RunOnce? Try RunNever
You may want to insure that your users aren't capable of using the RunOnce key in the registry. This key refers to programs that run once at the next system reboot. It's often used by program installers to delete temporary files, but it can also be used to do other things that can be harmful to a system.
The RunOnce key is located at HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce in the registry. To keep programs from being run from it, you can do one of two things:
- Enable the "Disable the Run Once list" Group Policy, which is in Computer ConfigurationAdministrative TemplatesSystem or User ConfigurationAdministrative TemplatesSystem.
- If you're not using group policies or don't have them configured, you can get the same results by setting the key DisableLocalMachineRunOnce (REG_DWORD) to 1. This key can be found at HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer or HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer. The LOCAL_MACHINE version of the key sets it for all users.
Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter.
This was first published in November 2001