System Policies for the restriction of Display settings (Part 2)

The description of the system policies intended for the Display settings restriction is continued in this article.

Screen Saver, besides the functionality of User Interface decoration, can have the functions of security and discretionary access, when it has enabled the password protection. Screen Saver, like every application, demands substantial resources to work. The latest versions of screen savers are drastically saturated with graphics, what could slow the system down, especially during initial start. This can have an effect, for example, on performance of the disk defragmentation program. Next three system policies are dedicated to restrictions imposing on Screen Saver.

Disable screen savers from running while Disk Defragmenter Active

This system policy can be applied to Windows versions 9.x and ME. It is stored in the "Default" value, in the "Software\Microsoft\Windows\CurrentVersion\ Applets\Defrag\Settings\DisableScreenSaver" key, located in the HKEY_CURRENT_USER hive. Two Boolean values: "Yes" and "No" respond for the state of this policy. Which of values corresponds to which state of this policy, I think, is clear from the literal meanings of these words in English. If the "Default" value does not store anything, this means that the policy is not enabled. While in enabled state, this policy blocks the screen saver launching when the Disk Defragmenter is active.

The launch of screen saver during the disk defragmenter active can slow down or interrupt the disk defragmenter routine. Here it is necessary to note that this policy affects only the defragmentation program which is provided together with Windows. This system policy does watch the work of disk defragmentors from other vendors, for example, from the Norton Utilities package.

No screen saver

This system policy works in Windows versions 2000 and XP. If this policy is enabled, it will prohibit Screen Saver from launching and blocks all "Screen Saver" section with saver settings. It is stored in DWORD "ScreenSaveActive" value in "Software\Policies\Microsoft\Windows\Control Panel\Desktop" key of HKEY_CURRENT_USER system registry hive. The "0" value means active state of this policy and protection of the Screen Saver launch. The "1" or its absence is analogous to the state, when the policy is not configured and there is no prohibition to Screen Saver against launching or their settings adjusting.

Password protect the screen saver

This system policy can be also applied only in Windows versions 2000 and XP. Comparing with other system policies given in this article, its state can be represented by a pair of Boolean values, coming to the binary "yes" or "no". It has three states. This policy is stored in HKEY_CURRENT_USER hive in DWORD "ScreenSaverIsSecure" value, which must be located in "Software\Policies\Microsoft\Windows\Control Panel\Desktop" key. This policy responds to, whether the Screen Savers, which are used in Windows system, resort to passwords and prohibits setting (changing) Screen Saver password by means of Display Properties application.

This policy has three states:

1. The "ScreenSaverIsSecure" value is absent in system registry. The behavior of screen saver is usual and the passwords can be changed, set or using of them can be canceled with the aid of check box window "Password protected".
2. The value stores "0". In this case, the password protection is compulsorily disabled.
3. When the value is "1" the passwords for screen savers are compulsorily enabled.

If the "ScreenSaverIsSecure" value is present in "Software\Policies\Microsoft\Windows\Control Panel\Desktop" system registry key and it stores any of "1" or "0" values, it means that the policy is in active state and the check box window is blocked. On the other hand, it will be impossible to enable or disable password protection until the value is deleted from the registry.

The above-described policy "No Screen Saver" has the priority over this policy. If the policy "No Screen Saver" is enabled state, the system ignores the state of "Password protect the screen saver" policy.

Allow only bitmapped wallpaper

This system policy, having the range of Current User, allows using only bitmapped images of bmp-format for the Desktop wallpaper. It ought just now to mention that it can be applied for Windows 98, ME, 2000 and XP. The policy will work in Windows 95 and NT, with Explorer 4.0x or higher installed together with the "Active Desktop". And, on condition, that the "Active Desktop" is not disabled by the system policy. It is related to the "Active Desktop" management and that is why its consideration is out of topic of present article.

The DWORD "NoHTMLWallPaper" value, stored in "Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" key in HKEY_CURRENT_USER hive, responds for state of this policy. This value accepts two states "1" or "0". The "0" value or its absence disables the system policy.

Disable Changing Wallpaper

This system policy, having also the range of Current User, prohibits from Desktop wallpaper changing. Like previous policy, it is related to the policies for "Active Desktop" management and works in Windows 98, ME, 200 and XP. "Disable Changing Wallpaper" can be applied in Windows 95 and NT, when Internet Explorer 4.0x is installed with the "Active Desktop".

The DWORD "NoChangingWallpaper" value, located in "Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop" key, in HKEY_CURRENT_USER hive. This value can have two states: "1", when the policy is enabled, or "0" (absence of value), when the policy is not activated. If the "Active Desktop" is not installed or it is disabled by the policy, this policy is ignored.

Disable Display in Control Panel

This policy prohibits Display application from launching and using. When it is activated, it will be necessary to work directly with registry by means Regedit or third-party vendors utilities to change the Display settings. Its range is Current User. The message is appeared, while attempt to launch Display application, explaining that Administrator disabled Display.

DWORD "NoDispCPL" value accepts two of Boolean values: "1" or "0". Its "0" value or its absence disables the system policy. The value "1" activates the system policy. This value is stored in "Software\Microsoft\Windows\CurrentVersion\Policies\System" key, in HKEY_CURRENT_USER hive.

The implementation in Activity and Authentication Analyzer

In order to see the state of some of above-mentioned policies or to manipulate them in Activity and Authentication Analyzer follow in the left navigation pane next way:

Computer Administration then Control Panel, later Display and find in the right list items corresponding to these policies named:

• Disable Screen Saver while Disk Defragmenter Active
• No screen saver
• Password protect the screen saver

In order to see the state of some of above-mentioned policies or to manipulate them in Activity and Authentication Analyzer follow in the left navigation pane next way:

Computer Administration then Active Desktop and find in the right list items corresponding to these policies named:

• Allow only bitmapped wallpaper
• Disable Changing Wallpaper

To see the state of Disable Display in Control Panel policy or to manipulate it in Activity and Authentication Analyzer follow in the left navigation pane next way:

Computer Administration then Control Panel and find in the right list item corresponding to the policy named:

• Disable Display in Control Panel

System Policies for the restriction of Display settings

The article gives the System Policies intended to restrict the change of Display settings.

This article is dedicated in the most to the system policies allow restricting the access to the settings available through the Display applet in the Control Panel. The Display applet is accessible in Windows in several places. It is located in the Control Panel. Or it can be called using context menu, by clicking with right mouse button on the empty place on the Desktop and later by selecting the corresponding menu item.

There can be the situation, when the system administrator encounters the necessity to restrict access of the not skilled users to the Display settings. For instance, wrong refresh rate may have the result of physical damage to the monitor. The proper adjustment of Display settings may increase video subsystem performance rate as well as system general performance rate. The increasing of refresh rate diminishes the flicker effect, betters the comfort of work. That is called the ergonomic features. The Active Desktop settings are closely linked with Display settings. The last: the Active Desktop can be the breach in the system security. But, the Active Desktop has a lot of own settings and system policies, which consideration is out of topic of this article.

The most of the system policies illustrated in this article are stored in the values, which are or can be located in HKEY_CURRENT_USER system registry hive. It ought to note the general rule. That is to say: the policies stored in the HKEY_CURRENT_USER have the Current User scope, but not the entire Computer.

Hide Screen Saver Page

This policy works in all Windows versions and, being enabled, removes the Screen Saver page from the applet for the Display settings in Control Panel. The Screen Saver selection, its settings customisation, Energy saving features of monitor and computer will not be accessible, but through the direct work with the system registry. For instance, exit from the hibernation mode can lead to the hang-up of mouse or system in the whole. The Screen Saver removing, customisation and password change respectively will not be available, what can create the additional illusion of being secured for user and administrator.

The state of this system policy is stored in numeric value "NoDispScrSavPage" in key "Software\Microsoft\Windows\CurrentVersion\Policies\System" of HKEY_CURRENT_USER hive. The value equal to "1" is the active state of policy. The value "0" or its absence, what is equivalent to the state by default, means that policy is not applied or what is the same that the policy is in disabled state.

Disable UI to change menu animation setting

The animation effects for the Windows, menus and lists are created to vary that user's work, who likes transition effects, but can annoy or distract others from the work, who get accustomed to the classic interface or tired from long stay before the computer. The menu shading effect, drawing with explosion or sliding effects are, for example, considered as the animation effects.

The check box "Use transition effects for menus and tooltips", standing for the enabled or disabled state of the animation effects, is located on the Effects page of Display applet.

This system policy, fit for the Windows versions ME, 2000 and XP, while enabled, removes all the video animation effects. The option for the "Use transition effects for menus and tooltips" is also disabled, the dimming effect is applied on the check box, showing that the very possibility to turn on the animation effects is not available. This policy state is stored in the numeric value "NoChangeAnimation" in "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" registry key. This policy can be stored in both either HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER hives, and has the scope of either Current User or Local Machine respectively. A pair of Boolean values: "1" (enabled state) and "0" (disabled state) respond for representation of this policy. If the value is not present, this is equivalent to state by default - disabled policy. If conflict exists between policies applied both to Local Machine and Current User, the policy stored in HKEY_LOCAL_MACHINE has the priority over the policy which value stored in HKEY_CURRENT_USER.

Disable UI to change keyboard navigation indicator setting

This system policy, which works in Windows 2000 and XP is kindred to above-described system policy "Disable UI to change menu animation setting". The keyboard navigation indicator is the underlining indicating the hot key. If this policy is enabled, the navigation indicators are displayed only when the "Alt" key is pressed. The underlining, like animation effects for windows, menus and lists are also created for diversification of work for user, who likes the transition effects, but can embarrass or distract form job.

The option, which is the check box for turning on the effect of underlining, is located on the Effects page and named: "Hide keyboard navigation indicators until I use the ALT key". While the option "Hide keyboard navigation indicators until I use the ALT key" is blocked, the check box is dimmed to show that the possibility of turning on the navigation indicators is not accessible. The system policy, canceling the navigation indicators and forbidding the manipulation of their enabled (disabled) state, is stored in the numeric value "NoChangeKeyboardNavigationIndicators". This value is stored in the "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" system registry key. This policy can be present either in HKEY_LOCAL_MACHINE hive and have the Local Machine range or HKEY_CURRENT_USER hive, with Current User range. When the conflict exists between the same policies with the Local Machine and Current User ranges, the system policy, stored in HKEY_LOCAL_MACHINE has the priority over the policy, stored in HKEY_CURRENT_USER hive. This policy state is represented with the pair of Boolean values: "1" and "0". The absence of value is equivalent to the state by default - "0", in other words, the disabled state of the policy.

Hide Appearance Page

This policy is applicable in all Windows versions and removes the Appearance page from the applet for Display settings in Control Panel after being enabled. It is stored in the numeric value "NoDispAppearancePage" of "Software\Microsoft\Windows\CurrentVersion\Policies\System" key in HKEY_CURRENT_USER hive. After appliance the Appearance page is hidden, and applet for Display settings can not be used for the customisation of colour or appearance scheme for the Desktop and windows.

A pair of Boolean values: "1" (enabled state) and "0" (disabled state) respond for representation of the policy. The absence of "NoDispAppearancePage" value means that the policy is not set or what is the same if it is in disabled state.

Hide Background Page

This policy works in all Windows versions and removes the Background page from the applet for Display settings in Control Panel after being set to the enabled state. The state of policy is stored in the "NoDispBackgroundPage" numeric value in "Software\Microsoft\Windows\CurrentVersion\Policies\System" key of HKEY_CURRENT_USER system registry hive. When this policy is in active state, the Background page is removed and applet for Display settings can not be used for the customisation of patterns or wallpapers for Desktop.

There can be in the value one of Boolean values: "1", i.e. the policy is enabled, or "0", when the policy is in disabled state. When the "NoDispBackgroundPage" value is absent in "Software\Microsoft\Windows\CurrentVersion\Policies\System" key, the applet for Display settings behaves in common way.

Hide Settings Page

This policy is applicable in all Windows versions and removes the Settings page from the applet for Display settings in Control Panel after being enabled applet for settings can not be used for the settings customisation of Display, video card, colour management. The numeric value "NoDispSettingsPage" of "Software\Microsoft\Windows\CurrentVersion\Policies\System" in HKEY_CURRENT_USER system registry hive responds for this policy state.

A pair of Boolean values: "1" (enabled state) and "0" (disabled state) respond for representation of two states of this policy. The absence of "NoDispSettingsPage" value is equivalent to its zero value state.

In order to see the state of above-mentioned policies or to manipulate them in Activity and Authentication Analyzer follow in the left navigation pane next way:

Computer Administration then Control Panel, later Display and find in the right list items corresponding to these policies named:

• Hide Screen Saver Page
• Disable UI to change menu animation setting
• Disable UI to change keyboard navigation indicator setting
• Hide Appearance Page
• Hide Background Page
• Hide Settings Page