Sunday, February 25, 2007

Quick Hitter: Securing the Run Dialog

The Windows Mobile taskbar provides users with an ability to run any particular program via the Run dialog. The Run dialog is accessed by pressing the action key (the center button of the directional pad) and tapping and holding (right-clicking) on the clock.

Image 1 - The Run Dialog menu

When writing line of business software which should be the only application the user should run on the device however, it may be necessary to disable the Run dialog as a security precaution. Disabling the Run dialog makes it more difficult for users to bypass the desired functionality. Access to the Run dialog can be disabled by setting a value within the HKEY_LOCAL_MACHINE\Security\Policies\Shell registry key. Inside that key, a value named NoRunDlg needs to be set as a DWORD with a value of 1.

Image 2 - Remote Registry Editor showing NoRunDlg value

Once the NoRunDlg value has been set, the menu showing Run and Clock is still accessible. However, the Run menu option is now disabled (indicated by it being grayed out) preventing users from running applications via that option.

Image 3 - Run Dialog option grayed out

No comments: