We are working on a GPO to lock down a system so that the user can only launch one application. Unfortunately, we can't run the app as the shell because it bombs out (vendor has no idea why) We also have to run the application with the user logged in as a local administrator (once again, vendor has no idea why because they've never tried to run it any other way)
We have plugged EVERY direct hole into the system via GPO and a couple of other scripts except for one. If a user launches any Help file, he can manipulate that to launch otherwise restricted programs. We can restrict some things from running by explicitly stating them in our GPO to not run from Help, but we keep finding more.
Is there any way to prevent Windows from launching ANY help files?
We have plugged EVERY direct hole into the system via GPO and a couple of other scripts except for one. If a user launches any Help file, he can manipulate that to launch otherwise restricted programs. We can restrict some things from running by explicitly stating them in our GPO to not run from Help, but we keep finding more.
Is there any way to prevent Windows from launching ANY help files?