Home > Products > Windows Passwords > Reset Windows Password > Screenshots > Interface and system restrictions
Interface and system restriction policy
01.03.2024
New blog post
Dumping the history of users' IP addresses in Windows
20.02.2024
Reset Windows Password v14.1
IP addresses history viewer, fast disk search, local security editor and some more
02.01.2024
Wireless Password Recovery v6.9.0
A revision of the GPU health monitor along with some minor updates
23.12.2023
HAPPY NEW YEAR!
Happy New Year greetings and holidays discount

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Reset Windows Password:
Interface and system restrictions


You can use this feature to change or reset different interface and system restrictions for the selected user. For example, allow/disallow access to specific Windows applications, lock/unlock the Run Dialog box, enable/disable certain Control Panel settings, allow/prevent access to the command prompt or the Windows registry, allow/prohibit access to CD-ROM or removable drives, etc.
 

Choosing Windows registry files

Interface and system restrictions - option Windows registry files

Choose the SAM and SYSTEM registry files that were found by the program, or specify the path to them manually.

 

Selecting user account

Interface and system restrictions - selecting user account

Select the user you want to change or reset the restrictions for. The program displays only active accounts that have a local profile.

 

Changing interface and system restrictions for selected user

Changing interface and system restrictions

Once the user is selected, you can alter the interface and system options available for the user account. Click the << APPLY CHANGES >> button to commit the changes.

 
The options affect selected user account only.
 
Short description of the interface and system options.

Control panel restrictions:

Name Description
Hide specified Control Panel items This option allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Control Panel window and the Start screen. The option affects the Start screen and Control Panel window, as well as other ways to access Control Panel items, such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings. If you enable this setting, you can select specific items not to display on the Control Panel window and the Start screen.
Show only specified Control Panel items This option controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control Panel window and the Start screen. The only items displayed in Control Panel are those you specify in this setting. This option affects the Start screen and Control Panel, as well as other ways to access Control Panel items such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings. For example, enter Microsoft.Mouse, Microsoft.System, or Microsoft.Personalization.
Prohibit access to Control Panel and PC settings Disables all Control Panel programs and the PC settings app. This option prevents Control.exe and SystemSettings.exe, the program files for Control Panel and PC settings, from starting. As a result, users cannot start Control Panel or PC settings, or run any of their items.
Settings Page Visibility Specifies the list of pages to show or hide from the System Settings app. This policy allows an administrator to block a given set of pages from the System Settings app. Blocked pages will not be visible in the app, and if all pages in a category are blocked the category will be hidden as well. Example: showonly:about,bluetooth hide:bluetooth
Disable the Display Control Panel If you enable this setting, the Display Control Panel does not run. When users try to start Display, a message appears explaining that a option prevents the action.
Hide Settings tab Removes the Settings tab from Display in Control Panel
Prevent changing theme This option disables the theme gallery in the Personalization Control Panel.
Prevent changing the visual style for windows and buttons Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.
Enable screen saver If you disable this setting, screen savers do not run. Also, this option disables the Screen Saver section of the Screen Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options.
Prevent changing color and appearance Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Control Panel on systems where the Personalization feature is not available. This option prevents users from using Control Panel to change the window border and taskbar color (on Windows 8), glass color (on Windows Vista and Windows 7), system colors, or color scheme of the desktop and windows.
Prevent changing desktop background Prevents users from adding or changing the background design of the desktop. If you enable this setting, none of the Desktop Background settings can be changed by the user.
Prevent changing desktop icons Prevents users from changing the desktop icons. If you enable this setting, none of the desktop icons can be changed by the user.
Prevent changing mouse pointers If you enable this setting, none of the mouse pointer scheme settings can be changed by the user.
Prevent changing screen saver This option prevents users from using Control Panel to add, configure, or change the screen saver on the computer. It does not prevent a screen saver from running.
Prevent changing sounds If you enable this setting, none of the Sound Scheme settings can be changed by the user.
Password protect the screen saver If you enable this setting, all screen savers are password protected. If you disable this setting, password protection cannot be set on any screen saver.
Browse the network to find printers Allows users to use the Add Printer Wizard to search the network for shared printers.
Browse a common website to find printers Adds a link to an Internet or intranet Web page to the Add Printer Wizard.
Turn off Windows default printer management This preference allows you to change default printer management. If you enable this setting, Windows will not manage the default printer.
Prevent addition of printers Prevents users from using familiar methods to add local and network printers. If this option is enabled, it removes the Add Printer option from the Start menu. (To find the Add Printer option, click Start, click Printers, and then click Add Printer.) This option also removes Add Printer from the Printers folder in Control Panel.
Prevent deletion of printers If this option is enabled, it prevents users from deleting local and network printers. If a user tries to delete a printer, such as by using the Delete option in Printers in Control Panel, a message appears explaining that a option prevents the action.
Hide the "Set Program Access and Computer Defaults" page This option removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users cannot view or change the associated page.
Hide the "Get Programs" page Prevents users from viewing or installing published programs from the network. If this option is enabled, users cannot view the programs that have been published by the system administrator, and they cannot use the "Get Programs" page to install published programs.  Enabling this feature does not prevent users from installing programs by using other methods.  Users will still be able to view and installed assigned (partially installed) programs that are offered on the desktop or on the Start menu.
Hide the "Installed Updates" page This option prevents users from accessing the "Installed Updates" page from the "View installed updates" task.
Hide the "Programs and Features" page This option prevents users from accessing "Programs and Features" to view, uninstall, change, or repair programs that are currently installed on the computer.
Hide the Programs Control Panel This option prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View.
Hide "Windows Features" This option prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs.  As a result, users cannot view, enable, or disable various Windows features and services.
Hide "Windows Marketplace" This option prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View, Programs and Features in Classic View, and Get Programs.
Hide Regional and Language Options administrative options This option removes the Administrative options from the Region settings control panel. Administrative options include interfaces for option system locale and copying settings to the default user. This option does not, however, prevent an administrator or another application from changing these values programmatically.
Hide the geographic location option This option removes the option to change the user's geographical location (GeoID) from the Region settings control panel.
Hide the select language group options This option removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.
Hide user locale selection and customization options This option removes the regional formats interface from the Region settings control panel.

 

Desktop restrictions:

Name Description
Hide Network Locations icon on the desktop Removes the Network Locations icon from the desktop.
Remove the Desktop Cleanup Wizard Prevents users from using the Desktop Cleanup Wizard.
Remove Computer icon on the desktop This option hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows, and it hides Computer in the Explorer folder tree pane. If the user navigates into Computer via the "Up" button while this option is enabled, they view an empty Computer folder. This option allows administrators to restrict their users from seeing Computer in the shell namespace, allowing them to present their users with a simpler desktop environment.
Remove Properties from the Documents icon context menu This option hides the Properties menu command on the shortcut menu for the My Documents icon.
Prevent adding, dragging, dropping, and closing the Taskbar's toolbars Prevents users from manipulating desktop toolbars. If you enable this setting, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars on to or off of docked toolbars.
Remove Recycle Bin icon from desktop Removes most occurrences of the Recycle Bin icon.
Hide Internet Explorer icon on desktop Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.
Hide and disable all items on the desktop Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, Computer, and Network Locations.
Remove Properties from the Recycle Bin context menu Removes the Properties option from the Recycle Bin context menu.
Remove Properties from the Computer icon context menu This option hides Properties on the context menu for Computer.
Hide Active Directory folder Hides the Active Directory folder in Network Locations.
Prohibit adjusting desktop toolbars Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbars.
Remove My Documents icon on the desktop Removes most occurrences of the My Documents icon.
Enable Active Desktop Enables Active Desktop and prevents users from disabling it.
Disable Active Desktop Disables Active Desktop and prevents users from enabling it.
Prohibit changes Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration.
Prohibit adding items Prevents users from adding Web content to their Active Desktop.
Prohibit closing items Prevents users from removing Web content from their Active Desktop.
Prohibit editing items Prevents users from changing the properties of Web content items on their Active Desktop.
Prohibit deleting items Prevents users from deleting Web content from their Active Desktop.
Disable all items Removes Active Desktop content and prevents users from adding Active Desktop content.
Add or delete items Adds and deletes specified Web content items.

 

Network restrictions:

Name Description
Prohibit connecting and disconnecting a remote access connection Determines whether users can connect and disconnect remote access connections.
Prohibit deletion of remote access connections Determines whether users can delete remote access connections.
Prohibit renaming private remote access connections Determines whether users can rename their private remote access connections.
Ability to rename all user remote access connections Determines whether nonadministrators can rename all-user remote access connections.
Prohibit access to the Remote Access Preferences item on the Advanced menu Determines whether the Remote Access Preferences item on the Advanced menu in the Network Connections folder is enabled.
Prohibit access to properties of a LAN connection Determines whether users can change the properties of a LAN connection.
Prohibit TCP/IP advanced configuration Determines whether users can configure advanced TCP/IP settings.
Prohibit access to the Advanced Settings item on the Advanced menu Determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.
Ability to rename LAN connections Determines whether nonadministrators can rename a LAN connection.
Prohibit adding and removing components for a LAN or remote access connection Determines whether administrators can add and remove network components for a LAN or remote access connection. This option has no effect on nonadministrators.
Ability to delete all user remote access connections Determines whether users can delete all user remote access connections.
Prohibit changing properties of a private remote access connection Determines whether users can view and change the properties of their private remote access connections.
Ability to change properties of an all user remote access connection Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.
Prohibit access to properties of components of a remote access connection Determines whether users can view and change the properties of components used by a private or all-user remote access connection.
Enable Windows 2000 Network Connections settings for Administrators Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.
Prohibit access to properties of components of a LAN connection Determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.
Ability to Enable/Disable a LAN connection Determines whether users can enable/disable LAN connections.
Prohibit viewing of status for an active connection Determines whether users can view the status for an active connection.
Ability to rename LAN connections or remote access connections available to all users Determines whether users can rename LAN or all user remote access connections.
Prohibit Enabling/Disabling components of a LAN connection Determines whether administrators can enable and disable the components used by LAN connections.
Prohibit access to the New Connection Wizard Determines whether users can use the New Connection Wizard, which creates new network connections.
Prohibit user configuration of Offline Files Prevents users from enabling, disabling, or changing the configuration of Offline Files.
Remove the "Work offline" command This option removes the "Work offline" command from Explorer, preventing users from manually changing whether Offline Files is in online mode or offline mode.
Remove the "Make Available Offline" command This option prevents users from making network files and folders available offline.
Prohibit access to the Windows Connect Now wizards This option prohibits access to Windows Connect Now (WCN) wizards.

 

Start menu and taskbar restrictions::

Name Description
Remove the "Undock PC" button from the Start Menu If you enable this setting, the "Undock PC" button is removed from the simple Start Menu, and your PC cannot be undocked.
Remove user folder link from Start Menu If you enable this option the start menu will not show a link to the user's storage folder.
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands This option prevents users from performing the following commands from the Start menu or Windows Security screen: Shut Down, Restart, Sleep, and Hibernate. This option does not prevent users from running Windows-based programs that perform these functions.
Remove user's folders from the Start Menu Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden.
Remove programs on the Settings menu This option allows you to remove programs on the Settings menu. If you enable this setting, the Control Panel, Printers, and Network and Connection folders are removed from Settings on the Start menu, and from Computer and File Explorer. It also prevents the programs represented by these folders (such as Control.exe) from running.
Remove See More Results / Search Everywhere link If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
Remove Favorites menu from Start Menu Prevents users from adding the Favorites menu to the Start menu or classic Start menu. If you enable this setting, the Display Favorites item does not appear in the Advanced Start menu options box.
Show QuickLaunch on Taskbar This option controls whether the QuickLaunch bar is displayed in the Taskbar.
Add the Run command to the Start Menu If you enable this setting, the Run command is added to the Start menu.
Remove Recorded TV link from Start Menu This option allows you to remove the Recorded TV link from the Start Menu.
Disable context menus in the Start Menu This allows you to prevent users from being able to open context menus in the Start Menu.
Remove All Programs list from the Start menu If you enable this setting, the Start Menu will either collapse or remove the all apps list from the Start menu.
Lock the Taskbar This option affects the taskbar, which is used to switch between running applications.
Hide the notification area This option affects the notification area (previously called the "system tray") on the taskbar.
Remove Clock from the system notification area Prevents the clock in the system notification area from being displayed.
Show "Run as different user" command on Start This option shows or hides the "Run as different user" command on the Start application bar.
Remove access to the context menus for the taskbar This option allows you to remove access to the context menus for the taskbar.
Remove Run menu from Start Menu Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.
Remove Documents icon from Start Menu This option allows you to remove the Documents icon from the Start menu and its submenus.
Remove the People Bar from the taskbar This allows you to remove the People Bar from the taskbar and disables the My People experience.
Remove Help menu from Start Menu This option allows you to remove the Help command from the Start menu.
Prevent changes to Taskbar and Start Menu Settings This option allows you to prevent changes to Taskbar and Start Menu Settings.
Remove Downloads link from Start Menu This option allows you to remove the Downloads link from the Start Menu.
Remove Videos link from Start Menu This option allows you to remove the Videos link from the Start Menu.
Remove frequent programs list from the Start Menu If you enable this setting, the frequently used programs list is removed from the Start menu.
Remove Games link from Start Menu If you enable this option the start menu will not show a link to the Games folder.
Remove Search link from Start Menu This option allows you to remove the Search link from the Start menu and disables some File Explorer search elements. Note that this does not remove the search box from the new style Start menu.
Prevent users from customizing their Start Screen This option allows you to prevent users from changing their Start screen layout.
Remove common program groups from Start Menu Removes items in the All Users profile from the Programs menu on the Start menu.
Prevent users from uninstalling applications from Start If you enable this setting, users cannot uninstall apps from Start.
Remove Network Connections from Start Menu This option allows you to remove Network Connections from the Start Menu.
Remove pinned programs list from the Start Menu If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users cannot pin programs to the Start menu.
Add Logoff to the Start Menu This option only applies to the classic version of the start menu and does not affect the new style start menu.
Remove Default Programs link from the Start menu This option allows you to remove the Default Programs link from the Start menu.
Remove Recent Items menu from Start Menu Removes the Recent Items menu from the Start menu.  Removes the Documents menu from the classic Start menu.
Remove Music icon from Start Menu This option allows you to remove the Music icon from Start Menu.
Remove "Recently added" list from Start Menu This option allows you to prevent the Start Menu from displaying a list of recently installed applications.
Remove Logoff on the Start Menu This option allows you to removes the "Log Off " item from the Start menu and prevents users from restoring it.
Remove Homegroup link from Start Menu If you enable this option the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result, users cannot add the homegroup link to the Start Menu.
Remove Search Computer link If you enable this policy, the "See all results" link will not be shown when the user performs a search in the start menu search box.
Add Search Internet link to Start Menu If you enable this policy, a "Search the Internet" link is shown when the user performs a search in the start menu search box.  This button launches the default browser with the search terms.
Remove Network icon from Start Menu This option allows you to remove the Network icon from Start Menu.
Remove links and access to Windows Update This option allows you to remove links and access to Windows Update.
Show additional calendar By default, the calendar is set according to the locale of the operating system, and users can show an additional calendar. For zh-CN and zh-SG locales, an additional calendar shows the lunar month and date and holiday names in Simplified Chinese (Lunar) by default. For zh-TW, zh-HK, and zh-MO locales, an additional calendar shows the lunar month and date and holiday names in Traditional Chinese (Lunar) by default.
Prevent users from rearranging toolbars This option allows you to prevent users from rearranging toolbars.
Lock all taskbar settings This option allows you to lock all taskbar settings.
Remove the battery meter This option allows you to remove the battery meter from the system control area.
Remove pinned programs from the Taskbar This option allows you to remove pinned programs from the taskbar.
Remove the Security and Maintenance icon This option allows you to remove Security and Maintenance from the system control area.
Do not allow pinning programs to the Taskbar This option allows you to control pinning programs to the Taskbar.
Prevent users from adding or removing toolbars This option allows you to prevent users from adding or removing toolbars.
Prevent users from moving the taskbar to another screen dock location This option allows you to prevent users from moving the taskbar to another screen dock location.
Remove the networking icon This option allows you to remove the networking icon from the system control area.
Prevent users from resizing the taskbar This option allows you to prevent users from resizing the taskbar.
Show Windows Store apps on the taskbar This option allows users to see Windows Store apps on the taskbar.
Remove the volume control icon This option allows you to remove the volume control icon from the system control area.
Do not allow pinning Store app to the Taskbar This option allows you to control pinning the Store app to the Taskbar.
Remove Notifications and Action Center This option removes Notifications and Action Center from the notification area on the taskbar.

 

System restrictions:

Name Description
Prevent access to the command prompt This option prevents users from running the interactive command prompt, Cmd.exe. This option also determines whether batch files (.cmd and .bat) can run on the computer. If you enable this option and the user tries to open a command window, the system displays a message explaining that a option prevents the action.
Prevent access to registry editing tools Disables the Windows registry editor Regedit.exe. If you enable this policy option and the user tries to start Regedit.exe, a message appears explaining that a policy option prevents the action.
Don't run specified Windows applications Prevents Windows from running the programs you specify in this setting.
Run only specified Windows applications Limits the Windows programs that users have permission to run on the computer.
Remove Logoff This option disables or removes all menu items and buttons that log the user off the system. If you enable this setting, users will not see the Log off menu item when they press Ctrl+Alt+Del. This will prevent them from logging off unless they restart or shutdown the computer, or clicking Log off from the Start menu.
Remove Task Manager This option prevents users from starting Task Manager. If you enable this setting, users will not be able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action.
Remove Change Password This option prevents users from changing their Windows passwords on demand. If you enable this setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del.
Remove Lock Computer This option prevents users from locking the system. If you enable this setting, users cannot lock the computer from the keyboard using Ctrl+Alt+Del.
All Removable Storage classes: Deny all access Configure access to all removable storage classes.
Removable Disks: Deny read access This option denies read access to removable disks.
Removable Disks: Deny write access This option denies write access to removable disks.
CD and DVD: Deny read access This option denies read access to the CD and DVD removable storage class.
CD and DVD: Deny write access This option denies write access to the CD and DVD removable storage class.
WPD Devices: Deny read access This option denies read access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
WPD Devices: Deny write access This option denies write access to removable disks, which may include media players, cellular phones, auxiliary displays, and CE devices.
Floppy Drives: Deny read access This option denies read access to the Floppy Drives removable storage class, including USB Floppy Drives.
Floppy Drives: Deny write access This option denies write access to the Floppy Drives removable storage class, including USB Floppy Drives.
Tape Drives: Deny read access This option denies read access to the Tape Drive removable storage class.
Tape Drives: Deny write access This option denies write access to the Tape Drive removable storage class.

 

Note that some options may be shown as inactive. It depends on the version of the selected Operating System.