Adhering to System Policy Settings

System-level Group Policy settings may be set by administrators to control specific abilities of the system. For example, an administrator could set a policy to hide the CD-ROM drive on certain users' computers. To conform to this policy, your application must hide the CD-ROM drive in the File Open common dialog box and in any other location where the CD-ROM drive icon appears.

Windows provides many registry policy settings. For an application to comply with the Windows application architecture, it must comply with the policies provided in this topic. For more information, see the Windows Logo Program.

For each policy listed below, your application must adhere to any policy settings that are enabled at the time your application is published. For many applications, no action is required to adhere to these policies. However, if your application replaces or duplicates operating system functionality, specific steps may be required on the part of the application.

This topic includes information about the following policies:

It is recommended that your application conform to the following additional system-level policies:

  • Do not save settings at exit. When this policy is set, applications should not save settings such as window size and location, or toolbar locations.
  • Disable changes to taskbar and Start Menu settings. When this policy is set, applications should not add any items to, or remove any items from the Start Menu.

Registry settings for system-level policies can be found in the System.adm file. It is recommended that developers review the System.adm file to ensure their applications conform to additional policies set by the administrator.

Remove Run from Start menu

ValueMeaning
Description

When this policy is enabled, the system removes Run from the Start menu and disables users from starting the Run dialog box by pressing the Windows logo key + R.

Application action

If your application has a function that allows a user to start a program by typing in its name and path in a dialog, then your application must disable that functionality when this policy is enabled.

Registry information

Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value: NoRun

 

Hide specified drives in My Computer

ValueMeaning
Description

When enabled, this policy removes the icons representing the selected disk drives from My Computer, Windows Explorer, and My Network Places and from common dialog boxes.

Application action

Your application must hide any drives that are hidden by the system when this policy is enabled. This includes any buttons, menu options, icons, or any other visual representation of drives in your application. This does not preclude the user from accessing drives by manually entering drive letters in dialog boxes.

Registry information

Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value: NoDrives

 

Run only allowed Windows applications

ValueMeaning
Description

When this policy is enabled, users can only run applications that are listed under the RestrictRun value.

Application action

Your application must not start any application that is not on this list. Be aware that this does not apply when starting applications through COM. If you use ShellExecuteEx, the system will perform this check automatically.

Registry information

Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value: RestrictRun

 

Remove Map Network Drive and Disconnect Network Drive

ValueMeaning
Description

When this policy is enabled, users are prevented from using Windows Explorer and My Network Places to connect to other computers or to close existing connections.

Application action

When this policy is enabled, applications must not provide buttons, menu options, icons, or other visual representation that enables a user to map or disconnect network drives.

Registry information

Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value: NoNetConnectDisconnect

 

No Entire Network in My Network Places

ValueMeaning
Description

When enabled, this policy removes all computers outside of the user's workgroup or local domain from lists of network resources in Windows Explorer and My Network Places.

Application action

When this policy is enabled, applications that allow users to browse network resources must limit browsing functionality to local workgroup or domain.

Registry information

Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network

Value: NoEntireNetwork

 

Do not keep history of recently open documents

ValueMeaning
Description

When this policy is enabled, the system does not save shortcuts to most recently used (MRU) documents in the Start menu.

Application action

When this policy is enabled, applications must not keep MRU lists (for example, in common dialog boxes).

Registry information

Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value: NoRecentDocsMenu

 

Disable or remove the shut down command

ValueMeaning
Description

This policy prevents the user from using the Windows user interface to shut down the system.

Application action

When this policy is enabled, applications that enable the user to shut down Windows must disable this functionality.

Registry information

Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value: NoClose

 

Hide places bar

ValueMeaning
Description

The places bar allows users to navigate directly to the following locations: History, Desktop, My Documents, My Computer, and My Network Places. When this policy is enabled, the system removes the places bar from the common dialog box.

Application action

When this policy is set, applications that provide their own file or open dialog boxes must remove any equivalent functionality to the places bar. Applications that use the common dialog box library will comply with this policy.

Registry Information

Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

Value: NoPlacesBar

 

Hide Back button

ValueMeaning
Description

When this policy is enabled, the system removes the Back button from the common dialog box, preventing the user from browsing to the previous folder accessed from the dialog box.

Application action

When this policy is set, applications that provide their own file and open dialog boxes must remove any Back button functionality from these dialog boxes. Applications that use the common dialog box library will comply with this policy.

Registry information

Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

Value: NoBackButton

 

Remove MRU list

ValueMeaning
Description

When this policy is enabled, the system removes the MRU list from the common dialog boxes.

Application action

When this policy is set, applications that provide their own file or open dialog boxes must not display an MRU list in these dialog boxes. Applications that use the common dialog box library will comply with this policy.

Registry Information

Key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

Value: NoFileMru

 

 

 

Show: