Tariq Shaikh

Thanks Marcos and itman, our mgmt. decided to go with system wide blocking and not user wide, hence I used the HKLM key. I would soon test for myself on the HKCU as suggested by both of you. Many Thanks Cheers !

Hi Marcos, Thanks, appreciate your prompt reply ! I tired HKCU\*\ rest of the key but it didn't help, after troubleshooting I realized that i could use the HKLM instead of HKCU for the key which i wanted to block ( blocking for entire system), hence problem solved as its already working with HIPS. However , if i need to use the HKCU, is it possible for you to send me the correct syntax, as HKCU\*\ didnt work for me. Thanks Tariq

Hello, We are using ERA 6.7 and Endpoint security Client for our windows pc users. We have created a rule in HIPS to block users from deleting , modifying or changing the value of a particular key, which works fine. The Key is : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\HideFastuserSwitching However, when we are trying to achieve similar result for another key, its not working, .i.e. user is able to delete or modify the key ! The Key is : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun The Key is : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer The reason for blocking the keys are, we want to restrict users from performing : 1. Disable Fast User Switching ( working fine with disabling in registry and HIPS rule monitoring to deny any change) 2. Disable Win + R i.e. show RUN for the user/system (working fine with disabling in registry BUT HIPS rule doesn't work) 3. Disable Right Click Properties option (working fine with disabling in registry BUT HIPS rule doesn't work) Do let us know if we are doing something wrong and help us in resolving the issue. Thanks, Tariq