The Windows system policies you can select here are intended to restrict the functionality of your Windows operating system or that of certain applications. The employed policies are only relevant to the SiteKiosk user and usually applied by running the System Security Manager no matter if SiteKiosk is launched or not.

1. Protect desktop

The following policies refer to the Windows Desktop. Note that the desktop will not be displayed when SiteKiosk is launched with the shell replacement option turned on (e.g. SiteKiosk launch in auto start mode).

1.1 Hide My Computer on desktop and in Windows Explorer
This option refers to the My Computer icon on the desktop and the Windows Explorer file manager. The checkbox is turned off by default, as users would otherwise not be able to view or select the shared drives you specified under file system. You should tick this checkbox if you want to grant access to My Documents instead of other drives such as the floppy disk drive or the CD-ROM drive.

1.2 Hide My Documents on desktop and in Windows Explorer
This option refers to the My Documents folder icon on the desktop and in the Windows Explorer file manager. The checkbox is turned off by default as users will otherwise not be able to view or select the My Documents folder which you may have made accessible under file system.

1.3 Hide remaining desktop icons
This option lets you hide all other standard icons that are usually found on the desktop or in Windows Explorer (e.g. recycle bin).

1.4 Disable screen display options
Refers to the option of right-clicking on the desktop and selecting "Display Properties", which lets you change the screensaver or modify the screen resolution.

1.5 Discard changes on exit
This option prevents the saving of any changes the user applies to the desktop layout (e.g. the position of icons).


1.6 Disable Active Desktop
This setting prevents users from making changes on the so-called Active Desktop. You can, furthermore, use this option to disable certain Windows features such as Web View, Thumbnail Views, or the Quick Launch Toolbar.

1.7 Enable other restrictions
This option allows you to enable/disable the following restrictions:

• Changes to the position of the folder My Documents.
• Changes to the Active Desktop toolbar.
• The Desktop Cleanup Wizard will be disabled and cannot be launched manually, either.

2. Limit Start menu and taskbar options

Refers to the Windows Start menu (AND NOT the SiteKiosk Start menu), unfolding whenever you click on START, as well as to the Windows taskbar, which is usually located at the bottom of your screen.

2.1 Prevent setting changes
This option allows you to enable/disable the following restrictions

• Locks the taskbar and prevents the user from moving it around.
• Prevents the user from moving icons within the Start menu.
• Removes the menus "taskbar" and "Start menu" from the control panel and the taskbar properties (right-click on the taskbar).
• Disables the context menu in the tray view of the taskbar.
• Disables "Control Panel" and "Printers and Faxes" in the Start menu and in Windows Explorer.

2.2 Hide Documents
Hides the Documents folder in the Start menu and in Windows Explorer.

2.3 Hide Programs
Hides the "Programs" folder in the Start menu.

2.4 Hide Recently Used Programs
The recently and frequently used applications will no longer be displayed in the Start menu.

2.5 Hide Run
Hides the Run button in the Start menu.

2.6 Hide Search
Hides the Search button in the Start menu.

2.7 Hide Help
Hides the Help button in the Start menu.

2.8 Show only my Start menu entries
Hides all Program entries in the Start menu that are not specific to the user. A restricted user will then only be able to access her own programs.

2.9 Hide customized toolbars
This restriction will remove the various different toolbars (e.g. Quick Launch, Try, etc.) from the taskbar. Users will be unable to turn them back on.

2.10 Hide Log Off
Hides the Log Off button in the Start menu. This option is disabled by default to allow first-time users of SiteKiosk to log back on without a problem. You can, however, reactivate this option if needed as administrators will still be able to log off using the exit dialog box in SiteKiosk (following the SiteKiosk password prompt).

2.11 Hide Shut Down
Hides the Shut Down button in the Start menu. Administrators can also bring up this option by opening the exit dialog box in SiteKiosk.

2.12 Enable further restrictions
This option allows you to enable/disable the following restrictions:

• Removes the list of added programs from the Start menu.
• Removes Internet and E-Mail from the Start menu.
• The user name will no longer be displayed in the Start menu of Windows.
• Disables the clock in the Windows taskbar.
• Removes the link to the Windows update feature.
• Clears the list of recently used documents when Windows is shut down The documents themselves will not be deleted by this option.
• Disables "user tracing." Windows will no longer keep track of user actions recorded in programs, paths, or documents.
• Removes the option "Use Personalized Menus."
• Shortcuts to only partially installed applications (e.g. programs that were installed by a system administrator using the Windows Installer and which will be installed and configured completely when a user runs them for the first time) will be displayed (gray) as disabled links.
• Disables the option "Hide inactive icons."
• Disables "popups" in the Start menu.

3. Windows Explorer

The following options refer to the program Windows Explorer (formerly known as file manager). If you want to allow your users to run the program file Explorer.exe as an external application, we recommend that you leave the restrictions described here as they are.

3.1 Prevent setting changes
This option allows you to enable/disable the following restrictions:

• Disables the folder options.
• Prevents users from establishing additional network connections.
• Removes the context menu that would normally appear when the user right-clicks in the Windows Explorer.
• Disables the function "permissions and security."
• Prevents users from changing the hardware device properties (e.g. installing additional drivers from the CD/DVD-ROM drive).
• Removes the tab "Distributed File System." This prevents users from viewing or changing the properties of local DFS shares.
• Prevents users from introducing any changes to the display of windows or menus.

3.2 Disable autorun for all drives
Disables autorun for all drives. This option is primarily intended to prevent applications stored on a user's CD, DVD or USB stick from being executed automatically.

3.3 Delete files immediately (do not move to recycle bin)
Files will be deleted immediately rather than moved to the trash can (recycle bin) first. Restoring deleted files will be impossible.

3.4 Disable CD recording functions built into Windows
Prevents a limited SiteKiosk user from making use of the CD burning capability built into Windows.

3.5 Enable further restrictions
This option allows you to enable/disable the following restrictions:

• Removes the list of recently used programs and eliminates the Back button from the dialog boxes.
• Removes the "File" option from the Explorer's toolbar.
• Removes the Search button from the Windows Explorer.
• Removes the list item Network Neighborhood from Windows Explorer.
• Disables the Welcome Screen that is normally displayed when a user logs on (for the first time).

4. Restrict printer usage 

The following options can be used to protect the print settings.

4.1 Prohibit addition & deletion of printers.
Prevents users from adding and deleting printers.

4.2 Disable printer settings
Prevents the dialog box that can be used to adjust the printer settings (e.g. printer sharing, ports, etc.) from being displayed.

4.3 Prohibit printing
Prevents users from printing documents. If you want to allow your users to print in SiteKiosk, you should disable this option.

5. Protect system settings

These policies are intended to protect the system settings from unauthorized modifications.

5.1 Disable control panel
Removes the Control Panel entry from the Windows Start menu.

5.2 Disable Internet options
Prevents users from accessing the Internet options in Internet Explorer.

5.3 Prevent software uninstall
Prohibits uninstalling programs as a general rule. In addition, the following restrictions can be enabled:

• The icon and menu entry "software" in the Control Panel are hidden.
• The button "Change or remove programs" is removed from the pane "Add or remove programs."
• Eliminates the button "Add New Programs" from the pane under "Add or Remove Programs."
• The button "Add or remove Windows components" under "Software" is eliminated.
• The option "Add a program from CD or floppy disk" in the category "Add new programs" under software is disabled.
• The option "Add programs from Microsoft" in the category "Add new programs" under "Software" is disabled.
• The programs listed on the page "Change or remove programs" may contain a hyperlink called "Support information." This link will be eliminated.

6. Disable system tools

Disables various system tools for security reasons.

6.1 Disable Task Manager
Prevents the users from launching the Task Manager.

6.2 Disable Windows registry tools
Prevents the restricted user from executing "REGEDIT.EXE" or "REGEDT32.EXE."

6.3 Disable Microsoft Management Console (MMC)
Prevents the restricted user from being able to launch "Microsoft Management Console" (mmc.exe).

6.4 Command Line Interpreter (command.com)
Use this option to enable/disable the following restrictions:

• Allow
  Use of Command Console is allowed.
• Allow Batch Files
  The user will be allowed to open .bat and .cmd files from within Explorer. Opening the Command Console manually will, however, not be possible.
• Always Disable
  Prevents the user from being allowed to use the Command Console, i.e. she will not be able to open any .bat or .cmd files from within Explorer, either.

6.5 Restrict Task Scheduler
You can use this option to enable/disable the following restrictions:

• Hides all existing scheduler tasks.
• Disables the menu option "Advanced" in the Task Scheduler.
• Prevents addition and deletion of tasks.

7. Dial-up networking & network (does not apply to SiteKiosk)

The following policies apply to dial-up networking (dialing a connection) and network options. Please note that the restrictions described here do not apply to SiteKiosk because the application manages the logon process independently (if necessary).

7.1 Prevent manual dial-up
Prevents users from establishing a connection manually.

7.2 Prevent changes to dial-up settings
Disables the "Settings" button for dial-up connections in the status dialog box as well as in the context menu for the dial-up connection itself.

7.3 Prevent changes to network settings
Disables the "Settings" button for network connections in the status dialog box as well as in the context menu for the network connection itself.

7.4 Hide status display of network connections
Prevents the status of the network connections from being displayed.

7.5 Ignore offline files
You can use this option to enable/disable the following restrictions:

• Disables the tab Offline Files in Explorer under "Tools -> Folder Options."
• Removes the menu option "Settings" from the context menu for the offline files.
• Disables button "View Files."
• Disables "Settings" button in the dialog box "Offline File Status."
• Disables the option "Make available offline" in the '"File" menu as well as in all context menus of Windows Explorer.
• Disables option "Enable Reminders" and related symbols under the tab "Offline Files."

7.6 Enable further restrictions (command.com)
Use this option to enable/disable the following restrictions:

• Prevents the addition and deletion of network components.
• Removes the "Advanced" tab under the properties of the network components.
• Prevents adjustments to protocol settings.
• Disables the Internet Connection Wizard.

8. Additional applications

A library of restrictions that are intended to secure a number of commonly used Windows applications.

8.1 Restrict Windows Media Player
Hides the following tabs in the option menu of Media Player: Privacy, Security, Network, and File Types.

8.2 Restrict Windows Installer
Limits MSI's special default user rights to access the hard drive as well as the registry. This option ensures that MS Installer will merely have the same rights as its user.

8.3 Restrict Internet Explorer
This option restricts the use of Internet Explorer as much as possible:

• Disables the menu option "Internet Options" under Tools.
• Prevents files from being opened or saved.
• Disables the right-click option anywhere inside Internet Explorer.

8.4 Disable right mouse button
With this option enabled, the use of the right mouse button will have no effect.

8.5 Disable Windows Messenger
By default, Windows Messenger launches automatically on startup in older versions of WindowsXP. This option prevents the application from being launched automatically as well as manually. Please do not confuse Windows Messenger with Microsoft's similarly named application MSN Messenger!

8.6 Disable Windows update dialog boxes
Prevents users from accessing the "Windows Update" function through Microsoft's online update page. Instead, the user will see an "Access Denied" message on this page.

9. Advanced security settings

Policies for restrictions applying to numerous Windows functions that are relevant to security.

9.1 Prevent blocking of workstation
Disables the option "Block Computer" under Win2K and XP, which will appear when a user holds down CTRL-ALT-DEL.

9.2 Prevent password changes
Prevents users from being able to alter any passwords.

9.3 Suppress messages on bootup
Prevents messages from being displayed during bootup.