Here's how to automatically secure machines from crashes caused by overzealous users editing the registry.
All you have to do is go to System Policy Editor in Administrator Tools or run command poledit.exe.
- Choose File->New policy.
- Choose Edit-> New Group and select Domian Users. (This can be done to the deafult users icon also, but that will deny EVERYONE,including you the admininstrator, from accessing the registry.)
- Now double click Domain Users and drill down to System-> Restrictions.
- Here you will find two tabs: Disable Registry Editing Tools and Run Only Allowed Window Applications. Both of these tabs are greyed out (which means they are on default mode).
- Now Click on Disable Registry Editing Tools. You will notice a check mark appears. Now the registery editing is disabled.
- One more important step remains. After you click OK, choose File-> Save as.
- Browse to %windir%system32replImportScripts Directory (which is your Netlogon Directory).
- Save the file as NTconfig.pol and once more as config.pol. The first one is for all the NT based workstations and the config.pol is for Windows 95/98 based workstations.
- Now go to services and stop and start the Directory Replication Service.
That is all. Now when the users logon the policy will get replicated to their machines and the registery ediing on all the machines
This was first published in July 2001