Blocking Multiple Desktops using "Win+Ctrl+D"

Question

Hi,

We are an educational establishment and we need to stop Students creating multiple desktops to hide what they are doing from Teachers.

It is causing multiple problems, including our legal safeguarding requirements to monitor Student activity, and productivity as a whole.

I have tried:

And the Students can still use the keys and create a "Hidden" desktop.

Any ideas?

Answer 1

Hi Jules,

Not sure what happened to the formatting, so trying again...

This is a bit overkill, but keyboard mapping to disable the Windows Key disables the Win+Crtl+D key combination (as well as all other windows key combinations, so perhaps "overkill".) Couple that with hiding the task view button in the taskbar looks like it might stop Virtual Desktop usage (See Easy Way To Hide Task View Button With Intune - https://www.anoopcnair.com/easy-way-to-hide-task-view-button-with-intune/ )

I followed the method described in this video: How to Disable Windows Key or WinKey in Windows 11 ( https://www.youtube.com/watch?v=0NZmSyM_UN0&t=163s ) to create these remediation scripts that I deployed using Intune. It doesn't take effect until after a reboot, but reboots eventually happen, so it should be sufficient.

Delect_WindowsKeyDisabled ps1

$registryPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Keyboard Layout"

$propertyName = "Scancode Map"

$propertyValue = [byte[]](0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

                        0x03,0x00,0x00,0x00,0x00,0x00,0x5B,0xE0,

                        0x00,0x00,0x5C,0xE0,0x00,0x00,0x00,0x00)

$compliant = $false

if (Test-Path -Path $registryPath){     

 $currentValue = Get-ItemProperty -Path $registryPath -Name $propertyName -ErrorAction SilentlyContinue | Select-Object -ExpandProperty $propertyName

    if ($currentValue){

        $comparison = Compare-Object -ReferenceObject $propertyValue -DifferenceObject $currentValue

        If ($comparison.Count -eq 0){ # If property value is already correct

            $compliant = $True

        }else{

            Write-Warning "'$registryPath':'$propertyName' value is not correct."

            Write-Warning ("Current Value: " + ($currentValue | ForEach-Object { "{0:X2}" -f $_ }) -join ' ' )

            Write-Warning ("Desired Value: " + ($propertyValue | ForEach-Object { "{0:X2}" -f $_ }) -join ' ' )

        }

    }else{

        Write-Warning "Registry Item Property not found: '$registryPath':'$propertyName'"

    }

}else{

    Write-Warning "Registry Path not found: '$registryPath'"

}

if ($compliant){

    Write-Output "Compliant"

    Exit 0

}else{

    Write-Warning "Not Compliant"

    Exit 1

}

Remediate_WindowsKeyDisabled ps1

$registryPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Keyboard Layout"

$propertyName = "Scancode Map"

$propertyValue = [byte[]](0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,

                        0x03,0x00,0x00,0x00,0x00,0x00,0x5B,0xE0,

                        0x00,0x00,0x5C,0xE0,0x00,0x00,0x00,0x00)

$keyFormat = "BINARY"

#Create the registry Path if it doesn't exist

if(!(Test-Path $registryPath)){New-Item -Path $registryPath -Force}

# Set the Property value to disable the Window Key

Write-Output ("Set '$propertyName' to: " + ($propertyValue | ForEach-Object { "{0:X2}" -f $_ }) -join ' ' )

Set-ItemProperty -Path $registryPath -Name $propertyName -Value $propertyValue -Type $keyFormat

$currentValue = Get-ItemProperty -Path $registryPath -Name $propertyName -ErrorAction SilentlyContinue | Select-Object -ExpandProperty $propertyName Write-Output ("'$propertyName' is now: " + ($currentValue | ForEach-Object { "{0:X2}" -f $_ }) -join ' ' )