Remove RUN from start menu

  • Thread starter Thread starter Ron McLean
  • Start date Start date
R

Ron McLean

How can I remove the RUN option from the START menu for
the USERS group but not the ADMINISTRATOR group?

Ron RMcLeansc(no)@hotmail.com
 
Hi Ron,

You might be able to use a group policy (GPedit.msc) to accomplish this. I
just checked on my Windows XP Pro system and it was an available item to
modify under User Configuration/Administrative Templates/Start Menu and
Task Bar.

Here is a KB Article that discusses your options:

292504 Policy Settings for the Start Menu in Windows XP
http://support.microsoft.com/?id=292504

Snippit:

Policy:Remove Run item from Start Menu
Description:Removes the ability to execute programs from the Run option
on the Start menu, Task Manager, or by pressing Winkey + R. Also removes
the corresponding checkbox from the Start menu customization CPL.
Registry Value:"NoRun"

=========

This posting is provided "AS IS" with no warranties, and confers no rights.

=========
Paul Hayes, MCSE
Microsoft PSS
(e-mail address removed)


--------------------
 
Paul,
Thanks for your reply. I tried that and it seems to take
away the RUN from the ADMINISTRATOR GROUP also....

Ron
 
You have to either apply the Registry edit manually, to each user that you want restricted, or you can try this method

http://support.microsoft.com/?id=293655
HOW TO: Apply Local Policies to all Users Except Administrators on Windows 2000 in a Workgroup Setting

You may also want to see www.dougknox.com, Win XP Utilities, Windows XP Security Console. This utility will allow you to control this restriction, and many others, on a per-user basis.
 
Hi Ron,

I overlooked that wrinkle. You are correct. With any local group policy,
the policy will be applied to all users who log on locally - including
local administrators. There is no way via a local policy to prevent this.

The only way I can see to work around this is via Domains and domain group
policies. For home-based systems not on a domain, this is not an option.
For computers on a domain, you could implement a domain group policy that
would always trump a local group policy. For example, create a domain group
policy that enables the Run command and apply it to ONLY the Domain
Administrators group.

Recall that the order of application of group policies is this:
Local-Site-Domain-OU-OU-OU. So any local policy could be trumpted by
another policy at the domain level. Under this scenarion, with a local
policy that disables run, all users including local administrator logons do
not see the Run Command, but then if a Domain Admin logs on, they would see
the run command.

Again, unfoutunately this is not a solution in home-small office
implementations where you wouldn't be in a domain.

=========

This posting is provided "AS IS" with no warranties, and confers no rights.

=========
Paul Hayes, MCSE
Microsoft PSS
(e-mail address removed)

--------------------
 
Hi Doug,

Thanks for providing a great workaround that I overlooked.

293655 HOW TO: Apply Local Policies to all Users Except Administrators on
http://support.microsoft.com/?id=293655

MVP Doug to the rescue!

Paul Hayes, MCSE
Microsoft PSS
(e-mail address removed)

--------------------
From: "Doug Knox MS-MVP" <[email protected]>
References: <[email protected]>
Click to expand...
Subject: Re: Remove RUN from start menu
Date: Mon, 12 Jan 2004 16:16:33 -0500
Click to expand...
You have to either apply the Registry edit manually, to each user that you
Click to expand...
want restricted, or you can try this method
http://support.microsoft.com/?id=293655
HOW TO: Apply Local Policies to all Users Except Administrators on Windows 2000 in a Workgroup Setting
You may also want to see www.dougknox.com, Win XP Utilities, Windows XP
Click to expand...
Security Console. This utility will allow you to control this restriction,
and many others, on a per-user basis.
--
Doug Knox, MS-MVP Windows XP/ Windows Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Ron McLean" <[email protected]> wrote in message
Click to expand...
news:[email protected]...
 
Back
Top