Can ProfileUnity lockdown Windows operating system?

Product: ProfileUnity-FlexApp

Product Version: 6.X+

Expires on: 365 days from publish date

Updated: June 17, 2015



Can ProfileUnity lockdown Windows operating system?


Possible Resolution(s): 

ProfileUnity can effectively Lockdown many portions of the Windows operating system.  A ready-to-use Lockdown Configuration is available which can accomplish the following:

  1. Disable Themes - Confirmed Win7
  2. Disable USB Storage
  3. Disable Installations from Removable Media
  4. Disable Windows Installer (MSIs ONLY) - Confirmed Win 7
  5. Disable the Ability to Right Click on the Desktop - confirmed Win 7
  6. Disable System Restore Tools and Settings - confirmed Win 7
  7. Disable the Lock Workstation Button - Confirmed Win 7
  8. Remove Tray Items from Taskbar - confirmed Win 7
  9. Disables Drag-and-Drop within the Start Menu - Confirmed Win 7
  10. Removes Command Line Capabilities - Confirmed Win 7
  11. Hide Control Panel, Printer and Network Settings
  12. Disallow writing to USB Drives
  13. Disallow Adding and Removing of Toolbars
  14. Disallow Active Desktop
  15. Restricts Log off in Start Menu - Confirmed Win 7 - Does not function when using Restrict Restart and Shutdown - must
    be one or the other

  16. Restricts Shut Down, Restart, Sleep and Hibernate commands - confirmed Win 7
  17. Locks Taskbar & User cannot change - Confirmed Win 7
  18. Restricts Registry Editor Access - Confirmed Win 7
  19. Restricts System Properties - Confirmed Win7
  20. Restricts Taskbar Properties - Confirmed Win 7

The attached .json ProfileUnity configuration file includes many HKLM registry keys which can be readily used for Lockdown.  It can be imported into the ProfileUnity Management Console.  Values are included to “lock” certain features in Windows.  This configuration works well with non-persistent desktops. After refresh desktops will automatically rollback to default values in Windows if they are no longer active.  

To disable any of the lockdown features go to "Registry" in the imported configuration and pause relevant rule. 

Update and d/l the configuration to netlogon\profileunity directory for this configuration to take effect.

Note: When using this configuration with persistent  or physical desktops (not recommended) and you later wish to unlock the changes, you must change the registry value to the Windows default. (not included in this config)  This can be done by modifying or creating a new registry entry via ProfileUnity.

(.jason and .pdf files are attached)

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Article is closed for comments.