GUICtrlRead($Userbox5) == 4 Then ; Unchecked. Disable child entries.
                GUICtrlSetState($UserBoxField1, $GUI_DISABLE)
                GUICtrlSetState($UserBoxField2, $GUI_DISABLE)
                GUICtrlSetState($UserBoxField3, $GUI_DISABLE)
            EndIF

        Case $Compbox4 ; Hide c: drive. You can only choose one drive 'hide' option.
            If GUICtrlRead($Compbox4) == 1 Then ; Checked
                GUICtrlSetState($Compbox5, $GUI_UNCHECKED) ; Uncheck Hide c: and d: drives.
                GUICtrlSetState($Compbox6, $GUI_UNCHECKED) ; Uncheck Hide ALL drives.
            EndIf

        Case $Compbox5 ; Hide c: and d: drives. You can only choose one drive 'hide' option.
            If GUICtrlRead($Compbox5) == 1 Then ; Checked
                GUICtrlSetState($Compbox4, $GUI_UNCHECKED) ; Uncheck Hide c: drives.
                GUICtrlSetState($Compbox6, $GUI_UNCHECKED) ; Uncheck Hide ALL drives.
            EndIf

        Case $Compbox6 ; Hide ALL drives. You can only choose one drive 'hide' option.
            If GUICtrlRead($Compbox6) == 1 Then ; Checked
                GUICtrlSetState($Compbox4, $GUI_UNCHECKED) ; Uncheck Hide c: drives.
                GUICtrlSetState($Compbox5, $GUI_UNCHECKED) ; Uncheck Hide c: and d: drives.
            EndIf

        Case $Compbox11 ; Disable Ctrl and therefore Ctrl+Alt+Del.
            If GUICtrlRead($Compbox11) == 1 Then ; Checked
                $DisableCtrlAltDel = "Yes"
                GUICtrlSetState($Userbox4, $GUI_UNCHECKED) ; Uncheck/Undo option to Require ctl-alt-del to log on, otherwise no one can log on.
            EndIf

        Case $Restorebox1 ; Enable System Protection
            If GUICtrlRead($Restorebox1) == 1 Then ; Checked
                GUICtrlSetState($Restorebox2, $GUI_ENABLE)
                GUICtrlSetState($Restorebox5, $GUI_ENABLE)
            EndIf
            If GUICtrlRead($Restorebox1) == 4 Then ; UnChecked
                GUICtrlSetState($Restorebox2, $GUI_UNCHECKED)
                GUICtrlSetState($Restorebox2, $GUI_DISABLE)
                GUICtrlSetState($Restorebox3, $GUI_UNCHECKED)
                GUICtrlSetState($Restorebox3, $GUI_DISABLE)
                GUICtrlSetState($Restorebox3Name, $GUI_DISABLE)
                GUICtrlSetState($Restorebox3, $GUI_UNCHECKED)
                GUICtrlSetState($Restorebox4, $GUI_DISABLE)
                GUICtrlSetState($Restorebox4Name, $GUI_DISABLE)
                GUICtrlSetState($Restorebox5, $GUI_DISABLE)
                GUICtrlSetState($Restorebox5, $GUI_UNCHECKED)
                GUICtrlSetData($Restorebox5list,"")
                GUICtrlSetState($Restorebox5list, $GUI_DISABLE)
                GUICtrlSetState($Restorebox5note, $GUI_DISABLE)
                GUICtrlSetState($Restorebox6, $GUI_DISABLE)
                GUICtrlSetState($Restorebox6, $GUI_UNCHECKED)
                Guictrlsetdata($StatusMsg, $StatusMsgDef , "") ; Status message
            EndIf

        Case $Restorebox2 ; Create Restore Point
            If GUICtrlRead($Restorebox2) == 1 Then ; Checked
                GUICtrlSetState($Restorebox3, $GUI_ENABLE)
                GUICtrlSetState($Restorebox4, $GUI_ENABLE)
                GUICtrlSetState($Restorebox5, $GUI_UNCHECKED)
                GUICtrlSetData($Restorebox5list,"")
                GUICtrlSetData($Restorebox5list,"")
                GUICtrlSetState($Restorebox5list, $GUI_DISABLE)
                GUICtrlSetState($Restorebox5note, $GUI_DISABLE)
                GUICtrlSetState($Restorebox6, $GUI_DISABLE)
                GUICtrlSetState($Restorebox6, $GUI_UNCHECKED)
            EndIf
            If GUICtrlRead($Restorebox2) == 4 Then ; Checked
                GUICtrlSetState($Restorebox3, $GUI_DISABLE)
                GUICtrlSetState($Restorebox3, $GUI_UNCHECKED)
                GUICtrlSetState($Restorebox3Name, $GUI_DISABLE)
                GUICtrlSetState($Restorebox4, $GUI_UNCHECKED)
                GUICtrlSetState($Restorebox4, $GUI_DISABLE)
                GUICtrlSetState($Restorebox4Name, $GUI_DISABLE)
                GUICtrlSetState($Restorebox5, $GUI_UNCHECKED)
                GUICtrlSetData($Restorebox5list,"")
            EndIf

        Case $Restorebox3 ; Create Restore Point > Before changes, named:
            If GUICtrlRead($Restorebox3) == 1 Then ; Checked
                GUICtrlSetState($Restorebox3Name, $GUI_ENABLE)
            EndIf
            If GUICtrlRead($Restorebox3) == 4 Then ; Un-Checked
                GUICtrlSetState($Restorebox3Name, $GUI_DISABLE)
            EndIf

        Case $Restorebox4 ; Create Restore Point > After changes, named:
            If GUICtrlRead($Restorebox4) == 1 Then ; Checked
                GUICtrlSetState($Restorebox4Name, $GUI_ENABLE)
            EndIf
            If GUICtrlRead($Restorebox4) == 4 Then ; Un-Checked
                GUICtrlSetState($Restorebox4Name, $GUI_DISABLE)
            EndIf

        Case $Restorebox5 ; Restore System Files And Settings
            If GUICtrlRead($Restorebox5) == 1 Then ; Checked
                GUICtrlSetState($Restorebox5list, $GUI_ENABLE)
                GUICtrlSetState($Restorebox5note, $GUI_ENABLE)
                GUICtrlSetState($Restorebox6, $GUI_UNCHECKED)
                GUICtrlSetState($Restorebox6, $GUI_ENABLE)
                $RestoreChecked = "Yes"
                _UnCheckAll() ; Uncheck all Settings except for Restore Points. No point in applying settings then restore a PC.
                Guictrlsetdata($StatusMsg, "   Enumerating Restore Points, please wait ...", "") ; Status message
                _ListRestorePoints() ; Get a list of all the restore points.
                Guictrlsetdata($StatusMsg, " Choose Apply to Restore on reboot, or Undo to delete Restore ...", "") ; Status message
            EndIf
            If GUICtrlRead($Restorebox5) == 4 Then ; UnChecked
                $RestoreChecked = "Unchecked"
                GUICtrlSetData($Restorebox5list,"")
                GUICtrlSetState($Restorebox6, $GUI_UNCHECKED)
            EndIf

        Case $Restorebox6 ; Delete ALL Restore Points
            If GUICtrlRead($Restorebox6) == 1 Then ; Checked
                GUICtrlSetState($Restorebox5list, $GUI_DISABLE)
                Guictrlsetdata($StatusMsg, " Choose Apply to Delete all Restore Points ...", "") ; Status message
            EndIf
            If GUICtrlRead($Restorebox6) == 4 Then ; Un-Checked
                GUICtrlSetState($Restorebox5list, $GUI_ENABLE)
            EndIf

        Case $IExpbox1 ; IE Homepage
            If GUICtrlRead($IExpbox1) == 1 Then ; Checked
                GUICtrlSetState($IEHomePage, $GUI_ENABLE) ; Enable Homepage child options
            EndIf
            If GUICtrlRead($IExpbox1) == 4 Then ; Unchecked
                GUICtrlSetState($IEHomePage, $GUI_DISABLE) ; Disable Homepage child options
            EndIf

        Case $IExpbox5 ; IE Content Restriction
            If GUICtrlRead($IExpbox5) == 1 Then ; Checked
                GUICtrlSetState($IExpbox5label, $GUI_ENABLE) ; Enable Content Restriction child options
                GUICtrlSetState($URLWhitelist, $GUI_ENABLE)
                GUICtrlSetState($IExpbox6, $GUI_ENABLE)
            EndIf
            If GUICtrlRead($IExpbox5) == 4 Then ; Unchecked
                GUICtrlSetState($IExpbox5label, $GUI_DISABLE) ; Disable Content Restriction child options
                GUICtrlSetState($URLWhitelist, $GUI_DISABLE)
                GUICtrlSetState($IExpbox6, $GUI_DISABLE)
            EndIf

        Case $Appbox1 ; Application Restrictions
            If GUICtrlRead($Appbox1) == 1 Then ; Checked
                GUICtrlSetState($AppWhitelist, $GUI_ENABLE) ; Enable Applications Restrictions child options
                GUICtrlSetState($Appbox1labelA, $GUI_ENABLE)
                GUICtrlSetState($Appbox1labelB, $GUI_ENABLE)
            EndIf
            If GUICtrlRead($Appbox1) == 4 Then ; Unchecked
                GUICtrlSetState($Appbox1labelA, $GUI_DISABLE) ; Disable Applications Restrictions child options
                GUICtrlSetState($Appbox1labelB, $GUI_DISABLE)
                GUICtrlSetState($AppWhitelist, $GUI_DISABLE)
            EndIf

        Case $StartAppbox1 ; Startup Program
            If GUICtrlRead($StartAppbox1) == 1 Then ; Checked
                GUICtrlSetState($StartAppEdit1, $GUI_ENABLE) ; Enable Startup Program child options
                GUICtrlSetState($StartAppname1, $GUI_ENABLE)
            EndIf
            If GUICtrlRead($StartAppbox1) == 4 Then ; Unchecked
                GUICtrlSetState($StartAppEdit1, $GUI_DISABLE) ; Disable Startup Program child options
                GUICtrlSetState($StartAppname1, $GUI_DISABLE)
            EndIf

        Case $StartAppbox2 ; Startup Program
            If GUICtrlRead($StartAppbox2) == 1 Then ; Checked
                GUICtrlSetState($StartAppEdit2, $GUI_ENABLE) ; Enable Startup Program child options
                GUICtrlSetState($StartAppname2, $GUI_ENABLE)
            EndIf

            If GUICtrlRead($StartAppbox2) == 4 Then ; Unchecked
                GUICtrlSetState($StartAppEdit2, $GUI_DISABLE) ; Disable Startup Program child options
                GUICtrlSetState($StartAppname2, $GUI_DISABLE)
            EndIf

        Case $StartAppbox3 ; Startup Program
            If GUICtrlRead($StartAppbox3) == 1 Then ; Checked
                GUICtrlSetState($StartAppEdit3, $GUI_ENABLE) ; Enable Startup Program child options
                GUICtrlSetState($StartAppname3, $GUI_ENABLE)
            EndIf

            If GUICtrlRead($StartAppbox3) == 4 Then ; Unchecked
                GUICtrlSetState($StartAppEdit3, $GUI_DISABLE) ; Disable Startup Program child options
                GUICtrlSetState($StartAppname3, $GUI_DISABLE)
            EndIf

        Case $StartAppbox4 ; Startup Program
            If GUICtrlRead($StartAppbox4) == 1 Then ; Checked
                GUICtrlSetState($StartAppEdit4, $GUI_ENABLE) ; Enable Startup Program child options
                GUICtrlSetState($StartAppname4, $GUI_ENABLE)
            EndIf

            If GUICtrlRead($StartAppbox4) == 4 Then ; Unchecked
                GUICtrlSetState($StartAppEdit4, $GUI_DISABLE) ; Disable Startup Program child options
                GUICtrlSetState($StartAppname4, $GUI_DISABLE)
            EndIf

        Case $StartAppbox5 ; Startup Program
            If GUICtrlRead($StartAppbox5) == 1 Then ; Checked
                GUICtrlSetState($StartAppEdit5, $GUI_ENABLE) ; Enable Startup Program child options
                GUICtrlSetState($StartAppname5, $GUI_ENABLE)
            EndIf

            If GUICtrlRead($StartAppbox5) == 4 Then ; Unchecked
                GUICtrlSetState($StartAppEdit5, $GUI_DISABLE) ; Disable Startup Program child options
                GUICtrlSetState($StartAppname5, $GUI_DISABLE)
            EndIf

        Case $GUI_EVENT_CLOSE ; Close GUI
            Exit
    EndSwitch
WEnd

; GUI END
; ===============================================================================

; ===============================================================================
; Functions

Func _CreateINI() ; Create Default ini file
    IniWrite($IniName, "ProfileUser", "Username", "Username")
    IniWrite($IniName, "ProfileUser", "AddUsertoLocalAdminGroup", "No")
    IniWrite($IniName, "ProfileUser", "RemoveUserFromLocalAdminGroup", "Yes")
    IniWrite($IniName, "ProfileUser", "MakeUsersDesktopStartMenuandDownloadsFolderReadOnly", "Yes")
    IniWrite($IniName, "ProfileUser", "RequireUsertouseCtrlAltDeltoLogon", "No")
    IniWrite($IniName, "ProfileUser", "AutoLogonUser", "No")
    IniWrite($IniName, "ProfileUser", "Login", "Login")
    IniWrite($IniName, "ProfileUser", "Password", "Password")
    IniWrite($IniName, "ProfileUser", "Domain", "Domain or Computer Name")

    IniWrite($IniName, "StartMenu", "RemoveShutDownRestartSleepandHibernate", "Yes")
    IniWrite($IniName, "StartMenu", "DisableRun", "Yes")
    IniWrite($IniName, "StartMenu", "DisableCommandPrompt", "Yes")
    IniWrite($IniName, "StartMenu", "RemoveControlPanel", "Yes")
    IniWrite($IniName, "StartMenu", "RemoveSetDefaultPrograms", "Yes")
    IniWrite($IniName, "StartMenu", "DisableStartMenuPersonalfolder", "Yes")
    IniWrite($IniName, "StartMenu", "PreventStartMenuChanges", "Yes")
    IniWrite($IniName, "StartMenu", "RestrictDragandDropandRightClickinStartMenu", "Yes")

    IniWrite($IniName, "DesktopAndTaskbar", "RemoveSystemTrayicons", "Yes")
    IniWrite($IniName, "DesktopAndTaskbar", "RemoveTaskbarProperties", "Yes")
    IniWrite($IniName, "DesktopAndTaskbar", "RemoveSystemProperties", "Yes")
    IniWrite($IniName, "DesktopAndTaskbar", "RemoveLockingUnlockingofTaskbar", "Yes")
    IniWrite($IniName, "DesktopAndTaskbar", "RemoveRightClickonTaskbar", "Yes")
    IniWrite($IniName, "DesktopAndTaskbar", "RemoveToolbarsinTaskbar", "Yes")
    IniWrite($IniName, "DesktopAndTaskbar", "RemoveAltTab", "No")
    IniWrite($IniName, "DesktopAndTaskbar", "RemoveActiveDesktopFeature", "Yes")
    IniWrite($IniName, "DesktopAndTaskbar", "DisableTaskManager", "Yes")
    IniWrite($IniName, "DesktopAndTaskbar", "RemoveChangePassword", "Yes")
    IniWrite($IniName, "DesktopAndTaskbar", "DisableFastUserSwitching", "Yes")
    IniWrite($IniName, "DesktopAndTaskbar", "DisableDesktopProperties", "Yes")
    IniWrite($IniName, "DesktopAndTaskbar", "RemoveWindowsKeyshortcuts", "Yes")
    IniWrite($IniName, "DesktopAndTaskbar", "DisableLock", "Yes")

    IniWrite($IniName, "Computer", "AllowWindowsUpdates", "No")
    IniWrite($IniName, "Computer", "PreventWindowsUpdateRebooting", "No")
    IniWrite($IniName, "Computer", "RestrictAccesstoC", "Yes")
    IniWrite($IniName, "Computer", "HideCdrive", "Yes")
    IniWrite($IniName, "Computer", "HideCandDdrive", "No")
    IniWrite($IniName, "Computer", "HideALLdrivesincludingDVDCDROM", "No")
    IniWrite($IniName, "Computer", "DisableDVDCDROM", "No")
    IniWrite($IniName, "Computer", "DisableWritetoUSBDevices", "No")
    IniWrite($IniName, "Computer", "BlockUSBDevices", "No")
    IniWrite($IniName, "Computer", "DisableF4key", "No")
    IniWrite($IniName, "Computer", "DisableCtrlkey", "No")
    IniWrite($IniName, "Computer", "DisableWindowsMenuKey", "Yes")

    IniWrite($IniName, "Restore", "EnableSystemProtection", "No")
    IniWrite($IniName, "Restore", "CreateRestorePoint", "No")
    IniWrite($IniName, "Restore", "RestoreBefore", "No")
    IniWrite($IniName, "Restore", "RestoreBeforeName", "Restore Point prior to Kiosk Setup changes being set")
    IniWrite($IniName, "Restore", "RestoreAfter", "No")
    IniWrite($IniName, "Restore", "RestoreAfterName", "Restore Point after Kiosk Setup changes applied")

    IniWrite($IniName, "WindowsExplorer", "RestrictFolderOptions", "Yes")
    IniWrite($IniName, "WindowsExplorer", "RestrictRegistryEditor", "Yes")
    IniWrite($IniName, "WindowsExplorer", "RemoveMapNetworkDrive", "Yes")
    IniWrite($IniName, "WindowsExplorer", "RemoveAddingRemovingitemstofromToolbars", "Yes")
    IniWrite($IniName, "WindowsExplorer", "RemoveAddingRemovingToolbars", "Yes")
    IniWrite($IniName, "WindowsExplorer", "RemoveProgramsandFeaturesbutton", "Yes")
    IniWrite($IniName, "WindowsExplorer", "DisableRightClickinExplorer", "Yes")
    IniWrite($IniName, "WindowsExplorer", "DisableAutoRunAutoPlay", "Yes")

    IniWrite($IniName, "InternetExplorer", "SetIEHomePage", "No")
    IniWrite($IniName, "InternetExplorer", "IEHomePage", "")
    IniWrite($IniName, "InternetExplorer", "PreventHomePagefrombeingchanged", "No")
    IniWrite($IniName, "InternetExplorer", "BlockaccesstoInternetOptions", "Yes")
    IniWrite($IniName, "InternetExplorer", "DisablePasswordCaching", "Yes")
    IniWrite($IniName, "InternetExplorer", "EnableContentRestriction", "No")
    IniWrite($IniName, "InternetExplorer", "URLWhitelist", "http://website.com;*.website.com")
    IniWrite($IniName, "InternetExplorer", "AllowAdminstoTypeaPasswordToViewaRestrictedSite", "No")

    IniWrite($IniName, "Application", "EnableApplicationRestrictions", "No")
    IniWrite($IniName, "Application", "AppWhiteList", "regedit.exe;" & @ScriptName)

    IniWrite($IniName, "AdditionalStartupApplications", "EnableApp1", "No")
    IniWrite($IniName, "AdditionalStartupApplications", "AppName1", "Application Name")
    IniWrite($IniName, "AdditionalStartupApplications", "AppExecutable1", '"c:\windows\system32\example.exe" /ExampleSwitch')
    IniWrite($IniName, "AdditionalStartupApplications", "EnableApp2", "No")
    IniWrite($IniName, "AdditionalStartupApplications", "AppName2", "")
    IniWrite($IniName, "AdditionalStartupApplications", "AppExecutable2", "")
    IniWrite($IniName, "AdditionalStartupApplications", "EnableApp3", "No")
    IniWrite($IniName, "AdditionalStartupApplications", "AppName3", "")
    IniWrite($IniName, "AdditionalStartupApplications", "AppExecutable3", "")
    IniWrite($IniName, "AdditionalStartupApplications", "EnableApp4", "No")
    IniWrite($IniName, "AdditionalStartupApplications", "AppName4", "")
    IniWrite($IniName, "AdditionalStartupApplications", "AppExecutable4", "")
    IniWrite($IniName, "AdditionalStartupApplications", "EnableApp5", "No")
    IniWrite($IniName, "AdditionalStartupApplications", "AppName5", "")
    IniWrite($IniName, "AdditionalStartupApplications", "AppExecutable5", "")
EndFunc ;==>  Create Default ini file

;--------------------------------------------------------------------------------

Func _Defaults() ; Set defaults set in ini file
    If IniRead($IniName, "ProfileUser", "AddUsertoLocalAdminGroup", "") = "Yes" Then
            GUICtrlSetState($Userbox1, $GUI_CHECKED)
        Else
            GUICtrlSetState($Userbox1, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "ProfileUser", "RemoveUserFromLocalAdminGroup", "") = "Yes" Then
            GUICtrlSetState($Userbox2, $GUI_CHECKED)
        Else
            GUICtrlSetState($Userbox2, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "ProfileUser", "MakeUsersDesktopStartMenuandDownloadsFolderReadOnly", "") = "Yes" Then
            GUICtrlSetState($Userbox3, $GUI_CHECKED)
        Else
            GUICtrlSetState($Userbox3, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "ProfileUser", "RequireUsertouseCtrlAltDeltoLogon", "") = "Yes" Then
            GUICtrlSetState($Userbox4, $GUI_CHECKED)
        Else
            GUICtrlSetState($Userbox4, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "ProfileUser", "AutoLogonUser", "") = "Yes" Then
            GUICtrlSetState($Userbox5, $GUI_CHECKED)
        Else
            GUICtrlSetState($Userbox5, $GUI_UNCHECKED)
    EndIf
    GUICtrlSetState($UserBoxField1, $GUI_DISABLE)
    GUICtrlSetState($UserBoxField2, $GUI_DISABLE)
    GUICtrlSetState($UserBoxField3, $GUI_DISABLE)

    If IniRead($IniName, "StartMenu", "RemoveShutDownRestartSleepandHibernate", "") = "Yes" Then
            GUICtrlSetState($Startbox1, $GUI_CHECKED)
        Else
            GUICtrlSetState($Startbox1, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "StartMenu", "DisableRun", "") = "Yes" Then
            GUICtrlSetState($Startbox2, $GUI_CHECKED)
        Else
            GUICtrlSetState($Startbox2, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "StartMenu", "DisableCommandPrompt", "") = "Yes" Then
            GUICtrlSetState($Startbox3, $GUI_CHECKED)
        Else
            GUICtrlSetState($Startbox3, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "StartMenu", "RemoveControlPanel", "") = "Yes" Then
            GUICtrlSetState($Startbox4, $GUI_CHECKED)
        Else
            GUICtrlSetState($Startbox4, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "StartMenu", "RemoveSetDefaultPrograms", "") = "Yes" Then
            GUICtrlSetState($Startbox5, $GUI_CHECKED)
        Else
            GUICtrlSetState($Startbox5, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "StartMenu", "DisableStartMenuPersonalfolder", "") = "Yes" Then
        GUICtrlSetState($Startbox6, $GUI_CHECKED)
    EndIf
    If IniRead($IniName, "StartMenu", "PreventStartMenuChanges", "") = "Yes" Then
        GUICtrlSetState($Startbox7, $GUI_CHECKED)
    EndIf
    If IniRead($IniName, "StartMenu", "RestrictDragandDropandRightClickinStartMenu", "") = "Yes" Then
        GUICtrlSetState($Startbox8, $GUI_CHECKED)
    EndIf

    If IniRead($IniName, "DesktopAndTaskbar", "RemoveSystemTrayicons", "") = "Yes" Then
            GUICtrlSetState($Deskbox1, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox1, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "RemoveTaskbarProperties", "") = "Yes" Then
            GUICtrlSetState($Deskbox2, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox2, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "RemoveSystemProperties", "") = "Yes" Then
            GUICtrlSetState($Deskbox3, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox3, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "RemoveLockingUnlockingofTaskbar", "") = "Yes" Then
            GUICtrlSetState($Deskbox4, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox4, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "RemoveRightClickonTaskbar", "") = "Yes" Then
            GUICtrlSetState($Deskbox5, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox5, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "RemoveToolbarsinTaskbar", "") = "Yes" Then
            GUICtrlSetState($Deskbox6, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox6, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "RemoveAltTab", "") = "Yes" Then
            GUICtrlSetState($Deskbox7, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox7, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "RemoveActiveDesktopFeature", "") = "Yes" Then
            GUICtrlSetState($Deskbox8, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox8, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "DisableTaskManager", "") = "Yes" Then
            GUICtrlSetState($Deskbox9, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox9, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "RemoveChangePassword", "") = "Yes" Then
            GUICtrlSetState($Deskbox10, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox10, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "DisableFastUserSwitching", "") = "Yes" Then
            GUICtrlSetState($Deskbox11, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox11, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "DisableDesktopProperties", "") = "Yes" Then
            GUICtrlSetState($Deskbox12, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox12, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "RemoveWindowsKeyshortcuts", "") = "Yes" Then
            GUICtrlSetState($Deskbox13, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox13, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "DesktopAndTaskbar", "DisableLock", "") = "Yes" Then
            GUICtrlSetState($Deskbox14, $GUI_CHECKED)
        Else
            GUICtrlSetState($Deskbox14, $GUI_UNCHECKED)
    EndIf

    If IniRead($IniName, "Computer", "AllowWindowsUpdates", "") = "Yes" Then
            GUICtrlSetState($Compbox1, $GUI_CHECKED)
        Else
            GUICtrlSetState($Compbox1, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "Computer", "PreventWindowsUpdateRebooting", "") = "Yes" Then
            GUICtrlSetState($Compbox2, $GUI_CHECKED)
        Else
            GUICtrlSetState($Compbox2, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "Computer", "RestrictAccesstoC", "") = "Yes" Then
            GUICtrlSetState($Compbox3, $GUI_CHECKED)
        Else
            GUICtrlSetState($Compbox3, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "Computer", "HideCdrive", "") = "Yes" Then
            GUICtrlSetState($Compbox4, $GUI_CHECKED)
        Else
            GUICtrlSetState($Compbox4, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "Computer", "HideCandDdrive", "") = "Yes" Then
            GUICtrlSetState($Compbox5, $GUI_CHECKED)
        Else
            GUICtrlSetState($Compbox5, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "Computer", "HideALLdrivesincludingDVDCDROM", "") = "Yes" Then
            GUICtrlSetState($Compbox6, $GUI_CHECKED)
        Else
            GUICtrlSetState($Compbox6, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "Computer", "DisableDVDCDROM", "") = "Yes" Then
            GUICtrlSetState($Compbox7, $GUI_CHECKED)
        Else
            GUICtrlSetState($Compbox7, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "Computer", "DisableWritetoUSBDevices", "") = "Yes" Then
            GUICtrlSetState($Compbox8, $GUI_CHECKED)
        Else
            GUICtrlSetState($Compbox8, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "Computer", "BlockUSBDevices", "") = "Yes" Then
            GUICtrlSetState($Compbox9, $GUI_CHECKED)
        Else
            GUICtrlSetState($Compbox9, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "Computer", "DisableF4key", "") = "Yes" Then
            GUICtrlSetState($Compbox10, $GUI_CHECKED)
        Else
            GUICtrlSetState($Compbox10, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "Computer", "DisableCtrlkey", "") = "Yes" Then
            GUICtrlSetState($Compbox11, $GUI_CHECKED)
        Else
            GUICtrlSetState($Compbox11, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "Computer", "DisableWindowsMenuKey", "") = "Yes" Then
            GUICtrlSetState($Compbox12, $GUI_CHECKED)
        Else
            GUICtrlSetState($Compbox12, $GUI_UNCHECKED)
        EndIf

    If IniRead($IniName, "Restore", "EnableSystemProtection", "") = "Yes" Then
            GUICtrlSetState($Restorebox1, $GUI_CHECKED)
            GUICtrlSetState($Restorebox5, $GUI_ENABLE)
        Else
            GUICtrlSetState($Restorebox1, $GUI_UNCHECKED)
            GUICtrlSetState($Restorebox5, $GUI_DISABLE)
            GUICtrlSetState($Restorebox5list, $GUI_DISABLE)
            GUICtrlSetState($Restorebox5note, $GUI_DISABLE)
            GUICtrlSetState($Restorebox6, $GUI_DISABLE)
    EndIf

    If IniRead($IniName, "Restore", "CreateRestorePoint", "") = "Yes" Then
            GUICtrlSetState($Restorebox2, $GUI_CHECKED)
        Else
            GUICtrlSetState($Restorebox2, $GUI_UNCHECKED)
            GUICtrlSetState($Restorebox2, $GUI_DISABLE)
            GUICtrlSetState($Restorebox2, $GUI_UNCHECKED)
            GUICtrlSetState($Restorebox3, $GUI_DISABLE)
            GUICtrlSetState($Restorebox3Name, $GUI_DISABLE)
            GUICtrlSetState($Restorebox4, $GUI_DISABLE)
            GUICtrlSetState($Restorebox4Name, $GUI_DISABLE)
            GUICtrlSetData($Restorebox5list,"")
    EndIf

    If IniRead($IniName, "Restore", "RestoreBefore", "") = "Yes" Then
            GUICtrlSetState($Restorebox3, $GUI_CHECKED)
            GUICtrlSetState($Restorebox3Name, $GUI_ENABLE)
        Else
            GUICtrlSetState($Restorebox3Name, $GUI_DISABLE)
    EndIf

    If IniRead($IniName, "Restore", "RestoreAfter", "") = "Yes" Then
            GUICtrlSetState($Restorebox4, $GUI_CHECKED)
            GUICtrlSetState($Restorebox4Name, $GUI_ENABLE)
        Else
            GUICtrlSetState($Restorebox4Name, $GUI_DISABLE)
    EndIf

    If $RestoreChecked = "Unchecked" Then
        GUICtrlSetState($Restorebox1, $GUI_CHECKED)
        GUICtrlSetState($Restorebox2, $GUI_ENABLE)
        GUICtrlSetState($Restorebox5, $GUI_ENABLE)
        GUICtrlSetState($Restorebox6, $GUI_UNCHECKED)
        $RestoreChecked = ""
    EndIf

    If IniRead($IniName, "WindowsExplorer", "RestrictFolderOptions", "") = "Yes" Then
            GUICtrlSetState($WExpbox1, $GUI_CHECKED)
        Else
            GUICtrlSetState($WExpbox1, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "WindowsExplorer", "RestrictRegistryEditor", "") = "Yes" Then
            GUICtrlSetState($WExpbox2, $GUI_CHECKED)
        Else
            GUICtrlSetState($WExpbox2, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "WindowsExplorer", "RemoveMapNetworkDrive", "") = "Yes" Then
            GUICtrlSetState($WExpbox3, $GUI_CHECKED)
        Else
            GUICtrlSetState($WExpbox3, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "WindowsExplorer", "RemoveAddingRemovingitemstofromToolbars", "") = "Yes" Then
            GUICtrlSetState($WExpbox4, $GUI_CHECKED)
        Else
            GUICtrlSetState($WExpbox4, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "WindowsExplorer", "RemoveAddingRemovingToolbars", "") = "Yes" Then
            GUICtrlSetState($WExpbox5, $GUI_CHECKED)
        Else
            GUICtrlSetState($WExpbox5, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "WindowsExplorer", "RemoveProgramsandFeaturesbutton", "") = "Yes" Then
            GUICtrlSetState($WExpbox6, $GUI_CHECKED)
        Else
            GUICtrlSetState($WExpbox6, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "WindowsExplorer", "DisableRightClickinExplorer", "") = "Yes" Then
            GUICtrlSetState($WExpbox7, $GUI_CHECKED)
        Else
            GUICtrlSetState($WExpbox7, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "WindowsExplorer", "DisableAutoRunAutoPlay", "") = "Yes" Then
            GUICtrlSetState($WExpbox8, $GUI_CHECKED)
        Else
            GUICtrlSetState($WExpbox8, $GUI_UNCHECKED)
    EndIf

    If IniRead($IniName, "InternetExplorer", "SetIEHomePage", "") = "Yes" Then
            GUICtrlSetState($IExpbox1, $GUI_CHECKED)
            GUICtrlSetState($IEHomePage, $GUI_ENABLE)
        Else
            GUICtrlSetState($IExpbox1, $GUI_UNCHECKED)
            GUICtrlSetState($IEHomePage, $GUI_DISABLE)
    EndIf
    If IniRead($IniName, "InternetExplorer", "PreventHomePagefrombeingchanged", "") = "Yes" Then
            GUICtrlSetState($IExpbox2, $GUI_CHECKED)
        Else
            GUICtrlSetState($IExpbox2, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "InternetExplorer", "BlockaccesstoInternetOptions", "") = "Yes" Then
            GUICtrlSetState($IExpbox3, $GUI_CHECKED)
        Else
            GUICtrlSetState($IExpbox3, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "InternetExplorer", "DisablePasswordCaching", "") = "Yes" Then
            GUICtrlSetState($IExpbox4, $GUI_CHECKED)
        Else
            GUICtrlSetState($IExpbox4, $GUI_UNCHECKED)
    EndIf
    If IniRead($IniName, "InternetExplorer", "EnableContentRestriction", "") = "Yes" Then
            GUICtrlSetState($IExpbox5, $GUI_CHECKED)
        Else
            GUICtrlSetState($IExpbox5, $GUI_UNCHECKED)
            GUICtrlSetState($IExpbox5label, $GUI_DISABLE)
            GUICtrlSetState($URLWhitelist, $GUI_DISABLE)
            GUICtrlSetState($IExpbox6, $GUI_DISABLE)
    EndIf
    If IniRead($IniName, "InternetExplorer", "AllowAdminstoTypeaPasswordToViewaRestrictedSite", "") = "Yes" Then
            GUICtrlSetState($IExpbox6, $GUI_CHECKED)
        Else
            GUICtrlSetState($IExpbox6, $GUI_UNCHECKED)
    EndIf

    If IniRead($IniName, "Application", "EnableApplicationRestrictions", "") = "Yes" Then
            GUICtrlSetState($Appbox1, $GUI_CHECKED)
        Else
            GUICtrlSetState($Appbox1, $GUI_UNCHECKED)
            GUICtrlSetState($Appbox1labelA, $GUI_DISABLE)
            GUICtrlSetState($Appbox1labelB, $GUI_DISABLE)
            GUICtrlSetState($AppWhitelist, $GUI_DISABLE)
    EndIf

    If IniRead($IniName, "AdditionalStartupApplications", "EnableApp1", "") = "Yes" Then
            GUICtrlSetState($StartAppbox1, $GUI_CHECKED)
        Else
            GUICtrlSetState($StartAppbox1, $GUI_UNCHECKED)
            GUICtrlSetState($StartAppname1, $GUI_DISABLE)
            GUICtrlSetState($StartAppEdit1, $GUI_DISABLE)
    EndIf
    If IniRead($IniName, "AdditionalStartupApplications", "EnableApp2", "") = "Yes" Then
            GUICtrlSetState($StartAppbox2, $GUI_CHECKED)
        Else
            GUICtrlSetState($StartAppbox2, $GUI_UNCHECKED)
            GUICtrlSetState($StartAppname2, $GUI_DISABLE)
            GUICtrlSetState($StartAppEdit2, $GUI_DISABLE)
    EndIf
    If IniRead($IniName, "AdditionalStartupApplications", "EnableApp3", "") = "Yes" Then
            GUICtrlSetState($StartAppbox3, $GUI_CHECKED)
        Else
            GUICtrlSetState($StartAppbox3, $GUI_UNCHECKED)
            GUICtrlSetState($StartAppname3, $GUI_DISABLE)
            GUICtrlSetState($StartAppEdit3, $GUI_DISABLE)
    EndIf
    If IniRead($IniName, "AdditionalStartupApplications", "EnableApp4", "") = "Yes" Then
            GUICtrlSetState($StartAppbox4, $GUI_CHECKED)
        Else
            GUICtrlSetState($StartAppbox4, $GUI_UNCHECKED)
            GUICtrlSetState($StartAppname4, $GUI_DISABLE)
            GUICtrlSetState($StartAppEdit4, $GUI_DISABLE)
    EndIf
    If IniRead($IniName, "AdditionalStartupApplications", "EnableApp5", "") = "Yes" Then
            GUICtrlSetState($StartAppbox5, $GUI_CHECKED)
        Else
            GUICtrlSetState($StartAppbox5, $GUI_UNCHECKED)
            GUICtrlSetState($StartAppname5, $GUI_DISABLE)
            GUICtrlSetState($StartAppEdit5, $GUI_DISABLE)
    EndIf
EndFunc ;=> Set defaults

;--------------------------------------------------------------------------------

Func _UnCheckAll() ; Uncheck all settings
    GUICtrlSetState($Userbox1, $GUI_UNCHECKED)
    GUICtrlSetState($Userbox2, $GUI_UNCHECKED)
    GUICtrlSetState($Userbox3, $GUI_UNCHECKED)
    GUICtrlSetState($Userbox4, $GUI_UNCHECKED)
    GUICtrlSetState($Userbox5, $GUI_UNCHECKED)
    GUICtrlSetState($UserBoxField1, $GUI_DISABLE)
    GUICtrlSetState($UserBoxField2, $GUI_DISABLE)
    GUICtrlSetState($UserBoxField3, $GUI_DISABLE)

    GUICtrlSetState($Startbox1, $GUI_UNCHECKED)
    GUICtrlSetState($Startbox2, $GUI_UNCHECKED)
    GUICtrlSetState($Startbox3, $GUI_UNCHECKED)
    GUICtrlSetState($Startbox4, $GUI_UNCHECKED)
    GUICtrlSetState($Startbox5, $GUI_UNCHECKED)
    GUICtrlSetState($Startbox6, $GUI_UNCHECKED)
    GUICtrlSetState($Startbox7, $GUI_UNCHECKED)
    GUICtrlSetState($Startbox8, $GUI_UNCHECKED)

    GUICtrlSetState($Deskbox1, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox2, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox3, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox4, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox5, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox6, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox7, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox8, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox9, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox10, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox11, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox12, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox13, $GUI_UNCHECKED)
    GUICtrlSetState($Deskbox14, $GUI_UNCHECKED)

    GUICtrlSetState($WExpbox1, $GUI_UNCHECKED)
    GUICtrlSetState($WExpbox2, $GUI_UNCHECKED)
    GUICtrlSetState($WExpbox3, $GUI_UNCHECKED)
    GUICtrlSetState($WExpbox4, $GUI_UNCHECKED)
    GUICtrlSetState($WExpbox5, $GUI_UNCHECKED)
    GUICtrlSetState($WExpbox6, $GUI_UNCHECKED)
    GUICtrlSetState($WExpbox7, $GUI_UNCHECKED)
    GUICtrlSetState($WExpbox8, $GUI_UNCHECKED)

    GUICtrlSetState($Compbox1, $GUI_UNCHECKED)
    GUICtrlSetState($Compbox2, $GUI_UNCHECKED)
    GUICtrlSetState($Compbox3, $GUI_UNCHECKED)
    GUICtrlSetState($Compbox4, $GUI_UNCHECKED)
    GUICtrlSetState($Compbox5, $GUI_UNCHECKED)
    GUICtrlSetState($Compbox6, $GUI_UNCHECKED)
    GUICtrlSetState($Compbox7, $GUI_UNCHECKED)
    GUICtrlSetState($Compbox8, $GUI_UNCHECKED)
    GUICtrlSetState($Compbox9, $GUI_UNCHECKED)
    GUICtrlSetState($Compbox10, $GUI_UNCHECKED)
    GUICtrlSetState($Compbox11, $GUI_UNCHECKED)
    GUICtrlSetState($Compbox12, $GUI_UNCHECKED)

    If $RestoreChecked = "Yes" Then
            GUICtrlSetState($Restorebox2, $GUI_UNCHECKED)
            $RestoreChecked = ""
        ElseIf $RestoreChecked = "Unchecked" Then
            GUICtrlSetState($Restorebox1, $GUI_CHECKED)
            GUICtrlSetState($Restorebox5, $GUI_UNCHECKED)
            GUICtrlSetState($Restorebox5, $GUI_DISABLE)
            GUICtrlSetState($Restorebox5list, $GUI_DISABLE)
            GUICtrlSetData($Restorebox5list,"")
            GUICtrlSetState($Restorebox6, $GUI_UNCHECKED)
            $RestoreChecked = ""
        Else
            GUICtrlSetState($Restorebox1, $GUI_UNCHECKED)
            GUICtrlSetState($Restorebox2, $GUI_DISABLE)
            GUICtrlSetState($Restorebox5, $GUI_UNCHECKED)
            GUICtrlSetState($Restorebox5, $GUI_DISABLE)
            GUICtrlSetState($Restorebox5list, $GUI_DISABLE)
            GUICtrlSetData($Restorebox5list,"")
            GUICtrlSetState($Restorebox5note, $GUI_DISABLE)
            GUICtrlSetState($Restorebox6, $GUI_UNCHECKED)
            GUICtrlSetState($Restorebox6, $GUI_DISABLE)
    EndIf

    GUICtrlSetState($Restorebox2, $GUI_UNCHECKED)
    GUICtrlSetState($Restorebox3, $GUI_UNCHECKED)
    GUICtrlSetState($Restorebox3, $GUI_DISABLE)
    GUICtrlSetState($Restorebox4, $GUI_UNCHECKED)
    GUICtrlSetState($Restorebox4, $GUI_DISABLE)
    GUICtrlSetState($Restorebox3Name, $GUI_DISABLE)
    GUICtrlSetState($Restorebox4Name, $GUI_DISABLE)


    GUICtrlSetState($IExpbox1, $GUI_UNCHECKED)
    GUICtrlSetState($IExpbox2, $GUI_UNCHECKED)
    GUICtrlSetState($IExpbox3, $GUI_UNCHECKED)
    GUICtrlSetState($IExpbox5, $GUI_UNCHECKED)
    GUICtrlSetState($IExpbox5label, $GUI_DISABLE)
    GUICtrlSetState($URLWhitelist, $GUI_DISABLE)
    GUICtrlSetState($IExpbox6, $GUI_UNCHECKED)
    GUICtrlSetState($IExpbox6, $GUI_DISABLE)
    GUICtrlSetState($IExpbox4, $GUI_UNCHECKED)

    GUICtrlSetState($Appbox1, $GUI_UNCHECKED)
    GUICtrlSetState($Appbox1labelA, $GUI_DISABLE)
    GUICtrlSetState($Appbox1labelB, $GUI_DISABLE)
    GUICtrlSetState($AppWhitelist, $GUI_DISABLE)

    GUICtrlSetState($StartAppbox1, $GUI_UNCHECKED)
    GUICtrlSetState($StartAppbox2, $GUI_UNCHECKED)
    GUICtrlSetState($StartAppbox3, $GUI_UNCHECKED)
    GUICtrlSetState($StartAppbox4, $GUI_UNCHECKED)
    GUICtrlSetState($StartAppbox5, $GUI_UNCHECKED)

    GUICtrlSetState($IEHomePage, $GUI_DISABLE)

    GUICtrlSetState($StartAppEdit1, $GUI_DISABLE)
    GUICtrlSetState($StartAppname1, $GUI_DISABLE)
    GUICtrlSetState($StartAppEdit2, $GUI_DISABLE)
    GUICtrlSetState($StartAppname2, $GUI_DISABLE)
    GUICtrlSetState($StartAppEdit3, $GUI_DISABLE)
    GUICtrlSetState($StartAppname3, $GUI_DISABLE)
    GUICtrlSetState($StartAppEdit4, $GUI_DISABLE)
    GUICtrlSetState($StartAppname4, $GUI_DISABLE)
    GUICtrlSetState($StartAppEdit5, $GUI_DISABLE)
    GUICtrlSetState($StartAppname5, $GUI_DISABLE)
EndFunc ;=> Uncheck all settings

;--------------------------------------------------------------------------------

Func _RequireUserName() ;Check if user name is required
    $UserName = GUICtrlRead($UserField) ; Read the User Name
    If GUICtrlRead($Userbox1) == 1 Or GUICtrlRead($Userbox2) == 1 Or GUICtrlRead($Userbox3) == 1 Or GUICtrlRead($Userbox4) == 1 Or _
        GUICtrlRead($Userbox5) == 1 Or GUICtrlRead($Startbox1) == 1 Or GUICtrlRead($Startbox2) == 1 Or GUICtrlRead($Startbox3) == 1 Or _
        GUICtrlRead($Startbox4) == 1 Or GUICtrlRead($Startbox5) == 1 Or GUICtrlRead($Startbox6) == 1 Or GUICtrlRead($Startbox7) == 1 Or _
        GUICtrlRead($Startbox8) == 1 Or GUICtrlRead($Deskbox1) == 1 Or GUICtrlRead($Deskbox2) == 1 Or GUICtrlRead($Deskbox3) == 1 Or _
        GUICtrlRead($Deskbox4) == 1 Or GUICtrlRead($Deskbox5) == 1 Or GUICtrlRead($Deskbox6) == 1 Or GUICtrlRead($Deskbox7) == 1 Or _
        GUICtrlRead($Deskbox8) == 1 Or GUICtrlRead($Deskbox9) == 1 Or GUICtrlRead($Deskbox10) == 1 Or GUICtrlRead($Deskbox12) == 1 Or _
        GUICtrlRead($Deskbox13) == 1 Or GUICtrlRead($Deskbox14) == 1 Or GUICtrlRead($Compbox2) == 1 Or GUICtrlRead($Compbox3) == 1 Or _
        GUICtrlRead($Compbox4) == 1 Or GUICtrlRead($Compbox5) == 1 Or GUICtrlRead($Compbox6) == 1 Or GUICtrlRead($Compbox7) == 1 Or _
        GUICtrlRead($WExpbox1) == 1 Or GUICtrlRead($WExpbox2) == 1 Or GUICtrlRead($WExpbox3) == 1 Or GUICtrlRead($WExpbox4) == 1 Or _
        GUICtrlRead($WExpbox5) == 1 Or GUICtrlRead($WExpbox6) == 1 Or GUICtrlRead($WExpbox6) == 1 Or GUICtrlRead($WExpbox8) == 1 Or _
        GUICtrlRead($IExpbox1) == 1 Or GUICtrlRead($IExpbox2) == 1 Or GUICtrlRead($IExpbox3) == 1 Or GUICtrlRead($IExpbox4) == 1 Or _
        GUICtrlRead($StartAppbox1) == 1 Or GUICtrlRead($StartAppbox2) == 1 Or GUICtrlRead($StartAppbox3) == 1 Or GUICtrlRead($StartAppbox4) == 1 Or _
        GUICtrlRead($StartAppbox5) == 1 Then
            $RequireUserName = "Yes"
    EndIf
    If $Username = @UserName Then
            $RegPath = "HKEY_CURRENT_USER"
        Else
            $RegPath = "HKEY_LOCAL_MACHINE\" & $Username
            $LoadHive = "Yes"
    EndIf
EndFunc

;--------------------------------------------------------------------------------

Func _UserProfileCheck() ; Check that user profile exists
            Local $p = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList' ; Get Target Users SID
            Local $s, $v, $u = '\' & $UserName
            For $i = 1 To 20
                $s = RegEnumKey($p, $i)
                If @error <> 0 Then ExitLoop
                $v = RegRead($p & '\' & $s, 'ProfileImagePath') ; Look for users profile path

                If StringRight($v, StringLen($u)) = $u Then
                    Global $UserSID = $s ; Set variable for Users SID
                    Global $UserProfile = $v ; Set variable for path to users local profile
                    If FileExists($v & "\NTUSER.DAT") Then ; Check that local Profil    e has been created.
                        Return
                    EndIf
                EndIf

            Next ; Profile Not Found.
            Global $UserSID = "NotFound"
            MsgBox(16, "ERROR!", "User Profile Not Found!" & @CRLF & _ ; Profile not found
                                " - Verify Local User Account Exists. (If not, create it.)"  & @CRLF & _
                                " - You must have logged on as the User at least once." & @CRLF & _
                                " - (Make Changes to profile.)" & @CRLF & _
                                " - Reboot the PC." & @CRLF & _
                                " - Log on as Admin and re-try this Setup." , "")
            Return
EndFunc ;=> Check that user profile exists

;--------------------------------------------------------------------------------

Func _ListRestorePoints() ; Get a list of Restore Points
    GUICtrlSetData($Restorebox5list, "")
    $RestorePoints = _SR_EnumRestorePoints() ; Get the list of Restore Points
    if ubound($RestorePoints) = "1" Then
            GUICtrlSetData($Restorebox5list, "No Restore points found!")
        Else
            for $i = 1 to ubound($RestorePoints) - 1
            GUICtrlSetData($Restorebox5list,$RestorePoints[$i][0] & ": " & $RestorePoints[$i][1] & " - " & $RestorePoints[$i][2])
            next
    EndIf
EndFunc ;==> Get a list of Restore Points

;--------------------------------------------------------------------------------

Func _LoadHive() ; Load Users Registry Hive
    If RegRead("HKEY_LOCAL_MACHINE\" & $Username, "") <> 0 Then ; Key already Exists. Maybe it didn't unload correctly.
        Sleep(500)
        _UnLoadHive() ; Unload Hive
    Else ; Key does not exist
        RunWait(@ComSpec & " /c reg.exe load HKLM\" & $UserName & " " & $UserProfile & "\NTUSER.DAT", "", @SW_HIDE) ; Load the users registry hive
        Sleep(500)
    EndIf
EndFunc

;--------------------------------------------------------------------------------

Func _WriteToReg() ; Write Changes to Registry and/or PC.
    If (GUICtrlRead($Restorebox1) == $GUI_CHECKED) Then ; Enable System Restore
        If $Apply = "Yes" Then ; Apply Restriction
                Guictrlsetdata($StatusMsg, "   Enabling System Restore ...", "")
                _SR_Enable()
                Sleep(1000)
            Else ; Remove Restriction
                _SR_Disable()
        EndIF
    EndIf

    If (GUICtrlRead($Restorebox3) == $GUI_CHECKED) Then ; Create Restore Point before everything
        If $Apply = "Yes" Then ; Apply Restriction
            $RestoreName = GUICtrlRead($Restorebox3Name)
            If $RestoreName <> "" Then
                Guictrlsetdata($StatusMsg, "   Creating Restore Point before making changes...", "")
                _SR_CreateRestorePoint($RestoreName)
            EndIf
        EndIF
    EndIf

    Guictrlsetdata($StatusMsg, "   Writing Changes ...", "")

    If GUICtrlRead($Userbox4) == 1 Then ; Require User to use Ctrl+Alt+Del to log on
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon", "DisableCAD", "REG_DWORD", "00000000")
            Else ; Remove Restriction
                If RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon", "DisableCAD") = 0 Then
                    RegDelete ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon", "DisableCAD")
                EndIf
        EndIF
    EndIf

    If $DisableCtrlAltDel = "Yes" Then ; If the user has choosen the option to disable 'ctrl' key we will disable the requirement for ctrl-alt-del at logon.
        RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon", "DisableCAD", "REG_DWORD", "00000001")
    EndIf

    If GUICtrlRead($Userbox5) == 1 Then ; Auto-Logon User
        If $Apply = "Yes" Then ; Apply Restriction
                $LogonUser = GUICtrlRead($UserBoxField1)
                $LogonPass = GUICtrlRead($UserBoxField2)
                $LogonDom = GUICtrlRead($UserBoxField3)
                RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon", "REG_DWORD", "00000001")
                RegWrite ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon", "DefaultUserName", "REG_SZ", $LogonUser)
                RegWrite ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon", "DefaultPassword", "REG_SZ", $LogonPass)
                RegWrite ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon", "DefaultDomainName", "REG_SZ", $LogonDom)
            Else ; Remove Restriction
                If RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon ") = 0 Then
                    RegDelete ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "AutoAdminLogon")
                    RegDelete ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon", "DefaultUserName")
                    RegDelete("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon", "DefaultPassword")
                    RegDelete ("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\WinLogon", "DefaultDomainName")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Startbox1) == 1 Then ; Remove Shut Down, Restart, Sleep and Hibernate
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoClose", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoClose") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoClose", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Startbox2) == 1 Then ; Disable Run
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRun", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRun") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoRun", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Startbox3) == 1 Then ; Disable Command Prompt
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableCMD", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableCMD") = 1 Then
                    RegWrite ($RegPath & "Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableCMD", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Startbox4) == 1 Then ; Remove Control Panel
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoControlPanel", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoControlPanel") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoControlPanel", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Startbox5) == 1 Then ; Remove Set Default Programs
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSMConfigurePrograms", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSMConfigurePrograms") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSMConfigurePrograms", "REG_DWORD", "00000000")
                EndIf
        EndIF

    EndIf

    If GUICtrlRead($Startbox6) == 1 Then ; Disable Start Menu Personal folder
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "Start_ShowUser", "REG_DWORD", "00000000")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "No Close") = 0 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced", "No Close", "REG_DWORD", "00000001")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Startbox6) == 1 Then ; Prevent Start Menu Changes
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoChangeStartMenu", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoChangeStartMenu") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoChangeStartMenu", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Startbox8) == 1 Then ; Restrict drag-and-drop and right-click in Start Menu
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoChangeStartMenu", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoChangeStartMenu") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoChangeStartMenu", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox1) == 1 Then ; Remove system tray icons
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoTrayItemsDisplay", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoTrayItemsDisplay") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoTrayItemsDisplay", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox2) == 1 Then ; Remove Taskbar Properties
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSetTaskbar", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSetTaskbar") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoSetTaskbar", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox3) == 1 Then ; Remove System Properties
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoPropertiesMyComputer", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoPropertiesMyComputer") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoPropertiesMyComputer", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox4) == 1 Then ; Remove Locking/Unlocking of Taskbar
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LockTaskbar", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LockTaskbar") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "LockTaskbar", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox5) == 1 Then ; Remove right-click on Taskbar
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoTrayContextMenu", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoTrayContextMenu") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoTrayContextMenu", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox6) == 1 Then ; Remove Toolbars in Taskbar
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoToolbarsOnTaskbar", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoToolbarsOnTaskbar") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoToolbarsOnTaskbar", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox7) == 1 Then ; Remove Alt-tab
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer", "AltTabSettings", "REG_SZ", "1")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer", "AltTabSettings") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer", "AltTabSettings", "REG_SZ", "0")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox8) == 1 Then ; Remove Active Desktop Feature
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoActiveDesktop", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoActiveDesktop") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoActiveDesktop", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox9) == 1 Then ; Disable Task Manager
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableTaskMgr", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox10) == 1 Then ; Remove Change Password
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableChangePassword", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableChangePassword") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableChangePassword", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox11) == 1 Then ; Disable Fast User Switching
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "HideFastUserSwitching", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "HideFastUserSwitching") = 1 Then
                    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", "HideFastUserSwitching", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox12) == 1 Then ; Disable Desktop Properties
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoDispCPL", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoDispCPL") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "NoDispCPL", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox13) == 1 Then ; Remove Windows Key shortcuts
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoWinKeys", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoWinKeys") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoWinKeys", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Deskbox14) == 1 Then ; Disable Lock
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableLockWorkstation", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableLockWorkstation") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\System", "DisableLockWorkstation", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($WExpbox1) == 1 Then ; Restrict Folder Options
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoFolderOptions", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoFolderOptions") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoFolderOptions", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($WExpbox2) == 1 Then ; Restrict Registry Editor
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "DisableRegistryTools", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "DisableRegistryTools") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "DisableRegistryTools", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($WExpbox3) == 1 Then ; Remove Map Network Drive
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoNetConnectDisconnect", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoNetConnectDisconnect") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoNetConnectDisconnect", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($WExpbox4) == 1 Then ; Remove adding/removing items to/from Toolbars
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoToolbarCustomize", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoToolbarCustomize") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoToolbarCustomize", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($WExpbox5) == 1 Then ; Remove adding/removing Toolbars
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoBandCustomize", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoBandCustomize") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoBandCustomize", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($WExpbox6) == 1 Then ; Remove 'Programs and Features' button
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Programs", "NoProgramsCPL", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Programs", "NoProgramsCPL") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Programs", "NoProgramsCPL", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($WExpbox7) == 1 Then ; Disable right-click in Explorer
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewContextMenu", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewContextMenu") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewContextMenu", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($WExpbox8) == 1 Then ; Disable AutoRun/AutoPlay
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers", "DisableAutoplay", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", "255") ; 000000ff
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers", "DisableAutoplay") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers", "DisableAutoplay", "REG_DWORD", "00000000")
                EndIf
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun") = 255 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDriveTypeAutoRun", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Compbox1) == 1 Then ; Allow Windows Updates, including IE and Office updates.
        If $Apply = "Yes" Then ; Apply Restriction
                    RegWrite ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoUpdate", "REG_DWORD", "00000001")
                Else ; Remove Restriction
                    If RegRead ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoUpdate") = 1 Then
                        RegWrite ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "AUOptions", "REG_DWORD", "00000004")
                        RegWrite ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoUpdate", "REG_DWORD", "00000000")
                    EndIf
            EndIF
    EndIf

    If GUICtrlRead($Compbox2) == 1 Then ; Prevent Windows Update rebooting the computer while a user is logged on
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoRebootWithLoggedOnUsers", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoRebootWithLoggedOnUsers") = 1 Then
                    RegWrite ("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU", "NoAutoRebootWithLoggedOnUsers", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Compbox3) == 1 Then ; Restrict access to c:
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewOnDrive", "REG_DWORD", "00000004")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewOnDrive") = 4 Then
                    RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewOnDrive")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Compbox4) == 1 Then ; Hide c: drive in explorer
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives", "REG_DWORD", "00000004")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives") = 4 Then
                    RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Compbox5) == 1 Then ; Disable c: and d: drives in explorer
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives", "REG_DWORD", "15") ; 0000000f
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives") = 15 Then
                    RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Compbox6) == 1 Then ; Disable ALL drives in explorer
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives", "REG_DWORD", "67108863") ; 03FFFFFF
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives") = 67108863 Then
                    RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoDrives")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Compbox7) == 1 Then ; Disable DVD/CD-ROM
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom", "Start", "REG_DWORD", "00000004")
            Else ; Remove Restriction
                If RegRead ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom", "Start") = 4 Then
                    RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom", "Start", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Compbox8) == 1 Then ; Disable Write to USB Devices
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies", "WriteProtect", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies", "WriteProtect") = 1 Then
                    RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies", "WriteProtect", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Compbox9) == 1 Then ; Block USB Devices
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USBSTOR", "Start", "REG_DWORD", "00000004")
            Else ; Remove Restriction
                If RegRead ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USBSTOR", "Start") = 4 Then
                    RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USBSTOR", "Start", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If $EnableCtrl = "Yes" Then ; We need to make doubly sure that the Ctrl key has not been disabled if the option to make users log on with ctrl+al+del
        RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "")
    EndIf

    If (GUICtrlRead($Compbox10) == 1) And (GUICtrlRead($Compbox11) == $GUI_UNCHECKED) And (GUICtrlRead($Compbox12) == $GUI_UNCHECKED) Then ; Disable F4 key (and therefore <ALT>+F4)
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; F4
                            Binary('0x00000000000000000200000000003e0000000000'))
            Else ; Remove Restriction
                    RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "")
        EndIF
    EndIf

    If (GUICtrlRead($Compbox10) == $GUI_UNCHECKED) And (GUICtrlRead($Compbox11) == 1) And (GUICtrlRead($Compbox12) == $GUI_UNCHECKED) Then ; Disable Ctrl (and therefore Ctrl+Alt+Del)
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; Ctrl
                            Binary('0x00000000000000000300000000001d0000001de000000000'))
            Else ; Remove Restriction
                    RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "")
        EndIF
    EndIf

    If (GUICtrlRead($Compbox10) == $GUI_UNCHECKED) And (GUICtrlRead($Compbox11) == $GUI_UNCHECKED) And (GUICtrlRead($Compbox12) == 1) Then ; Disable Windows Menu Key
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; Windows Menu Key
                            Binary('0x00000000000000000200000000005de000000000'))
            Else ; Remove Restriction
                    RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "")
        EndIF
    EndIf

    If (GUICtrlRead($Compbox10) == 1) And (GUICtrlRead($Compbox11) == 1) And (GUICtrlRead($Compbox12) == $GUI_UNCHECKED) Then ; Disable F4 key and Ctrl
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; F4/Ctrl
                            Binary('0x00000000000000000400000000003e0000001d0000001de00000000'))
            Else ; Remove Restriction
                    RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "")
        EndIF
    EndIf

    If (GUICtrlRead($Compbox10) == 1) And (GUICtrlRead($Compbox11) == $GUI_UNCHECKED) And (GUICtrlRead($Compbox12) == 1) Then ; Disable F4 key and Windows Menu Key
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; F4/Windows Menu Key
                            Binary('0x00000000000000000300000000003e0000005de000000000'))
            Else ; Remove Restriction
                    RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "")
        EndIF
    EndIf

    If (GUICtrlRead($Compbox10) == 1) And (GUICtrlRead($Compbox11) == 1) And (GUICtrlRead($Compbox12) == 1) Then ; Disable F4 key and Ctrl and Windows Menu Key
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; F4/Windows Menu Key/Ctrl
                            Binary('0x00000000000000000500000000003e0000005de000001d0000001de000000000'))
            Else ; Remove Restriction
                    RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "")
        EndIF
    EndIf

    If (GUICtrlRead($Compbox10) == $GUI_UNCHECKED) And (GUICtrlRead($Compbox11) == 1) And (GUICtrlRead($Compbox12) == 1) Then ; Disable Ctrl and Windows Menu Key
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", _ ; Windows Menu Key/Ctrl
                            Binary('0x00000000000000000400000000005de000001d0000001de000000000'))
            Else ; Remove Restriction
                    RegWrite ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout", "Scancode Map", "REG_BINARY", "")
        EndIF
    EndIf

    If (GUICtrlRead($Restorebox5) == $GUI_CHECKED) And (GUICtrlRead($Restorebox6) == $GUI_UNCHECKED) Then ; Restore PC
        $RestoreFull = GUICtrlRead($Restorebox5list)
        $RestoreShort = StringLeft($RestoreFull, StringInStr($RestoreFull, ": ")-1) ; Remove the date and name from the line. We only want the number
        If $Apply = "Yes" Then ; Apply Restriction
                Guictrlsetdata($StatusMsg, "   Restoring PC ...", "")
                _SR_Restore($RestoreShort)
            Else ; Delete individual restore point
                Guictrlsetdata($StatusMsg, "   Deleting Restore Point #" & $RestoreShort, "")
                _SR_RemoveRestorePoint($RestoreShort)
                Sleep(2000)
                _ListRestorePoints() ; Relist restore Points
        EndIf
    EndIf

    If (GUICtrlRead($Restorebox6) == $GUI_CHECKED) Then ; Delete all restore points
        If $Apply = "Yes" Then ; Apply Restriction
            Guictrlsetdata($StatusMsg, "   Deleting all Restoring Points ...", "")
            _SR_RemoveAllRestorePoints()
            Sleep(2000)
            _ListRestorePoints() ; Relist restore Points
        EndIF
    EndIf

    If GUICtrlRead($IExpbox1) == 1 Then ; Set IE HomePage
        If $Apply = "Yes" Then ; Apply Restriction
                $Homepage = GUICtrlRead($IEHomePage)
                RegWrite ($RegPath & "\Software\Microsoft\Internet Explorer\Main", "Start Page", "REG_SZ", $Homepage)
            Else ; Remove Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Internet Explorer\Main", "Start Page", "REG_SZ", "")
        EndIF
    EndIf

    If GUICtrlRead($IExpbox2) == 1 Then ; Prevent HomePage from being changed
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "HomePage", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "HomePage") = 1 Then
                    RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "HomePage", "REG_DWORD", "00000000")
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($IExpbox3) == 1 Then ; Restrict IE Internet Options. Should probably split this up a bit...
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Advanced", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "History", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Cache", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Connection Settings", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Certificates", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Colors", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Fonts", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Languages", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Profiles", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Links", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "HomePage", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Ratings", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Check_If_Default", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Proxy", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Autoconfig", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Connection Wizard", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CalendarContact", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Messaging", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Wallet", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ResetWebSettings", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "AdvancedTab", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CertifPers", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CertifSite", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "FormSuggest", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "FormSuggest Passwords", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "GeneralTab", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "SecurityTab", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ContentTab", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ConnectionsTab", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ProgramsTab", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "SecChangeSettings", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "SecAddSites", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Connwiz Admin Lock", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Settings", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Accessibility", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "PrivacyTab", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CertifPub", "REG_DWORD", "00000001")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Privacy Settings", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Advanced", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "History", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Cache", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Connection Settings", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Certificates", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Colors", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Fonts", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Languages", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Profiles", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Links", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "HomePage", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Ratings", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Check_If_Default", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Proxy", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Autoconfig", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Connection Wizard", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CalendarContact", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Messaging", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Wallet", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ResetWebSettings", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "AdvancedTab", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CertifPers", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CertifSite", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "FormSuggest", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "FormSuggest Passwords", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "GeneralTab", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "SecurityTab", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ContentTab", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ConnectionsTab", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "ProgramsTab", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "SecChangeSettings", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "SecAddSites", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Connwiz Admin Lock", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Settings", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Accessibility", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "PrivacyTab", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "CertifPub", "REG_DWORD", "00000000")
                RegWrite ($RegPath & "\Software\Policies\Microsoft\Internet Explorer\Control Panel", "Privacy Settings", "REG_DWORD", "00000000")
        EndIF
    EndIf

    If GUICtrlRead($IExpbox5) == 1 Then ; Enable Content Restrictions in IE
        If $Apply = "Yes" Then ; Apply Restriction
                If Not FileExists("c:\windows\system32\noaccess.rat") Then
                    _NoAccessRat() ; Create the noaccess.rat file (if not found). This file is required to block access to all sites except for whitelist.
                EndIf
                RegDelete ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0") ; Remove Previous rules
                RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings", "Key", "REG_BINARY", Binary('0x570aff3036153b5e9f7cdb8cf72d1759'))
                RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings", "FileName0", "REG_SZ", "C:\Windows\System32\noaccess.rat")
                RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "Allow_Unknowns", "REG_DWORD", "00000000")
                RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "Enabled", "REG_DWORD", "00000001")
                RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default", "NumSys", "REG_DWORD", "00000000")
                RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0", "dwFlags", "REG_DWORD", "00000000")
                RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0", "errLine", "REG_DWORD", "00000000")
                RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy", "PRNumPolicy", "REG_DWORD", "00000002")
                $URLWhitelistAll = GUICtrlRead($URLWhitelist) ; Get the list of URLs to whitelist
                $URLWhitelistSplit = StringSplit($URLWhitelistAll, ";") ; Split the URLs up. Semi-colon is seperator.
                For $i = 1 To $URLWhitelistSplit[0] ; Loop through the array returned by StringSplit to display the individual values.
                    If $i = "1" Then ; We need the number to start at zero and not one.
                            $Num = "0"
                        Else
                            $Num = ($i-1) ; Values other than 1 will have 1 deleted.
                    EndIf
                    $URL = $URLWhitelistSplit[$i] ; Set URL value
                    $URLCount = Ubound($URLWhitelistSplit) ; Count the number of URLs to be added
                    $URLActual = ($URLCount-1) ; Count includes "0" so reduce number by one.
                    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\", _
                    "PRNumPolicy", "REG_DWORD", $URLActual)
                    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num, _
                    "PRPPolicyAttribute", "REG_DWORD", "00000002")
                    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _
                    "\PRPPolicySub", "PRNumURLExpressions", "REG_DWORD", "00000001")
                    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _
                    "\PRPPolicySub", "PRNumURLExpressions", "REG_DWORD", "00000001")
                    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _
                    "\PRPPolicySub\0", "PRBUInternetPattern", "REG_DWORD", "00000001")
                    If StringInStr($URL, "*") Then ; Wildcard used in URL
                            RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _
                            "\PRPPolicySub\0", "PRBUNonWild", "REG_DWORD", "12")
                        Else ; No Wilcard in URL
                            RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _
                            "\PRPPolicySub\0", "PRBUNonWild", "REG_DWORD", "13")
                    EndIf
                    if StringInStr($URL, "http://") or StringInStr($URL, "https://") Then ; Strip http:// and https:// from URL (if found)
                            if StringInStr($URL, "http://") Then
                                Local $URLnoHTTP = StringReplace($URL, "http://", "")
                            EndIf
                            if StringInStr($URL, "https://") Then
                                Local $URLnoHTTP = StringReplace($URL, "http://", "")
                            EndIf
                            RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _
                            "\PRPPolicySub\0", "PRBUHost", "REG_SZ", $URLnoHTTP)
                        Else
                            RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _
                            "\PRPPolicySub\0", "PRBUHost", "REG_SZ", $URL)
                    EndIf
                    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _
                    "\PRPPolicySub\0", "PRBUSpecified", "REG_DWORD", "31")
                    if StringInStr ($URL, "http://") = 1 Then
                        RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _
                        "\PRPPolicySub\0", "PRBUScheme", "REG_SZ", "http")
                    EndIf
                    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _
                    "\PRPPolicySub\0", "PRBUPort", "REG_SZ", "80")
                    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0\PRPolicy\" & $Num & _
                    "\PRPPolicySub\0", "PRBUUrl", "REG_SZ", $URL)
                Next
            Else ; Remove Restriction
                RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "Enabled", "REG_DWORD", "00000000")
                RegDelete ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\PICSRules\.Default\0")
        EndIF
    EndIf

    If GUICtrlRead($IExpbox6) == 1 Then ; Allow Admins to type a password to allow Restricted Sites.
        If $Apply = "Yes" Then ; Apply Restriction
                    RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "PleaseMom", "REG_DWORD", "00000001")
                Else ; Remove Restriction
                    If RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "PleaseMom") = 1 Then
                        RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "PleaseMom", "REG_DWORD", "00000000")
                    EndIf
            EndIF
        Else
            RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings\.Default", "PleaseMom", "REG_DWORD", "00000000")
    EndIf

    If GUICtrlRead($IExpbox4) == 1 Then ; Disable password manager
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Internet Settings", "DisablePasswordCaching", "REG_DWORD", "00000001")
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Internet Settings", "DisablePasswordCaching") = 1 Then
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Internet Settings", "DisablePasswordCaching", "REG_DWORD", "00000000")
                EndIf
        EndIf
    EndIf

    If GUICtrlRead($Appbox1) == 1 Then ; Enable Application Restrictions
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "RestrictRun", "REG_DWORD", "00000001")
                $AppWhitelistAll = GUICtrlRead($AppWhitelist)
                $AppWhitelistSplit = StringSplit($AppWhitelistAll, ";")
                For $i = 1 To $AppWhitelistSplit[0] ; Loop through the array returned by StringSplit to display the individual values.
                    $Num = $i
                    $App = $AppWhitelistSplit[$i]
                    RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun", $Num, "REG_SZ", $App)
                Next
            Else ; Remove Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "RestrictRun", "REG_DWORD", "00000000")
                RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun")
        EndIF
    EndIf

    If GUICtrlRead($StartAppbox1) == 1 Then ; Add programs to users Startup program list
        $AppName1 = GUICtrlRead($StartAppname1)
        $AppConfig1 = GUICtrlRead($StartAppEdit1)
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName1, "REG_SZ", $AppConfig1)
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName1) = $AppConfig1 Then
                    RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName1)
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($StartAppbox2) == 1 Then ; Add programs to users Startup program list
        $AppName2 = GUICtrlRead($StartAppname2)
        $AppConfig2 = GUICtrlRead($StartAppEdit2)
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName2, "REG_SZ", $AppConfig2)
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName2) = $AppConfig2 Then
                    RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName2)
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($StartAppbox3) == 1 Then ; Add programs to users Startup program list
        $AppName3 = GUICtrlRead($StartAppname3)
        $AppConfig3 = GUICtrlRead($StartAppEdit3)
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName3, "REG_SZ", $AppConfig3)
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName3) = $AppConfig3 Then
                    RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName3)
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($StartAppbox4) == 1 Then ; Add programs to users Startup program list
        $AppName4 = GUICtrlRead($StartAppname4)
        $AppConfig4 = GUICtrlRead($StartAppEdit4)
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName4, "REG_SZ", $AppConfig4)
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName4) = $AppConfig4 Then
                    RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName4)
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($StartAppbox5) == 1 Then ; Add programs to users Startup program list
        $AppName5 = GUICtrlRead($StartAppname5)
        $AppConfig5 = GUICtrlRead($StartAppEdit5)
        If $Apply = "Yes" Then ; Apply Restriction
                RegWrite ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName5, "REG_SZ", $AppConfig5)
            Else ; Remove Restriction
                If RegRead ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName5) = $AppConfig5 Then
                    RegDelete ($RegPath & "\Software\Microsoft\Windows\CurrentVersion\Run", $AppName5)
                EndIf
        EndIF
    EndIf

    If GUICtrlRead($Userbox1) == 1 Then ; Add User to Local Admin Group
        RunWait(@ComSpec & " /c net localgroup Administrators " & $Username & " /add", "", @SW_HIDE)
    EndIf

    If GUICtrlRead($Userbox3) == 1 Then ; Write-Protect, and Disable Delete on Desktop and Start-Menu and Downloads
        If $Apply = "Yes" Then ; Apply Restriction

                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /inheritance:r', "", @SW_HIDE) ; Make Desktop read-only
                Sleep(200)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /remove ' & $UserName, "", @SW_HIDE)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /grant SYSTEM:(OI)(CI)F', "", @SW_HIDE)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /grant Administrators:(OI)(CI)F', "", @SW_HIDE)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /grant ' & $UserName & ':(OI)(CI)RX', "", @SW_HIDE)

                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /inheritance:r', "", @SW_HIDE) ; Make Downloads read-only
                Sleep(200)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /remove ' & $UserName, "", @SW_HIDE)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /grant SYSTEM:(OI)(CI)F', "", @SW_HIDE)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /grant Administrators:(OI)(CI)F', "", @SW_HIDE)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /grant ' & $UserName & ':(OI)(CI)RX', "", @SW_HIDE)

                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /inheritance:r', "", @SW_HIDE) ; Make Start Menu read-only
                Sleep(200)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /remove ' & $UserName, "", @SW_HIDE)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /grant SYSTEM:(OI)(CI)F', "", @SW_HIDE)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /grant Administrators:(OI)(CI)F', "", @SW_HIDE)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /grant ' & $UserName & ':(OI)(CI)RX', "", @SW_HIDE)
            Else ; Remove Restriction
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /inheritance:e', "", @SW_HIDE) ; Restore rights to Desktop
                Sleep(200)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /remove ' & $UserName, "", @SW_HIDE)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Desktop" /grant ' & $UserName & ':(OI)(CI)F', "", @SW_HIDE)

                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /inheritance:e', "", @SW_HIDE) ; Restore rights to Downloads
                Sleep(200)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /remove ' & $UserName, "", @SW_HIDE)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\Downloads" /grant ' & $UserName & ':(OI)(CI)F', "", @SW_HIDE)

                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /inheritance:e', "", @SW_HIDE) ; Restore rights to Start Menu
                Sleep(200)
                RunWait(@ComSpec & ' /c icacls "' & $UserProfile & '\AppData\Roaming\Microsoft\Windows\Start Menu" /grant ' & $UserName & ':(OI)(CI)F', "", @SW_HIDE)
        EndIF
    EndIf

    If GUICtrlRead($Userbox2) == 1 Then ; Remove User From Local Admin Group
        RunWait(@ComSpec & " /c net localgroup Administrators " & $Username & " /delete", "", @SW_HIDE)
    EndIf

    If (GUICtrlRead($Restorebox4) == $GUI_CHECKED) Then ; Create Restore Point before everything
        If $Apply = "Yes" Then ; Apply Restriction
            $RestoreName = GUICtrlRead($Restorebox4Name)
            If $RestoreName <> "" Then
                Guictrlsetdata($StatusMsg, "   Creating Restore Point ...", "")
                _SR_CreateRestorePoint($RestoreName)
            EndIf
        EndIF
    EndIf

    Sleep(1000)
EndFunc ;=> Write Changes to Registry

;--------------------------------------------------------------------------------

Func _NoAccessRat() ; Create noaccess.rat file if not found. This is used to block websites other than in the whitelist.
    $NA0 = '((PICS-version 1.0)'
    $NA1 = ''
    $NA2 = '(rating-system "http://www.microsoft.com")'
    $NA3 = '(rating-service "http://www.microsoft.com")'
    $NA4 = '(name "Noaccess")'
    $NA5 = '(description "This file will block all sites.")'
    $NA6 = ''
    $NA7 = '(category'
    $NA8 = '(transmit-as "m")'
    $NA9 = '(name "Yes")'
    $NA10 = '(label'
    $NA11 = '(name "Level 0: No Setting")'
    $NA12 = '(description "No Setting")'
    $NA13 = '(value 0))'
    $NA14 = '(label'
    $NA15 = '(name "Level 1: No Setting")'
    $NA16 = '(description "No Setting")'
    $NA17 = '(value 1))))'

    $NoAccessFile = "c:\windows\system32\noaccess.rat"

    FileWrite($NoAccessFile, $NA0)
    Local $FileOpen = FileOpen($NoAccessFile, $FO_APPEND)
    FileWriteLine($NoAccessFile, $NA1)
    FileWriteLine($NoAccessFile, $NA2)
    FileWriteLine($NoAccessFile, $NA3)
    FileWriteLine($NoAccessFile, $NA4)
    FileWriteLine($NoAccessFile, $NA5)
    FileWriteLine($NoAccessFile, $NA6)
    FileWriteLine($NoAccessFile, $NA7)
    FileWriteLine($NoAccessFile, $NA8)
    FileWriteLine($NoAccessFile, $NA9)
    FileWriteLine($NoAccessFile, $NA10)
    FileWriteLine($NoAccessFile, $NA11)
    FileWriteLine($NoAccessFile, $NA12)
    FileWriteLine($NoAccessFile, $NA13)
    FileWriteLine($NoAccessFile, $NA14)
    FileWriteLine($NoAccessFile, $NA15)
    FileWriteLine($NoAccessFile, $NA16)
    FileWriteLine($NoAccessFile, $NA17)

    FileClose($FileOpen)
EndFunc ;==> Create noaccess.rat file if not found.

;--------------------------------------------------------------------------------

Func _UnLoadHive() ; Un-load Users Registry Hive
    If RegRead ("HKEY_LOCAL_MACHINE\" & $Username, "") = 0 Then ; Key Exists
        RunWait(@ComSpec & " /c reg.exe unload HKLM\" & $UserName, "", @SW_HIDE)
        Sleep(500)
    EndIf
EndFunc ;=> Un-load Users Registry Hive

;--------------------------------------------------------------------------------

Func _Restart(); Reboot PC?
        $RestartBox = MsgBox(36,"Restart PC?","You may need to Reboot the PC for all changes to take effect." & @CRLF & @CRLF & "Click Yes, to reboot the PC.")
        Select
         Case $RestartBox = 6 ; Yes
            Run("cmd /c shutdown -r -t 0", "", @SW_HIDE)
            Guictrlsetdata($StatusMsg, " Restarting PC ... ", "")
         Case $RestartBox = 7 ; No
        EndSelect
EndFunc;==> Reboot PC?

Show Hide User Accounts (at Welcome Screen)

#cs ----------------------------------------------------------------------------
 Script Function:

    At the Welcome Screen, either:
        - Hide all Local Accounts EXCEPT for Current Logged on User Accunt.
        - Restore/Show all Local Accounts.

    (Created for use on kiosk PCs.)

    Usage:
        1. Set the script to Run at User Login. (You can set this in the KioskUserAccountSetup script.)
            - ShowHideUserAccounts.exe PASSWORD
            - Where PASSWORD is the password used to Hide/Show Accounts.
        2. Logon as the User that you want to be available as the kiosk desktop.
        3. ShowHideUserAccounts.exe runs in the background waiting for the "secret" keystroke.
        4. Press shift+alt+u, when prompted enter the password to either:
            a. If accounts are not hidden, hide All Accounts, EXCEPT for Current Logged On User, at the Welcome Screen.
            b. If accounts are hidden, show All Accounts at the welcome screen. All accounts visible at Welcome Screen.
        5. At the Welcome Screen, accounts will be either shown/hidden.
            - If accounts are "hidden" the kiosk user only has a single logon choice (to a locked down account).
            - If accounts are "shown" the admin can log on as a different account to update/apply settings etc.

    Note: Only tested on Win7 32bit OS

    - dalk 26.06.14

 AutoIt Version: 3.3.10.2
#ce ----------------------------------------------------------------------------

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Outfile=ShowHideUserAccounts.exe
#AutoIt3Wrapper_Res_Fileversion=1.0.0.1
#AutoIt3Wrapper_Res_ProductVersion=5.0
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#NoTrayIcon
#include <MsgBoxConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <File.au3>

; -- "Secret" Hotkey -----------------------------------------------------------------

$KeyStroke = "+!u" ; shift+alt+u

; ------------------------------------------------------------------------------------

If ($CmdLine[0] = "0") Then ; No pasword parameter passed.
    MsgBox(48, "ERROR", "No Password Specified!"  & @CRLF & @CRLF & _
                "USAGE:   ShowHideAccounts.exe PASSWORD" _
                , 30)
    Exit
EndIf

$Password = $CmdLine[1]

Global $sWow64 = "" ; X64 running support
If @AutoItX64 Then $sWow64 = "\Wow6432Node"

Global $colUsers, $sTmp, $Array[1] = ["user"]
$colUsers = ObjGet("WinNT://" & @ComputerName)

Global $LocalAccount =""

HotKeySet($KeyStroke, "_HotKeyPressed") ; Wait for shift+alt+u HotKey to Initiate Show/Hide.

While 1
    Sleep(100)
WEnd

; -- Functions -----------------------------------------------------------------------

Func _HotKeyPressed() ; Hot Key Pressed
    HotKeySet($KeyStroke) ; Disable hotkey.
    Switch @HotKeyPressed ; The last hotkey pressed.
    Case $KeyStroke ; Hot key pressed.
    Local $PassCheck = InputBox("Show/Hide Accounts", "Enter the Password.", "", "*", 240, 130) ; Prompt for password.
    If ($PassCheck = $Password) Then ; Check if password is correct.
            If IsObj($colUsers) Then ; Get Local User Accounts
                $colUsers.Filter = $Array
                For $objUser In $colUsers
                $LocalAccount = $objUser.Name
                if ($LocalAccount <> @UserName) AND _ ; We do not want to show/hide current user.
                    ($LocalAccount <> "Guest") AND _ ; Or Built-in Guest Account.
                    ($LocalAccount<> "Administrator") Then ; Or Built-in Administrator Account.
                    If RegDelete("HKEY_LOCAL_MACHINE\SOFTWARE" & $sWow64 & _ ; SHOW User(s). Delete key IF it exists.
                                "\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList", $LocalAccount) = 1 Then
                            $State = "Show User "
                        Else
                            $State = "Hide User "
                            RegWrite ("HKEY_LOCAL_MACHINE\SOFTWARE" & $sWow64 & _ ; HIDE User(s). Key NOT found, so add it.
                                        "\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList", $LocalAccount, "REG_DWORD", "00000000")
                    EndIf
                    $MSG = GUICreate("", 420, 30, -1, -1, BitOR($WS_POPUP,$WS_BORDER), $WS_EX_TOPMOST) ; Create GUI
                    GUISetBkColor(0xF0F0F0 )
                    GUICtrlCreateLabel($State & "<" & $LocalAccount & "> at Welcome Screen.", 5, 4, 420, 30)
                    GUICtrlSetFont(-1, 11, 400, 0, "Tahoma")
                    GUICtrlSetColor(-1, 0x000000)
                    GUISetState(@SW_SHOW, $MSG)
                    Sleep(1000)
                    GUISetState(@SW_HIDE, $MSG)
                EndIf
                Next
            EndIF
        Else
            If ($PassCheck = "") Or _ ; Password field empty.
               ($PassCheck <> $Password) Then ; Incorrect Password.
                MsgBox (48, "Error", "Password Blank or Incorrect.", 5)
            EndIf
    EndIf
    EndSwitch
    HotKeySet($KeyStroke, "_HotKeyPressed") ; Re-enable HotKey to Initiate Show/Hide.
EndFunc   ;==>Hot Key Pressed
Edited by dalk

Share this post


Link to post
Share on other sites



This works great and the GUI is pretty nice. I do have one issue, I keep getting a "access denied" window, with the title desktop. I have local GPO also, so I'll remove that 1st and try again.

 

Thank you for this tho!!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now