As of GNOME 2.14, a graphical lockdown editor called Pessulus has been included to ease the task of disabling desktop settings.
To run the lockdown editor:
You will see a window with several different tabs. Each of the tabs represents a different category of desktop settings that can be disabled. In the next section, we will discuss each category and provide a brief description for each setting that can be disabled.
To disable a setting, make sure the checkbox next to the setting's description is checked. Most settings will take effect immediately, however some settings will require that the application be restarted in order to take effect.
When pessulus starts, it will try to get a connection to the GConf mandatory configuration source. This address for this configuration source is xml:merged:$prefix/etc/gconf/gconf.xml.mandatory. If the user that is running pessulus has access to this configuration source, then a lock icon will be displayed next to the checkbox for each setting. Clicking the lock will toggle whether or not the setting is mandatory. If the setting is mandatory, then regular users will not be able to change or override the setting. If the user running pessulus does not have access to the mandatory configuration source, then the lock icon will not appear. In this case, all disabled settings will simply be stored in the user's default configuration source and can be modified later using other tools such as gconf-editor or gconftool-2. For more information on GConf and mandatory configuration sources, see Section 1.2.1 ― GConf Configuration Sources.
The following subsections will give a brief description of the settings that can be disabled for each category.
Depending on the applications you have installed, you may see fewer categories than those described in this section.
Prevent the user from accessing the terminal or specifying a command line to be executed. For example, this would disable access to the panel's "Run Application" dialog.
Prevent the user from printing. For example, this would disable access to all applications' "Print" dialogs.
Prevent the user from modifying print settings. For example, this would disable access to all applications' "Print Setup" dialogs.
Prevent the user from saving files to disk. For example, this would disable access to all applications' "Save as" dialogs.
If true, the panel will not allow any changes to the configuration of the panel. Individual applets may need to be locked down separately however. The panel must be restarted for this to take effect.
If true, the panel will not allow a user to force an application to quit by removing access to the force quit button.
If true, the panel will not allow a user to lock their screen, by removing access to the lock screen menu entries.
If true, the panel will not allow a user to log out, by removing access to the log out menu entries.
User is not allowed to close Epiphany.
Disable the user's ability to type in a URL to Epiphany.
Disable the user's ability to add or edit bookmarks.
Disable all historical information by disabling back and forward navigation, not allowing the history dialog and hiding the most used bookmarks list.
Disable JavaScript's control over window chrome.
Disable the user's ability to edit toolbars.
Locks Epiphany in fullscreen mode.
Hide the menubar by default. The menubar can still be accessed using F10.
Disables loading of content from unsafe protocols. Safe protocols are http and https.
Set this to TRUE to lock the screen when the screensaver goes active.
Set this to TRUE to offer an option in unlock dialog to logging out after a delay. The Delay is specified in the "logout_delay" key.
Set this to TRUE to offer an option in the unlock dialog to switch to a different user account.