I am looking for a way to keep all the startup entries permanent, without allowing any new service or bloatware/malware to be added with or without the user permission. This would be very useful to keep a system the way it was planned to be.

Any suggestions? The application should be very small and compatible with all windows versions.

Thanks for any help, this is a great site!

Is this something you want to use when moving between different PCs, (portable), or something to install on PCs to stop users from adding things, (non-portable) ?

If the latter, I think the only way is to either set up separate accounts that don't allow installation of anything, or create a virtual environment for users to run in, (e.g. like sandboxie, MS Virtual PC), that gets deleted or reverts after they log off.

Another, more drastic way is to have the system revert to an earlier 'snapshot' of itself. i.e. Set it up the way it is meant to be then image the drive and have the PC restore the image after the user logs off or when it boots.
You can have user's save their data to another partition/drive. If they don't, they learn the hard way :) DriveImage XML is free.

Anything that gets installed, won't work after a drive/partition restoration.

BTW, this is the way EasyInternet Cafe's work in the UK.

Otherwise, I believe all startup monitors/H.I.P.S. warn the user that a change is pending and give them the option to allow or disallow it to happen.

Here's a small startup monitor that works on all Windows versions: [url]http://www.mlin.net/StartupMonitor.shtml[/url]

This one could even be portable since it now can store it's settings into a file: [url]http://www.snapfiles.com/get/starter.html[/url]

If you want to block installation of anything, a commercial offering:
[url]http://bashsoftware.net/[/url]

Some ideas anyway.

It should be something low in resources like StartupRun (http://www.nirsoft.net/utils/strun.html), monitoring these entries (including browser BHOs) and with a option to keep the current state (snapshot of the startups and BHOs) and automatically block any attempt to add a new entry, without warning user. The software could have also a install routine, adding files only to its own folder, without registering components or copying DLLs to system folder.

It's simple, and I think, very userful, specially if compatible with all windows versions. Would avoid systems to get infected with malware undetected by AntiVirus software.

[quote="bugmenot"]... and automatically block any attempt to add a new entry, without warning user.[/quote]

Personally, I don't think blocking everything out-of-hand is a good idea.

If you do that, basically you have just crippled your entire OS, e.g. no more AV, OS, Spyware Detector, etc updates. Which leaves it even more vulnerable.

But if that's the way you want to go, you can probably achieve the same thing now by using existing programs:

1) One to detect any change to to system operating folders and prompt user,
2) Another to automatically acknowledge the prompt, (in the negative in your case).

IIRC, there is a freeware program to do the second, just can't think of it or even find it ATM.

[quote="bugmenot"]This would be very useful to keep a system the way it was planned to be.[/quote]

To be honest, the only way you can do this AFAICT, is to install all apps/OS/etc on a server and make all user accessible PCs dumb terminals with restricted access. (Think Google's Writely.)

Just thought of another way: move anything that requires write access to another drive/partition, (pagefile, Docs & Settings, etc), and make the system drive write protected.

But this discussion is really not related to portable apps, more PC/IT/User management.

Anyone using a portable program, by definition is not installing anything on the host system.

probably not portable, but highly effective for your purpose:

http://www.sandboxie.com/

Got one more for you:
Also comes in a zip file, so could be portable.
Please check.




http://www.alamak0ta.republika.pl/apiguard.html

screenshot:
http://www.alamak0ta.republika.pl/apiguard.png

Thanks!

DeepFreeze. It sort of kinda takes a snapshot of your PC, is manageable remotely, and each reboot will seamlessly revert back to it's frozen state. As far as I can tell, it is not noticeably taxing on the system.

Thanks again!