Disable IE home page setting not working

Let's make sure about the details here. I'm assuming that you are trying to run SpywareBlaster under that limited (non-admin) user account, and when you check that option to disable user home page changes, as soon as you come back to that SpywareBlaster option page again, it is unchecked. Is that correct?

If so, it sounds like the limited user account does not have the access in the registry that is needed to set the specific flag/value that locks the IE home page from user changes. While this is actually a good thing, as it shows that you've got the limited user account well restricted, it is also preventing you from using SB to block that IE setting. SpywareBlaster does not run with more privilege than the user running it, so, if the limited user can't set the registry value, SB won't help them set it either.

The only idea I can offer if you want to use SB to set that option and then always leave it set for that user... Temporarily change that user to an Admin, login to that account, use SB to set the restriction, log out and turn the user back to limited again. (Yes, it's a bit of work. Of course, if you were comfortable using regedit and changing values manually, you could set the restriction that way.)

It's simply that SpywareBlaster only sets that restriction for the "current user" that is running SB. The same is also true for the "IE Windows Title Text" option below the home page setting. Notice the note that states "Current User" on that one, too.

 

The option used by SpywareBlaster to prevent the current user from changing the IE default home page is only a simple block on Internet Explorer's "Internet Options..." interface. It will not prevent other programs (via ActiveX controls or scripting exploits) from changing that setting.

Hmm, there are several points worth making here, especially given that you are actually trying to secure publicly accessible PCs.

First, SpywareBlaster's ActiveX protections should reduce significantly the number of spyware items that can hijack the browser home page since many of those run from known (blocked) ActiveX controls. So, that's a good step to prevent external hijacks. Since it works silently, i.e. no pop-ups asking the user what they want to do, it's perfect for a shared public PC.

On that point, I don't think security software that pops up alert windows, requesting the user to decide what to do, would be appropriate for such an environment. (How would you ever teach or trust the PC's users to answer those popups?) So, I don't think SpywareGuard would be a good solution.

In any case, back to the user changing settings themselves via the menus in Internet Explorer. I do think applying these restrictions would still be a good idea. So, here is the registry key used to do that in IE.

Since SpywareBlaster only sets this key in the context of the registry's "current user" tree, you'd need to actually use your Admin login to go into regedit and set this same key in the:

Each user defined on a PC has a tree under HKEY_USERS in the registry, so, you just need to make the change there for all users you want to restrict.

Also, if these are just shared public PCs, why not block access entirely to IE's Tools > "Internet Options..." menu? This key will block that:

If the user tries to get into the Internet Options... menu item they get an IE error saying that the options are restricted. This might be worth thinking about if you don't have any reason why you'd want to allow the users to configure IE settings.

While I don't have all the different combinations of IE versions and Windows available, I can say that IE5.5 on Windows 95 uses the same flags, shown above, as does IE6 on Windows XP. So, I'd guess they're all the same.

There are possibly many things you could do that are very specific to securing a publicly accessible PC. Perhaps you should start a new thread in Software & Services to discuss the various options available.