Hello,

I work in a high school computer lab and I need to restrict the
privileges that the users have after they are logged in. This would
seem to be something straight forward to do, let me explain why it
isn't:

All of the computers in the lab are protected by deepfreeze. This
program causes the computer, after it reboots, to revert to the privious
state; if you create a file it is now gone, a deleted or modified file
is returned to how it was orginially. I have not been able to convence
the IT people to give me the deepfreeze password, sigh.

Novell (version 5?) is used to provide the user accounts and network
shares. I do have admin rights on the Novell server and through the
login script I can have an arbitrary program run at startup. I already
use this feature to run a program that appends entries to the hosts file.

The trouble is that when a student logs in they have Admin privileges
and can install anything, edit any file, and so on. The changes aren't
saved through a reboot anyway... I want to be able to write a program
or use an existing one to remove these privileges at login. Is there
a Win32 API that will allow me to do this? Can anyone provide pointers.

I am also open to other ideas. My main objective is to prevent editing
of the hosts file should a student discover it. If you can't suggest
a solution, but instead want to reply and rant about our IT admins,
please feel free! Oh, these machines all use WinXP Pro, I'm not
sure which SP, but I bet it is SP1.

Thanks for any help. Matthew