The Window Guard facility will monitor the windows opened by the user and will undertake a sequence of actions if an attempt is made to access a restricted program or restricted window within a program, it offers a way of bypassing or disabling troublesome features in applications where no direct means of control is offered by the application itself. It can also be made to log and/or report undesirable activity to Network Managers.
However, the relative inflexibility of group policy when setting multiple multi-optioned values in a single policy setting does make the Window Guard less straightforward to configure than other policy options. Once understood, configuring the Window Guard is reasonably easy, however care should be taken when assigning an action value, to ensure the desired effect is achieved.
To add a window to the Window Guard, enable the option and click on the 'Show' button, then click 'Add' in the 'Show Contents' window. In the 'Add Item' window type the title of the window to be monitored in the name field and the value appropriate for the action required in the value field.
The Window Guard's behaviour is configured by entering the sum of the values below to produce the required combination of actions.
- 1 - Record in the event log
- 2 - Broadcast security message
- 4 - Attempt to close the window
- 8 - Send Alt &F4 to the window
- 16 - Log the user off the network
- 32 - Disable the user account
- 64 - Title starts with text supplied
- 128 - Title contains text supplied
The last two values define how the text in the window title should be matched if the default method of looking for an exact match is unsuitable. Window titles can be entered in any case style, comparisons are case insensitive.
|
|
|
In this example, if the Window Guard encounters a window titled 'Internet Options', it will immediately close the window, log the action in the local computer's event log and broadcast a security message. (1+2+4)
Security messages will display on the screen of any Network Managers that happen to be logged in and will also be added to the event log of all SchoolSuite Messaging Servers.
|
|
Here the value 132 indicates that Window Guard should close any window that contains the word 'notepad' somewhere in the title text. (4+128)
Changing the window title comparison method can help identify windows that don't always have consistent window titles. However, care should be taken to ensure the name field contents are not so generic as to prevent legitimate program usage.
|
|
This example demonstrates a more extreme approach should a user somehow manage to start the Registry Editor.
In this case the program will close and the user is logged off with their user account disabled so that they are unable to logon again, as well as the usual event log and security broadcast options (1+2+4+16+32)
|
