The article is dedicated to the System Policies destined for the restriction of MS-DOS.
When developing the operating system, the Microsoft Corporation encounters all the time the next dilemma. On the one hand the need to provide with the backward compatibility with the previous operating systems and programs, developed for them, including MS-DOS. On the other hand, the urgent demand to get rid of the very MS-DOS to provide secure and stable functioning, to design operating system with genuine multitasking and correct resource sharing. The literal reading of the abbreviation, which gives the name to system registry key storing the policies destined for the MS-DOS restriction: "WinOldApp" - Windows Old Applications.
Time by time, the administrator faces the need to forbid the users to launch the MS-DOS applications or reboot the computer to the single MS-DOS mode, while conducting the administration of either net client or servers.
I deliver few thoughts to ensure the benefits of the policies, which are resorted to for MS-DOS restriction in Windows systems. The 16-bit Windows applications are unsecured for the safety and stability of the working under Windows systems. While the most of the MS-DOS applications are finely performed simultaneously in the 32-bit Windows environment, some MS-DOS applications demand the monopoly access to the system resources for the performance. The Virtual Machine Manager (VMM) creates the system environment with the exclusive rights, so-called the Single MS-DOS mode. When MS-DOS application is launched in the MS-DOS mode, it is gained the exclusive rights for the system resources and no other applications or processes have any rights to access the system resources. Therefore the MS-DOS applications are also the threat because of the possible capture of the control over the system resources. Besides, the MS-DOS prohibition disables execution of the game programs, designed for MS-DOS, which distract from job, and are often, like other computer games, potential virus containers.
To tell the truth, all above-given argumentation, like the system policies, developed by Microsoft for the MS-DOS restriction are no more than palliation.
Disable MS-DOS Command Prompt
This policy prohibits the MS-DOS Command Prompt usage in Windows or launch of the MS-DOS applications from within the Windows shell.
The numeric value "Disabled" responds for this system policy state, which is stored in the HKEY_CURRENT_USER hive of the system registry in the "Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp" branch. The value "1" enables the restriction for the MS-DOS applications launch, the value "0" or the absence of the value is the default state and removes this prohibition.
While attempting the DOS application launch or "MS-DOS Command Prompt" activation using the icon containing the link to the command interpreter "COMMAND.COM", Windows gives out the message that the administrator prohibits the launch. I do not deliver the literal message text, which is varied depending on the Windows version.
Disable Single Mode MS-DOS Applications
This policy is intended for the prohibition of the Windows reboot to the Single MS-DOS mode. Its state does not affect the usage of MS-DOS Command Prompt in Windows or the MS-DOS applications launch from within the Windows shell.
The state of this system policy is stored in the numeric value "NoRealMode", which is located in the same system registry branch as above-described value: "Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp" in the hive HKEY_CURRENT_USER. The value equals to "1" stands for the prohibition of the MS-DOS launch in the Single mode. The value "0", which is default state, or its absence removes the prohibition of the Single MS-DOS mode.
When this policy is enabled in Windows 95/98 the menu item "Restart in MS-DOS mode" is removed from the "Shut Down" dialog box. However, it must be noted here, that this does not prohibit entirely the MS-DOS launch in the Single mode. The Single MS-DOS mode can be entered, while Windows booting by clicking F8 key and than selecting any item, which contains the "Command Prompt".
In Windows ME and later this value can be stored in the system registry in two hives: HKEY_CURRENT_USER and in HKEY_LOCAL_MACHINE hive, and spreads the scope either on the Local Machine or Current User respectively. There is no conflict between the policies having the different scopes: any policy disables the Single MS-DOS mode.
Another attempt to get rid of MS-DOS was undertaken in Windows ME - the menu item "Restart in MS-DOS mode" was removed from the "Shut Down" dialog box in a difference from the Windows 9.x. However, it inherits a lot o interface from the previous versions. That is why, the policy "Disable Single Mode MS-DOS Applications" applied on the Local Machine is used to remove some unnecessary elements. If deleting the value from the system registry has disabled this policy, there will be an interesting effect: the menu item "Restart in MS-DOS mode" will appear in the "Shut Down" dialog box. But an attempt to reboot to MS-DOS gives nothing; there will be the message explaining that this version of Windows does not support the MS-DOS mode.
In order to see the state of above-mentioned policies or to manipulate them in Activity and Authentication Analyzer follow in the left navigation pane next way:
Computer Administration then MS DOS and find in the right list items corresponding to these policies named:
- Disable MS-DOS Command Prompt
- Disable Single Mode MS-DOS Applications