Share via


Adhering to System Policy Settings

System-level Group Policy settings may be set by administrators to control specific abilities of the system. For example, an administrator could set a policy to hide the CD-ROM drive on certain users' computers. To conform to this policy, your application must hide the CD-ROM drive in the File Open common dialog box and in any other location where the CD-ROM drive icon appears.

Windows provides many registry policy settings. For an application to comply with the Windows application architecture, it must comply with the policies provided in this topic. For more information, see the Windows Logo Program.

For each policy listed below, your application must adhere to any policy settings that are enabled at the time your application is published. For many applications, no action is required to adhere to these policies. However, if your application replaces or duplicates operating system functionality, specific steps may be required on the part of the application.

This topic includes information about the following policies:

It is recommended that your application conform to the following additional system-level policies:

  • Do not save settings at exit. When this policy is set, applications should not save settings such as window size and location, or toolbar locations.
  • Disable changes to taskbar and Start Menu settings. When this policy is set, applications should not add any items to, or remove any items from the Start Menu.

Registry settings for system-level policies can be found in the System.adm file. It is recommended that developers review the System.adm file to ensure their applications conform to additional policies set by the administrator.

Remove Run from Start menu

Value Meaning
Description When this policy is enabled, the system removes Run from the Start menu and disables users from starting the Run dialog box by pressing the Windows logo key + R.
Application action If your application has a function that allows a user to start a program by typing in its name and path in a dialog, then your application must disable that functionality when this policy is enabled.
Registry information Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoRun

Hide specified drives in My Computer

Value Meaning
Description When enabled, this policy removes the icons representing the selected disk drives from My Computer, Windows Explorer, and My Network Places and from common dialog boxes.
Application action Your application must hide any drives that are hidden by the system when this policy is enabled. This includes any buttons, menu options, icons, or any other visual representation of drives in your application. This does not preclude the user from accessing drives by manually entering drive letters in dialog boxes.
Registry information Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoDrives

Run only allowed Windows applications

Value Meaning
Description When this policy is enabled, users can only run applications that are listed under the RestrictRun value.
Application action Your application must not start any application that is not on this list. Be aware that this does not apply when starting applications through COM. If you use ShellExecuteEx, the system will perform this check automatically.
Registry information Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: RestrictRun

Remove Map Network Drive and Disconnect Network Drive

Value Meaning
Description When this policy is enabled, users are prevented from using Windows Explorer and My Network Places to connect to other computers or to close existing connections.
Application action When this policy is enabled, applications must not provide buttons, menu options, icons, or other visual representation that enables a user to map or disconnect network drives.
Registry information Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoNetConnectDisconnect

No Entire Network in My Network Places

Value Meaning
Description When enabled, this policy removes all computers outside of the user's workgroup or local domain from lists of network resources in Windows Explorer and My Network Places.
Application action When this policy is enabled, applications that allow users to browse network resources must limit browsing functionality to local workgroup or domain.
Registry information Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
Value: NoEntireNetwork

Do not keep history of recently open documents

Value Meaning
Description When this policy is enabled, the system does not save shortcuts to most recently used (MRU) documents in the Start menu.
Application action When this policy is enabled, applications must not keep MRU lists (for example, in common dialog boxes).
Registry information Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoRecentDocsMenu

Disable or remove the shut down command

Value Meaning
Description This policy prevents the user from using the Windows user interface to shut down the system.
Application action When this policy is enabled, applications that enable the user to shut down Windows must disable this functionality.
Registry information Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: NoClose

Hide places bar

Value Meaning
Description The places bar allows users to navigate directly to the following locations: History, Desktop, My Documents, My Computer, and My Network Places. When this policy is enabled, the system removes the places bar from the common dialog box.
Application action When this policy is set, applications that provide their own file or open dialog boxes must remove any equivalent functionality to the places bar. Applications that use the common dialog box library will comply with this policy.
Registry Information Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Value: NoPlacesBar

Hide Back button

Value Meaning
Description When this policy is enabled, the system removes the Back button from the common dialog box, preventing the user from browsing to the previous folder accessed from the dialog box.
Application action When this policy is set, applications that provide their own file and open dialog boxes must remove any Back button functionality from these dialog boxes. Applications that use the common dialog box library will comply with this policy.
Registry information Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Value: NoBackButton

Remove MRU list

Value Meaning
Description When this policy is enabled, the system removes the MRU list from the common dialog boxes.
Application action When this policy is set, applications that provide their own file or open dialog boxes must not display an MRU list in these dialog boxes. Applications that use the common dialog box library will comply with this policy.
Registry Information Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
Value: NoFileMru