In another post we made changes to the registry in order for our Kiosk computer to log into a domain account without typing credentials.
In order not to expose the Credentials used we now apply this GPO to prevent regedit from running.
Please note that this setting only specifically Prevent access to registry editing tools.
If we also want to prevent the users from running other administrative tools, we need to setup the GPO Run only specified Windows applications policy setting.
- Start you Group Policy Management by typing gpmc.msc, right-click your domain and select Create a GPO in this domain, and Link it here…
You might obviously want to link the GPO somewhere else.
- Select af fitting name and click OK
- Right-click your new GPO shortcut and select Edit
- Browse to User Configuration, Administrative Templates, System and select Prevent access to registry editing tools.
Click for large image.
- Select Enabled and set Disable regedit from running silently? to Yes.