Secure Desktop 10 is a 32-bit application and is 64-bit aware. Secure Desktop 10 has been tested in Windows XP, Windows Server 2003, Windows 7, Windows Server 2008, Windows 8, Windows 8.1, Windows Server 2012 and Windows 10.
Secure Desktop 10 uses one XML file for configuration data, the same exact file as Secure Desktop 7 and 8. For existing customers who have INI files from version 6 or earlier of Secure Desktop, that configuration data is imported automatically. Thorough re-testing of configuration data should be accomplished. Secure Desktop 10 does not over-write previous versions of Secure Desktop. Secure Desktop 10 tools and Secure Setup from a version 6 can run side-by-side, to double-check configuration data.
The sdesktop.xml file is automatically backed up. There is also a manual backup and restore. When using Secure Desktop with Windows 8 or Windows 10, registry data written to by Secure Desktop is automatically backed up for documentation purposes.
Secure Desktop 10 provides several import mechanisms to bring in program data from Start Menu Shortcuts, Startup Group Shortcuts, Registry Startup, Desktop Shortcuts, Program Files, and My Computer.
Icon importing is accomplished very easily using the Import button in the Icon Configuration. Set any additional details for imported icons along with the ability to manually browse for a program to launch.
A program can be re-started if it's been closed by the user. A program can be set to run a Single Instance Only of that application. Applications can be set to Run As Administrator, should they need Administrator access.
Version 6 and earlier of Secure Desktop used CreateProcess to launch a program. Secure Desktop 10 uses ShellExecuteEx and gains the added benefit of being able to launch a document file, in addition to executables and other file types.
Secure Desktop 10 does not automatically start everything that the Explorer Shell starts. Services are always started, regardless of what shell is running, but any other program needs to be configured into Secure Desktop's Startup Tab (not visible to end user). There are several advantages to this, when Secure Desktop 10 is running as the shell:
Programs can be launched based on a specific time of day, week, or month. Programs can be launched when Secure Desktop is shutting down.
Each icon, group tab, or toolbar button may be individually password protected. A hot-key can be assigned to bring Secure Desktop 10 to the top of the Z-order, and this may also be password protected. Passwords can change dynamically, using the Supervisor feature, to append a calculated number to any Secure Desktop 10 password. This calculation is based on the computer system date in addition to a 5 digit PIN number.
Secure Desktop 10 is now a toolbar window that spans the width of the user's screen, being placed at the top or the bottom. The shell can also be set to be at the top or the bottom of the Z-order. Icon mouse clicks can be set to single or double. The icon background color can changed. Function keys for the icons can be on or off. The tab bar can be removed if only one tab is used. The status bar can be hidden. Mouse clicks for the Tray Icons can be disabled. System icons (Volume, Network, Power) can be displayed, although it is less secure due to starting unknown programs.
Audit data is stored in XML files, in the RSS 2.0 format. Keystrokes, window titles, URLs, user name, along with disk and memory free can be stored in the XML files. Data entered into HTTPS web pages or program fields with the ES_PASSWORD flag are not logged to disk.
Secure Desktop can disable over 350 different hot-key combinations, tuned for the specific operating system in a hardware independent fashion. Please see the sidebar for the full list.
View Audit data with sAudit. View and launch Control Panel applets using sControl. View and launch file icons for a specified folder path with sExplore. View and optionally print text files with sNote. Show a wallpaper using sWall.
The Window Wizard can manipulate a window or close a program during Secure Desktop 10 shutdown. Windows are picked by title and/or menu items and then acted on to hide the window, force it to min or max state, close the window, or disable menu items for windows with the older style menu items.
Secure Desktop 10 does not have any low level file access features. However drives, files, and folders may be hidden from the end user using a combination of file attribute settings and registry settings using the Secure Desktop 10 sTools program.
Disable USB ports. Disable command-line feature of Safe-Mode. Set Auto-Login parameters.
Secure Desktop has always been designed to launch Classic Windows applications (CWA) (e.g., COM, Win32, WPF, WinForms, etc.). Windows 10 introduced the Universal Windows app (UWA). UWA require the Universal Windows Platform (UWP) which is built into the Explorer shell. Secure Desktop provides security by replacing the Explorer shell. Therefore the UWP and UWA are not supported by Secure Desktop.
Most of our customers use Secure Desktop in a mission-critical setting such as manufacturing, the pharmaceutical industry or for retail point of sale. When using Windows 10 in a mission-critical setting, Microsoft recommends using Windows 10 Enterprise Long-Term Servicing Branch (LTSB) Edition. This LTSB Edition does not support Universal Windows applications. Although Secure Desktop works on any Windows 10 Edition, we recommend that our customers carefully research the various Editions to insure a stable system. Windows 10 Enterprise LTSB Edition may be the best Edition of Windows 10 for your mission-critical setting.