Show Specific control panel items issue RES WM

In a locked down Windows environment, it is a best practice to hide specific control panel items for those functions that can’t or shouldn’t be performed by an end user.

With a RES WM “User registry” object, you can use “control.admx” to load the policy template to configure these settings.policy_01

In the “List of allowed control panel items” the Canonical name of the Control panel items should be entered.

So far so good. But it wasn’t working in my environment…

With this configuration active in RES Workspace Manager  2014, still all control panel items were shown.

When looking in the registry of a logged in user, these registry key’s were present:

registry_01

The registry hive “HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictCpl” is set by the policy.

As stated in this MS Technet article, “The Hide specified control panel applets policy takes precedence over the Show only specified control panel applets policy.”

The entries in the “DisallowCpl” hyve are:

registry_02

 

What about the “…\DisallowCpl”? Where does it come from?

The “villan” here, appears to be the setting “Disable Add/Remove programs” at Composition -> Desktop -> Lockdown and behaviour:

reswm_lockdown_01a

This setting will result in the “Disallow” hive.

Logging in, with this setting unchecked, only the specified items in the control panel were visible. Everything is working as expected…

Leave a comment

Your email address will not be published. Required fields are marked *