If it was so simple I would have not write it up here....
I wanted only a particular user to prevent from loading explorer.exe. rest all users should get what they get.
I did this by changing some registry values. read below:
Explorer loads from the Shell value under the following registry location.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Replace the explorer.exe (or C:\Windows\explorer.exe, whichever it may currently be) Data entry with the path to another app and it will load instead. That will not however automatically log off the account when the program is closed. Tony is ontrack with using a batch to accomplish both. Create a batch with the following 2 lines, inserting the correct path and program executable name for the app you want to run.
"C:\Program Files\Program\runthisprogram.exe"
shutdown -l
Lets say the batch is named runthis.bat and is located in the drive root of C:
Modify the Shell value to read C:\runthis.bat
Notice I took out the pause line. That is because it will cause the command window that opens when the batch is executed, to wait for a key press before executing the shutdown command. Notice also that the start command was taken out of the program line. That is because the start command will cause the batch to start the program then read the next line. Without the start command, it will run the program but wait for the program to close before executing the next line.
Now, since this was done at the HKLM level, it will affect ALL user accounts. If you want to limit the behavior to a particular account only, blank the Shell value on the HKLM location, then go to;
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
and create a REG_SZ (String) value named Shell then point it to the batch. Do this after first logging on to an account which you do NOT want affected and creating the HKCU Shell value that points back to explorer.exe
Please note that this will not prevent the user from using Ctrl+Alt+Del to open the Task Manager and running whatever they can access via File>New Task, such as explorer or any other app they can browse to. You would need another registry hack or group policy to prevent the use of Ctrl+Alt+Del, or better yet, just prevent the use of Task Manager. Keep in mind you could lock ALL accounts from accessing anything if not done on a per user level.
This will also allow the user to minimize the running program, which allows access to the batch file's command window, which will be running right behind it. Simply closing the command window will kill the batch and prevent account logoff when the program is closed, leaving just a blank window. You can start the batch minimized by adding the /min switch to the path entered for the Shell value, eg;
Shell REG_SZ C:\runthis.bat /min
Or, you can start the batch completely invisible. Save this one line of text as "invisible.vbs" in the drive root
CreateObject("Wscript.Shell").Run """" & WScript.Arguments(0) & """", 0, False
To run the batch file invisibly, use the following line for the Shell value Data.
wscript.exe C:\invisible.vbs C:\runthis.bat
Windows Scripting MUST be installed for this to work (included in Windows 98 and later) and MUST be working. To test, click Start>Run and type wscript then hit Enter. A Windows Script Host Settings dialog should open.