How do I disable the "Shutdown" in the ctrl+alt+delete menu for authenticated user, but leave the power button on computer enabled?

I'm working on configuring a kiosk PC at work. The only big problem I've run into is that I can't seem to disable the shutdown button in the control+alt+delete menu without also disabling the power button on the computer itself (so only employees can shut it down). Disabling the control+alt+delete menu entirely for specific users is also acceptable.

The only real answer I've found involves writing my own GINA stub, and that's a bit beyond the scope of the project (and my abilities).

Additional Details: The explorer shell isn't used at all, A program that relaunches the kiosk application if it dies is used as the shell. The computer will also be locked in a cabinet, leaving the users access to only the monitor and kb/mouse.

Solution 1:

regedit hacks -

(prevent) shutdown without logon:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"shutdownwithoutlogon"=dword:00000000

works up to XP - haven't tried it with >= win7

Ctrl+Alt+Del when logged on:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoClose"=dword:00000001

Start menu:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoClose"=dword:00000001

Solution 2:

Have you considered using Microsoft SteadyState?

There's also a utility that allows you to easily enable or disable Task Manager.

Solution 3:

I think this method addresses what you need. I'm not sure if this affects the power button or not (may depend on the bios power settings).