OK, here is a solution which relies on users ignorance. Run the program from HKLM\Software\Microsoft\Windows\Run
Usually this is effectively the same as runing from a shortcut in startup, but your users will be scared to edit the registry. In fact you can use system policies to disallow the use of regedit. That combination ought to be enough to stop 99.9% of users. Couple that with a clear policy that makes clear the existence of a security flaw in a system is not a license to exploit it, and the machines configuration should not be tampered with, and I think you've done all you can on that platform. Hopefully management would be willing to deal with the reamining .1% - the 22 year unable to grasp the difference between can and should who decides to use another registry editing tool to get this out, because he 'can'. ----Original Message Follows---- From: "Ron Jameson" <[EMAIL PROTECTED]> Reply-To: "MSWinNT Discussions" <[EMAIL PROTECTED]> To: "MSWinNT Discussions" <[EMAIL PROTECTED]> Subject: Restrict win98 user to modify startup folder using policies Date: Wed, 26 Sep 2001 07:11:07 -0500 In a winnt 4.0 server and win98 client network, there is a program that is in the win98 startup folder that needs to run all the time (monitors printing so the user can be billed - called printlog by equitrac). Unfortunately with win98, the user can easily delete this program and be able to print freely. Is there a way with policies or with another security program out there, to limit the user in win98 of cancelling the program using CTRL-ALT-DEL, or to modify the startup folder? I know the last one would be to keep them from modifying the folder in DOS but I can only think of a method by making the shortcut and folder RO. This would only be a deterrant though. Any thoughts? Ron ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
