Radimus,
The run box can be disabled but in general you are correct. The are other ways besides shortcuts to do it. Once you eliminate the shortcuts, the students will find the other ways.
While it is not 100% effective, we use the RestrictRun policy & do not include explorer in the list of permissible programs. Then we have tried to weed out all the back doors into explorer. I know of one school board that has taken the drastic step of deleting explorer all together.
A philosophical rant:
Unfortunately, MS security doesn't really adapt well to schools & libraries. I believe it is not really an issue of Win9x, rather it is an MS culture issue. MS developed their concept of security for the business world not the home or school market. In the framework of a school local, roaming, group, & mandatory policies don't really deliver. All have serious shortcoming that you must program around. It didn't have to be this way because Novell has a security system that adapts to well to schools. Unfortunately, MS pays lip service to schools but in reality they don't care. If you don't believe me, visit their K-12 site. The site is just a sales site for WinXP & Office XP. Where are the utilities, implementation plans & templates suitable for schools? Also for many school boards, their rather expense academic licenses entitle them to no support.
When using MS systems in schools, I think you have to be prepare for shortcomings & work arounds.
_________________________
Jack
