Preventing resolution changes

[Guest]

I have group policies in place to prevent users from changing the screen
resolutions of their desktops. Occasionally, I still find a few screens that
have been changed. Upon investigation, I find that the user is using a
program (reschange.exe) downloaded from the Internet that obviously bypasses
the gp setting. Other than software Restriction Policies, which I am a bit
leary of and find difficult to setup and manage, is there any other way to
prevent resolution changes (registry permissions, etc)? I would think that
there is a registry entry that I could harden the permissions on.

 

[Lanwench [MVP - Exchange]]

I have group policies in place to prevent users from changing the
screen resolutions of their desktops. Occasionally, I still find a
few screens that have been changed. Upon investigation, I find that
the user is using a program (reschange.exe) downloaded from the
Internet that obviously bypasses the gp setting. Other than software
Restriction Policies, which I am a bit leary of and find difficult to
setup and manage, is there any other way to prevent resolution
changes (registry permissions, etc)? I would think that there is a
registry entry that I could harden the permissions on.

Do your users have local admin rights? (revoke them if they do). Does this
utility run as a regular user?

Software restriction policies will work, but I agree with you that they're a
huge pain to deal with. Note that this may be a situation in which the
following applies...

"There are seldom good technological solutions for behavioral problems." (Ed
Crowley).

If your users aren't supposed to be doing X, and they go ahead and do X
anyway, make sure you have "Don't do X or you'll be sacked" in a written
computer use policy, which all your users should sign when they start with
the company. In addition, set a domain-wide logon banner that states

"Access for authorized users only. Clicking "OK" below indicates your
agreement to abide by the written computer use policy at Company ABC."

.....that being said, if this is just about display resolution, why does your
management actually care? Just curious.

 

[Guest]

Unfortunately, this reschange program can be ran by a regular user. These
machines are used by students who should know the rules but do not follow
them. We have certain programs than run best under certain resolutions and
don't want them changed. If it changed it for just the user that ran the
program, fine. But I could never understand why resolution was a global
configuration.

 

[Malke]

Lanwench [MVP - Exchange] wrote:

(good stuff as usual)

Queen of the Lans and the Wenches - Nothing to do with this post and
please excuse the interruption. Can you email me, please? I need your help.


Malke

 

[Steven L Umbach]

Try setting a Software Restriction Policy that prevents that program from
running using a hash rule or hash rules if there are various versions.

Another thing to try is to force Group Policy registry settings to be
reapplied even if Group Policy settings have not changed. Do that in the
appropriate Group Policy under computer configuration/administrative
templates/system/group policy - registry policy processing set to enabled
and with process even if Group Policy objects have not changed. Then by
default every 90 minutes [default interval] or so the registry settings
should be set back to what Group Policy specifies.

To track down actual registry keys involved you could try running the
program using a registry snapshot program like the free Regshot to see
before and after changes after doing so. Then you could try changing
permissions to the registry keys involved to no allow users change
permission which also could be implemented via Group Policy or computer
startup script if needed.

http://www.softpedia.com/get/Tweak/Registry-Tweak/Reg-Shot.shtml -- Regshot

Steve

 

[Guest]

I looked at where the registry was being modified. Most of the 20 or so
changes occur in HKLM\System\ControSet001 where the normal user only has read
access anyway. So I guess I will try and setup a software restriction
policy. New territory for me but I will give it a shot.

Try setting a Software Restriction Policy that prevents that program from
running using a hash rule or hash rules if there are various versions.

Another thing to try is to force Group Policy registry settings to be
reapplied even if Group Policy settings have not changed. Do that in the
appropriate Group Policy under computer configuration/administrative
templates/system/group policy - registry policy processing set to enabled
and with process even if Group Policy objects have not changed. Then by
default every 90 minutes [default interval] or so the registry settings
should be set back to what Group Policy specifies.

To track down actual registry keys involved you could try running the
program using a registry snapshot program like the free Regshot to see
before and after changes after doing so. Then you could try changing
permissions to the registry keys involved to no allow users change
permission which also could be implemented via Group Policy or computer
startup script if needed.

http://www.softpedia.com/get/Tweak/Registry-Tweak/Reg-Shot.shtml -- Regshot

Steve

I have group policies in place to prevent users from changing the screen
resolutions of their desktops. Occasionally, I still find a few screens
that
have been changed. Upon investigation, I find that the user is using a
program (reschange.exe) downloaded from the Internet that obviously
bypasses
the gp setting. Other than software Restriction Policies, which I am a
bit
leary of and find difficult to setup and manage, is there any other way to
prevent resolution changes (registry permissions, etc)? I would think
that
there is a registry entry that I could harden the permissions on.

 

[Lanwench [MVP - Exchange]]

Lanwench [MVP - Exchange] wrote:

(good stuff as usual)

Queen of the Lans and the Wenches - Nothing to do with this post and
please excuse the interruption. Can you email me, please? I need your
help.

Malke

M....I emailed you right after I saw this yesterday....LW

 

[Steven L Umbach]

Below is a helpful link on SRP. When you start out create a test
Organizational Unit with a test Group Policy linked to it and experiment
with it that way with a couple test users/computers that can be moved in or
out of that OU as needed. Also check the application log on any computer
that has SRP applied to it or a user that logs onto it can be helpful in
troubleshooting.

Steve


http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html

I looked at where the registry was being modified. Most of the 20 or so
changes occur in HKLM\System\ControSet001 where the normal user only has
read
access anyway. So I guess I will try and setup a software restriction
policy. New territory for me but I will give it a shot.

Try setting a Software Restriction Policy that prevents that program from
running using a hash rule or hash rules if there are various versions.

Another thing to try is to force Group Policy registry settings to be
reapplied even if Group Policy settings have not changed. Do that in the
appropriate Group Policy under computer configuration/administrative
templates/system/group policy - registry policy processing set to enabled
and with process even if Group Policy objects have not changed. Then by
default every 90 minutes [default interval] or so the registry settings
should be set back to what Group Policy specifies.

To track down actual registry keys involved you could try running the
program using a registry snapshot program like the free Regshot to see
before and after changes after doing so. Then you could try changing
permissions to the registry keys involved to no allow users change
permission which also could be implemented via Group Policy or computer
startup script if needed.

http://www.softpedia.com/get/Tweak/Registry-Tweak/Reg-Shot.shtml --
Regshot

Steve

I have group policies in place to prevent users from changing the screen
resolutions of their desktops. Occasionally, I still find a few
screens
that
have been changed. Upon investigation, I find that the user is using a
program (reschange.exe) downloaded from the Internet that obviously
bypasses
the gp setting. Other than software Restriction Policies, which I am a
bit
leary of and find difficult to setup and manage, is there any other way
to
prevent resolution changes (registry permissions, etc)? I would think
that
there is a registry entry that I could harden the permissions on.

 

[Steven L Umbach]

Here is the other link I forgot to add.

Steve

http://technet.microsoft.com/en-us/library/bb457006.aspx

Below is a helpful link on SRP. When you start out create a test
Organizational Unit with a test Group Policy linked to it and experiment
with it that way with a couple test users/computers that can be moved in
or out of that OU as needed. Also check the application log on any
computer that has SRP applied to it or a user that logs onto it can be
helpful in troubleshooting.

Steve


http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html

I looked at where the registry was being modified. Most of the 20 or so
changes occur in HKLM\System\ControSet001 where the normal user only has
read
access anyway. So I guess I will try and setup a software restriction
policy. New territory for me but I will give it a shot.

Try setting a Software Restriction Policy that prevents that program
from
running using a hash rule or hash rules if there are various versions.

Another thing to try is to force Group Policy registry settings to be
reapplied even if Group Policy settings have not changed. Do that in the
appropriate Group Policy under computer configuration/administrative
templates/system/group policy - registry policy processing set to
enabled
and with process even if Group Policy objects have not changed. Then by
default every 90 minutes [default interval] or so the registry settings
should be set back to what Group Policy specifies.

To track down actual registry keys involved you could try running the
program using a registry snapshot program like the free Regshot to see
before and after changes after doing so. Then you could try changing
permissions to the registry keys involved to no allow users change
permission which also could be implemented via Group Policy or computer
startup script if needed.

http://www.softpedia.com/get/Tweak/Registry-Tweak/Reg-Shot.shtml --
Regshot

Steve


I have group policies in place to prevent users from changing the
screen
resolutions of their desktops. Occasionally, I still find a few
screens
that
have been changed. Upon investigation, I find that the user is using
a
program (reschange.exe) downloaded from the Internet that obviously
bypasses
the gp setting. Other than software Restriction Policies, which I am
a
bit
leary of and find difficult to setup and manage, is there any other
way to
prevent resolution changes (registry permissions, etc)? I would think
that
there is a registry entry that I could harden the permissions on.