Disable task manager for restricted user on Windows 7 Home Premium

2

Anybody know how? So far all I've been able to do is disable the task manager for the admin user.

I used the following registry key:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000001

Ran it as the admin user though and only that admin user got blocked from using the task manager. All the other guides for Windows 7 I saw suggested the use of the Local Group Policy Editor which Windows 7 Home Premium doesn't have.

I think I could make the registry hack work if I could run it as the restricted user. Unfortunately, restricted users can't add entries to the registry.

R.K.

Posted 2011-08-04T02:09:07.730

Reputation: 168

Answers

3

This was my original answer:

Log in as the restricted user, then go to c:\windows and right click on regedit and click "Run as Administrator" (you will be asked for the credentials), and make the same registry changes.

OK, to be honest, after I wrote the answer, I decided to test it, and double-check my answer as I often do. What I found blew up a long-held thought that I had, and I am going to mention it now because I am sure that I am not the only one, who will be surprised.

Despite being logged in as my user "Test", when I ran regedit.exe as administrator (or even a second administrative user), instead of it ONLY running the program with elevated privileges, it also changes the HKEY_Current_User hive to that same administrator account. I was extremely surprised.

So I would do it this way for simplicity: Elevate the user to administrative level temporarily in Control Panel>Users. Log in as that user, and make the registry change exactly as you had above. You can test it immediately by right-clicking the taskbar. Log out, and back in as administrator, and demote the user back to standard. I tested this and it worked.

An even easier way: While logged in as your administrative user, elevate the standard user to administrative level temporarily in Control Panel>Users, then follow the original answer. Now running regedit as that user, it will load their hive, and you can edit it. Then demote them again. This way, it is all done without logging in and out.

I think this is clear, but if I did make something a bit confusing, just ask in the comments, and I will try to clarify.

KCotreau

Posted 2011-08-04T02:09:07.730

Reputation: 24 985

Oh, and then the changes would be reflected on the restricted user? Thanks. Will test it later :) – R.K. – 2011-08-04T02:16:55.493

Sorry for the initial mistake. – KCotreau – 2011-08-04T03:03:25.327

That was my initial thought too, so I didn't try it. Though I've never tested it. I was gonna try your first answer later though. Thanks for the answer :) – R.K. – 2011-08-04T08:57:34.383

1

Just a different way to do it, you can do: Icacls taskmgr.exe /deny user:F from a command prompt running as administrator. Its a more general approach though.

soandos

Posted 2011-08-04T02:09:07.730

Reputation: 22 744

1

As admin, open regedit.

  • Goto hkey_users
  • File / Load hive.
  • Browse to c:\users\username
  • Type ntuser.dat

Go to the above mentioned key and add a dword. Works on 7 HP.

Michael

Posted 2011-08-04T02:09:07.730

Reputation: 11

Asked: 2011-08-04T02:09:07.730

Viewed: 7 678 times

Active: 2013-09-03T07:30:14.073