Product Version: 6.X+
Expires on: 365 days from publish date
Updated: June 17, 2015
Can ProfileUnity lockdown Windows operating system?
ProfileUnity can effectively Lockdown many portions of the Windows operating system. A ready-to-use Lockdown Configuration is available which can accomplish the following:
- Disable Themes - Confirmed Win7
- Disable USB Storage
- Disable Installations from Removable Media
- Disable Windows Installer (MSIs ONLY) - Confirmed Win 7
- Disable the Ability to Right Click on the Desktop - confirmed Win 7
- Disable System Restore Tools and Settings - confirmed Win 7
- Disable the Lock Workstation Button - Confirmed Win 7
- Remove Tray Items from Taskbar - confirmed Win 7
- Disables Drag-and-Drop within the Start Menu - Confirmed Win 7
- Removes Command Line Capabilities - Confirmed Win 7
- Hide Control Panel, Printer and Network Settings
- Disallow writing to USB Drives
- Disallow Adding and Removing of Toolbars
- Disallow Active Desktop
Restricts Log off in Start Menu - Confirmed Win 7 - Does not function when using Restrict Restart and Shutdown - must
be one or the other
- Restricts Shut Down, Restart, Sleep and Hibernate commands - confirmed Win 7
- Locks Taskbar & User cannot change - Confirmed Win 7
- Restricts Registry Editor Access - Confirmed Win 7
- Restricts System Properties - Confirmed Win7
- Restricts Taskbar Properties - Confirmed Win 7
The attached .json ProfileUnity configuration file includes many HKLM registry keys which can be readily used for Lockdown. It can be imported into the ProfileUnity Management Console. Values are included to “lock” certain features in Windows. This configuration works well with non-persistent desktops. After refresh desktops will automatically rollback to default values in Windows if they are no longer active.
To disable any of the lockdown features go to "Registry" in the imported configuration and pause relevant rule.
Update and d/l the configuration to netlogon\profileunity directory for this configuration to take effect.
Note: When using this configuration with persistent or physical desktops (not recommended) and you later wish to unlock the changes, you must change the registry value to the Windows default. (not included in this config) This can be done by modifying or creating a new registry entry via ProfileUnity.
(.jason and .pdf files are attached)