Bardon Logo
Home Products Support News
News Releases                              
Bardon Data Systems Releases WinU 7 And Full Control 4
Bardon Data Systems Upgrades Full Control Internet
Bardon Data Systems Partners with The Pinnacle Corporation
Bardon Data Systems Announces Full Control 3 and WinU 6
Bardon Products Address Antivirus Vulnerability
Bardon Products Provide A Complete System Lockdown Solution
Bardon Products Stop Criminals
Bardon Products Help In Compliance To Sarbanes-Oxley
Bardon Products Protect Wireless-Enabled Computers
Close menu                                     

Full Control

 

photo

Product Overview

What is Full Control? What does it do?
What are the differences between WinU, Full Control, and Full Control Internet?
What kinds of protection does Full Control provide?
What sort of organizations can benefit from Full Control?
Does Full Control include remote administration capabilities?
What activities can Full Control monitor?
Does Full Control run on the server or the client machine?
What are Full Control's main features?
What are Full Control's system requirements?
What is Full Control's price and availability?

 

Configuration and Troubleshooting

What is a group? How do I add a new group?
How do I add a new user?
How can I control which users can log on?
How do I set time limits for a user?
How do I set time limits for a program?
How do I password-protect a program? How do I require biometric validation to run it?
How can I prevent infections by malware, spyware, adware, and Trojans?
How do I lock USB ports and writable CD and DVD drives etc. to prevent data theft, and limit exposure to viruses and malware?
How can I prevent users from using Ctrl+Alt+Del?
How can I prevent users from using Safe Mode?
How can I prevent users from starting the computer in DOS?
What are Allowed Applications (Applications Allowed To Run)?
What is a managed program?
What is a non-managed program?
How do I add a managed program to a group?
How do I clone a Full Control computer's entire configuration onto another machine?
Can I use a clone data file to copy settings while installing?
How do I install Full Control from a network server?
After installing, how do I use a clone data file to dynamically update all my site's computers in a networked environment?
On the Remote Management tab, what's the difference between Look for clone updates and Always update?
After doing a clone update, what settings remain from the previous configuration?
How do I monitor World Wide Web usage?
Can I give times of day when no programs can be run?
When a program runs out of time, how do I prevent the user from just starting it again?
I want a certain program to run, but remain minimized. How do I do this?
How do I track system usage? How do I know who ran what program? How can I see reports?
How long do Full Control's message screens stay visible?
How do I prevent people from using Windows "common dialogs" as little Explorer windows?
Can I control whether the user can logoff, shut down or restart the computer?
When I try to run a program's Help screen, Full Control closes the Help window. How do I fix this?
I rebooted after an abnormal shutdown and now nothing will run. What do I do?
My computer doesn't shut down properly. What should I do?
A program acts cranky when Full Control is running. How can I get Full Control to totally ignore it?
In Win98, changing the Start menu restrictions doesn't update my settings until the next logon.
What is the issue regarding January 1 2010? Why do I need to upgrade older versions before that date?

 

Product Overview

What is Full Control? What does it do?

Full Control is a complete Windows management and security access control system. It works invisibly "behind the scenes" to oversee and manage the user's access to Windows programs and components in real-time, implementing the policies and procedures specified by the system administrator.

At the same time, Full Control provides comprehensive management and security, making it easy for system administrators to oversee and control computers remotely. It allows users full access to authorized software, yet prevents accidental or malicious system modifications. It features Intrusion Control and System Stabilization that can stop malware, spyware, adware, Trojans, and browser hijacks. It can oversee USB ports, CD burners, and similar drives to prevent both malicious intrusions and data theft. It includes software access management, time limits, logging, web-browser tracking, remote administration, and many flexible configuration options. It provides reliable access control, even in Safe Mode, while still allowing use of the regular Windows desktop. Each user can have individual security and oversight settings. These include desktop appearance, password/biometric protected programs, time limits, and many other options and restrictions. The administrator can set the maximum allowed time for each program, and for the individual user.

Full Control monitors every user logon and every running program. If you have set up a particular application as a managed program, Full Control will impose the time limits, password/biometric protection, and other control you have specified for it. Non-managed programs can be completely disallowed if desired, so they won't run. Full Control can also restrict access to interface elements such as desktop icons, Start Menu entries, Control Panel, Explorer, and web browsers. Users are in groups, and most restrictions can be "per-group" with different settings for each group.

The system administrator sets up and maintains the system. Unlike a regular user, this person has access to many system administration features that allow the administrator to set up and change the system, monitor it through usage reports and logs, and remotely control and configure Full Control computers over a network.

What are the differences between WinU, Full Control, and Full Control Internet?

All Bardon products provide comparable security access control, but do this in different ways. Each product has its own advantages. To learn more about which product will best meet your needs, click here.

What kinds of protection does Full Control provide?

Full Control allows users access to authorized software, yet prevents accidental or malicious system modifications. It features Intrusion Control and System Stabilization that can stop malware, spyware, adware, and Trojans. It can oversee USB ports, CD burners, and similar drives to prevent both malicious intrusions and data theft. It manages all running programs and lets the administrator specify the amount of time that each program can be used while allowing a warning "grace period," with customizable length and warning message, before terminating a running application. Full Control can monitor all World Wide Web browser activity, logging all accessed websites and the amount of time at each site. It can make files or folders read-only or invisible to prevent access to unauthorized data. It can monitor and control any window, such as Windows Explorer, File Open, or Save As dialogs, with which the user might access the file system. In addition, Full Control can deny or password-protect Ctrl+Alt+Del, the Delete key and right-mouse context menus in Explorer and World Wide Web browsers, and keyboard Windows and Apps keys. Full Control can disable the keyboard at startup to prevent users from bypassing Windows, and it can lock the CD-ROM drive door to prevent the removal of valuable CDs. In doing all this, it also provides an audit trail so all user activity is logged.

What sort of organizations can benefit from Full Control?

Full Control is ideal for any organization that wants to provide access to the computer, while also protecting the computer from unintended or undesired actions. Full Control is used by businesses that want to let employees use only authorized applications, by schools and public institutions that need to give patrons access to specific programs yet safeguard the computer against tampering, and by parents who want to restrict their children's usage of the family PC. The user has full access to authorized software, but can't change the computer's setup or delete important files. Full Control is easy to set up, and it prevents users from modifying the computer's configuration. These qualities make it especially useful for small to medium sized organizations that would rather not hire a full-time technical administrator to maintain the system and fix problems caused by unauthorized user modifications. However, Full Control can be considered in any situation in which users need access to software without the option of reconfiguring the computer.

Does Full Control include remote administration capabilities?

Yes. Full Control will take full advantage of a network if one is present. Full Control's system administration capabilities can maintain any size setup, from a single home PC to large networked installations. The administrator can dynamically oversee and control all managed computers enterprise-wide from one central location. This includes the ability to see real-time information and audit-trail activity reports, update, logoff, shut down, reboot or reconfigure any or all Full Control stations remotely; send popup text messages to individual Full Control stations or broadcast them to all Full Control computers on the network.

Any Full Control computer can be remotely and dynamically reconfigured. The administrator need only create one master setup, then distribute it over the network. Full Control does not require a dedicated "manager" program running on a server. The site administrator can use Full Control's "Remote Administration Manager" to control the situation from anywhere on the network.

What activities can Full Control monitor?

Full Control's built-in audit trail activity logging can track exactly when each program was run, by whom, and for how long. In addition, Full Control can track attempts to access locked files or folders, attempted password hacking, World Wide Web browser usage, malware, spyware, Trojans, and more. Full Control's built-in reports and graphs can analyze this information, or the data can be exported to any database or spreadsheet.

Does Full Control run on the server or the client machine?

Full Control includes a server component that will take advantage of a network if one is available. However, Full Control is designed to self-manage on each individual client machine even when its server component is unavailable. Not all computers are always connected to a network. For example, consider an account rep who carries a laptop containing sensitive information. Even when it's not connected to a network, it still needs to be secure, managed, and protected against malware. Also, servers and networks can go down. When that happens, you don't want your security going down with it. Full Control will protect the client machine so long as that machine can run.

What are Full Control's main features?

• System Stabilization prevents unauthorized software installation or changes
• Intrusion Control prevents malware, spyware, adware, Trojans, and browser hijacks
• Prevents data theft from USB ports, writable CD or DVD drives, and similar
• Network-based central administration (optional: no network required)
• Allow time per session, time per day, time per week
• World Wide Web browser monitor
• Prevents Web browser from accessing files on local hard disk
• Read-only or invisible files and folders
• Define blockout periods, during which nothing is available
• Ctrl+Alt+Del blocking
• Windows/Apps keys blocking
• Internet and Dial-Up Networking control
• CD-ROM door locking
• Individual time limits and security settings for each application
• Individual time limits and security settings for each user
• Password protected Safe Mode
• Waiting periods before an application is allowed to restart
• Window Monitor can manipulate or close any window when it appears
• Set Open/Save dialogs to that user's proper directory
• Configure one Full Control computer, then distribute copies enterprise-wide
• Diagnostic tools to aid in helpdesk support
• Audit trail log monitors all user and program activity
• Built-in reports and graphs, or export data to any database or spreadsheet
• Desktop configuration control to handle the most demanding public access situations

What are Full Control's system requirements?

Full Control runs under Windows 95, 98, ME, NT, 2000, XP, Vista, Windows 7, or Windows 8 (32 bit x86). Running under Windows 8 requires using a tool such as WinAero's free Skip Metro Suite to disable the new-style Windows overlay. Full Control includes a thorough Windows-standard uninstaller. Its files take up 1 to 2 MB of hard disk space, depending on the options selected.

What is Full Control's price and availability?

Full Control is shipping now. Price is $59.95 single copy, and quantity discounts are available. Discounts are also offered for educational institutions, VARs/resellers, and current user upgrades. A "test-drive" evaluation version can be obtained from Bardon Data Systems.

 

Configuration and Troubleshooting

What is a group? How do I add a new group?

A "group" is a set of settings. Each user is in a group. When that user logs on, the group's settings are applied. To add a group, bring up the Choose Group screen and click the Add button. The Group Setup screen is displayed, which lets you name the group and provide all its settings.

How do I add a new user?

To add a user, bring up the Choose User screen and click the Add button to list the new user's logon name. On this screen, you can also import a large number of users at once from a file. Each user is in one group. After listing a new user, you can add that user to a group.

Full Control includes a Default Group. This group's settings are used if the logged-on user's name is not in any other group. This is very handy. it means that most users will not need to be added to any group. The only users you will need to explicitly add to a group are the "special" users that need non-standard settings. The majority of your users can get the standard settings listed in your Default Group.

How can I control which users can log on?

Use the logon validation options on the first tab of the System Setup screen. You can set this to allow access only to users known to Full Control, or only to users known to Windows, or to rely on your network-based logon validation.

How do I set time limits for a user?

Each user is in a group. To set time limits or any other controls, modify settings for the group which the user is in. On the Configuration screen, click the Groups button and choose a group. The Group Setup screen will be displayed. Go to the Time Control tab. In the Total Minutes Allowed box enter the number of minutes allowed for this user. In the Grace Period box enter the number of minutes before timeout at which Full Control will show its warning screen and play its warning sound. Both the warning screen and the warning sound can be disabled from any program's Advanced screen, which is helpful if that program cannot tolerate sounds or popup messages from other applications. Choose how often the maximum time will be reinitialized. Every day at midnight? Every week at Sunday midnight? Every time the user logs on to the user? Never? Up to you.

What will happen when a user runs out of time? Use the first tab of the System Setup screen to choose whether to logoff the user, shut down the computer, or display a "no time left" screen and prevent access to anything other than that screen.

The administrator can also set these time limits remotely through the Remote Administration Manager.

How do I set time limits for a program?

You can set time limits for individual programs. What group is this user in? Open the Group Setup screen and go to the Managed Programs tab. Select the application for which you wish to set a time limit. In the Minutes Until Warning box enter the number of minutes Full Control should wait before a time-out warning is issued. In the Minutes Until Termination box enter the number of minutes you would like the application to run. This number must be higher than the Minutes Until Warning. If you want the application to be inaccessible for a period of time after termination you can set the Minutes Until Restart Permitted. Click Change to update this program's settings.

How do I password-protect a program? How do I require biometric validation to run it?

You can password-protect almost any Windows program. To do this, set up the application as a Managed Program. You can provide a password on the Managed Programs tab. You can also require biometric validation, for example a fingerprint scanner. Set biometric validation for this program on the Advanced screen of the Managed Programs tab.

How can I prevent infections by malware, spyware, adware, and Trojans?

Computers that connect to the Internet run the risk of infection by a variety of threats. Traditional antivirus or firewall software leaves holes that can be exploited by such malware. Full Control includes Intrusion Control that can protect against these threats.

To activate the Malware Monitor feature, go to the Intrusion Control tab and check the "monitor for changes" box. Next, should the Malware Monitor automatically fix problems when they are discovered? Ask the user what to do? Or take different specific actions for different specific threats? Select the option that meets your needs. If you want to take specific actions for specific threats, click the What To Monitor button to indicate your choices on that screen.

There is also a box you can check if you want the Malware Monitor to display a screen showing what it did. It'd be distracting to use this option in production situations, but it can be very useful when you are initially setting up your computers, because it will tell you exactly what the Malware Monitor found. This can help you fine-tune your initial configuration, especially if you are using the "specific action" option.

How do I lock USB ports and writable CD and DVD drives etc. to prevent data theft, and limit exposure to viruses and malware?

Full Control includes Intrusion Control that can oversee data flow to and from USB ports and similar external sources, such as read/write CD and DVD drives. Today, tiny USB drives can easily hold thousands of pages of confidential data that could critically harm businesses if it fell into the wrong hands. Writable CD and DVD drives can also create this problem. The Intrusion Control features can remove the threat of unauthorized data leaving the computer (data theft) as well as preventing unwanted data entering the computer (spyware, malware, adware, Trojans, and similar nasties).

To activate this feature, go to the Intrusion Control tab. At the top of the tab, choose the option that meets your needs. Full Control can protect all unused USB ports and drives at startup, or you can list the specific ports and drives you want Full Control to lock down. Full Control can write-protect these drives so no data can be saved to them, or it can remove them completely (read-protect plus write-protect) so they cannot be used at all. This second option is a good way to eliminate these drives as an entryway for viruses or malware.

How can I prevent users from using Ctrl+Alt+Del?

Full Control can completely disable Ctrl+Alt+Del, or password-protect it. To set this up, select the group to which you want to add this protection. On the Input Control tab, check the box to disable Ctrl+Alt+Del. If you don't give a password, when the user presses Ctrl+Alt+Del nothing will happen. If you do give a password, when the user presses Ctrl+Alt+Del the password box is displayed. If the user gives the Ctrl+Alt+Del password, the regular option appears (Task Manager, Close Programs box, or Windows options screen).

How can I prevent users from using Safe Mode?

Full Control can password-protect Safe Mode. Safe Mode disables many of the usual Windows protections, so many administrators prefer to limit access to this mode. To password-protect Safe Mode, go to the Security Settings tab of the System Setup screen. Check the box which controls Safe Mode protection. With this in place, the Full Control setup password is required to use Safe Mode.

How can I prevent users from starting the computer in DOS?

There are two parts to preventing a user from starting the computer in DOS: 1) set up Full Control to disable the keyboard at startup, and 2) change your computer's CMOS boot sequence to ensure it tries to boot from your hard disk before trying any other drive.

To disable the keyboard at startup, start Full Control and go to the Security Settings tab. Make sure the option to Allow DOS start menu and function keys to be used at bootup is not checked. Click OK to save your settings. In Windows 9x, this will disable the keyboard until Windows is up; in NT/2K/XP/etc. it will immediately auto-select the default choice on the Boot Loader menu. While you're on this tab, you may also want to disable the DOS "breakout" keys so the user can't bypass the real-mode ("DOS") part of the Windows 9x boot process.

Changing the computer's CMOS boot sequence ensures that the computer can't be booted from a CD or floppy disk unless the normal hard disk is unavailable. The method for doing this is system-dependent. Accessing your CMOS is usually done by pressing the DELETE or F10 key during the boot-time system memory test (the first screen you see when your computer starts). This gets you into your computer's CMOS setup screen. Every PC hardware vendor's screen is a little different, but in general, you should look for a 'boot sequence' or 'boot order' setting. This specifies the order in which your drives are accessed at startup. You want to make sure that your regular hard disk is tested first. Let's say your boot sequence is set to A,C which tests the A: drive first, and if it can't boot from there it tests the C: drive. Change the boot sequence from A,C to C,A. This will cause a boot disk in the A drive to be ignored at boot-time unless there is no C drive. You should also password protect your CMOS to prevent anyone from changing these settings back. Be very careful when changing your CMOS settings. Doing the wrong thing can render your computer inoperable. If you are not comfortable doing this yourself, you may want to contact your computer manufacturer or an experienced hardware service technician.

What are Allowed Applications (Applications Allowed To Run)?

Full Control can restrict the programs which can be run by a user. Applications listed as Managed Programs are always allowed to run, subject to their individual time and password restrictions. As for other programs, if the Access tab's restrictions have been activated, other ("non-managed") programs can be run only if they are listed on the Access tab as Applications Allowed To Run. See the discussion of that tab's features for more options when setting up Applications Allowed To Run.

What is a managed program?

A managed program is one that is listed on a group's Managed Programs tab. It can have password/biometric restrictions, time limits, restart control, and other settings. If desired, Full Control can terminate managed programs when the user runs out of time. Different groups will have different lists of Managed Programs.

What is a non-managed program?

A non-managed program is any application which is not listed on a group's Managed Programs tab. Non-managed programs are subject to Intrusion Control, Window Control, and File Control, and are logged when they start and end, but no other time control is imposed. If desired, Full Control can terminate non-managed programs when the user runs out of time.

How do I add a managed program to a group?

Start Full Control and go into Setup mode. Choose a group and click Change to open the Group Setup screen, then flip to the Managed Programs tab. Enter the Program Label, the Executable File, and any other settings you want, then click the Add button at the bottom of that tab.

Starting with Full Control 3, managed programs do not need to be specified with a path. Older versions required managed programs to be specified with a full path, so the same managed programs in another folder would not match. But currently, managed programs only need the final filename, not the full path, so the executable will match no matter where it is in the file system. This is simpler to set up and allows you to use the same clone file on non-identical computers.

How do I clone a Full Control computer's entire configuration onto another machine?

You can easily clone Full Control installations. Set up Full Control once, on one master computer, the way you want it with all desired settings and programs. Then use the clone feature to create a clone file with all the settings of the one master computer. On the Remote Management tab of the System Setup screen, click Export Clone File. After exiting the System Setup screen, the clone data file will be saved. A clone file can be copied to other machines in many ways. It can be automatically imported when first installing, automatically updated over the network later, broadcast to some or all of your computers by the administrator using the Remote Administration Manager, or imported manually into one machine locally by the administrator.

Can I use a clone data file to copy settings while installing?

Yes. Copy a clone data file named clonefc.bds to the shared network folder with the Full Control install files, or the Full Control install disk if installing from writable distribution media. Install Full Control from the network server or disk. In an interactive manual install, if you have copied clonefc.bds to the same directory as the install program (install.exe), you will be asked during installation if you wish to copy the clone information to the new computer. In an automated unattended install, if the installer finds clonefc.bds in its same folder, the clone file will be used. In either case, after installation the new computer will have the same Full Control settings as the master system.

How do I install Full Control from a network server?

You want to run the Full Control installer from a network directory which is visible on the target computer (the one you want to install onto). To do this, copy all the Full Control files (from the install disk or download) to a network directory which is visible on the target computer. You can do a regular interactive install, or an automated "quiet" install. Either way, you'll launch install.exe on the target computer, using appropriate parameters if doing a "quiet" install. The installation process will begin. If you are doing an interactive install, you will be prompted for the target folder. You must choose a folder on the local computer, because Full Control will not run if installed to a network folder. If you have also placed a clone data file named clonefc.bds into the same directory as the Full Control installer program, its clone information can be automatically copied to the new computer.

After installing, how do I use a clone data file to dynamically update all my site's computers in a networked environment?

You want to make a clone data visible to all the target computers, and set up the target computers to update themselves when they see it. To do this, save the settings of the master computer (the one with the settings you want to copy) to a clone data file, as described above. Make sure the target computers (the computers to be updated) are monitoring a network folder for clone update files. To do this, on the Remote Management tab check the Look for clone updates box and give the data-source folder name. This computer will now monitor that folder for clonefc.bds files whenever you start Full Control. If you want to use a datasource filename other than the default clonefc.bds, give a datasource filename with the folder name, and Full Control will look for that specific file. You can also update the clone-location settings remotely using the Administration Manager.

On the Remote Management tab, what's the difference between Look for clone updates and Always update?

Look for clone updates will update Full Control's settings whenever a new clone file is placed in the AutoUpdate folder. Always update will update Full Control's settings at every startup regardless of whether the clone file has been read previously. Both of these settings, and the network location of the clone update file, can be sent remotely from the Administration Manager.

After doing a clone update, what settings remain from the previous configuration?

A clone update replaces most settings, but not all. If a new AutoUpdate file/folder is not given in the clone information (or is given but doesn't exist), the old name is retained. Also, licensing information is generally carried over to the new computer in the clone file, but if desired the clone file can be set up so the target computer retains its existing license information.

How do I monitor World Wide Web usage?

Full Control can monitor all websites that are visited while Full Control is running. To activate this feature, use the Event Log tab to set up Full Control for logging, and check the web browser monitor box on that tab. Full Control will log the website URL, title and the number of minutes at each site, for all websites visited through Netscape, Mozilla, or Internet Explorer. This information can be viewed through Full Control's built-in reports.

Can I give times of day when no programs can be run?

Yes. In addition to the restart control and cumulative time testing, you can also set per-group blockout periods, for example "Every Tuesday 9 pm to 11 pm" or "Every weekday 7:30 pm to 8:30 pm". A group can have any number of blockout periods. During these periods, no programs will run while a member of that group is logged in, except those managed programs you have specifically allowed to run for a timed-out user.

When a program runs out of time, how do I prevent the user from just starting it again?

You can set up restart control for any managed program. This is done from the Managed Programs tab of the Group Setup screen. Full Control won't let the user restart a program sooner than the restart time you've set up for that program. If this is set, then after a program is exited (or forcibly terminated by Full Control), it cannot be restarted again until that much time has passed. Program restart control, cumulative time limits, and blockout periods keep track of program and user usage regardless of logons and logoffs.

I want a certain program to run, but remain minimized. How do I do this?

To start a program at logon and keep it running throughout the user's session, set it as a Managed Program and, on the Advanced screen for that program, check the box labeled AutoRun, then keep program running until logoff or timeout. You can also, of course, put the program in the computer's Startup folder, but this can be bypassed by the user, and it does not keep the program running throughout the session.

To keep the program minimized, set Full Control's Window Control to look for that program's titlebar text and send such a window the keystrokes % N (percent, space, letter N). This sends an Alt+Spacebar to bring up its System menu, then N to activate the System menu's Minimize command.

How do I track system usage? How do I know who ran what program? How can I see reports?

Full Control features detailed logfile tracking of events. It also has built-in usage reports and pie-chart graphs which summarize its audit trail information to let you see who did what. These reports can be viewed and printed.

You can set up Full Control's built-in logging to track usage to the level of detail which is of interest to you. From the Configuration screen choose System Setup and go to the Event Log tab. Give the logfile name. If the file does not exist it will be created. Select events to track under What To Log.

You can use the Reports tab of the System Setup screen to generate reports from this logfile. There are dozens of built-in reports. You can also import the logfile into any other tool to create other reports of any kind.

How long do Full Control's message screens stay visible?

By default, Full Control's password screen will time out and go away after thirty seconds, but you can set this to a different value if you like. Full Control's big-font popup messages time out and go away after two minutes.

How do I prevent people from using Windows "common dialogs" as little Explorer windows?

Most Windows programs use the standard Windows "common dialogs" to open or save files. Presenting the same dialogs in all programs means that the user does the same thing in the same way in all programs. This is good. However, by default these Open and Save dialogs let the user right-click on any displayed file or program and change its attributes, or even run it. They also let the user delete selected files with the Delete key. This is bad. To plug these security holes, check the box on the Input Control tab labeled "Lock down Windows Explorer, the desktop, and open/save screens." This will disable right-click menus and the Delete key in these common dialogs. They are also disabled in Explorer and on the Windows desktop.

Can I control whether the user can logoff, shut down or restart the computer?

Yes. Go to the Group Setup screen's Input Control tab. In the Start Button Options section, check the box labeled Disable the Logoff command or Disable the Shut Down command. If you want to allow password-protected logoff or shut down, provide passwords on the Input Control tab which can be used with Full Control's tray icon menu. Also, the setup password will always allow access to these menu items.

When I try to run a program's Help screen, Full Control closes the Help window. How do I fix this?

You have probably set up this group to not allow non-managed windows. To allow all helpfiles, list winhelp.exe (the Windows help program) as an Allowed Application by filename, so Full Control allows it to run. To allow just certain helpfiles to run, use the lenient setting instead of strict, and list the window titles of the allowed helpfiles instead of the filename of the help program itself. To add this, on the Group Access tab click the button labeled Filenames or Window Titles, as appropriate. Enter the actual filename or title bar text that you want to allow. Click Add, then click OK. Click OK again. Help should now run.

I rebooted after an abnormal shutdown and now nothing will run. What do I do?

If you have controlled Allowed Applications with the strict option, and if for any reason Full Control does not exit normally, the low-level "don't run" settings will still be in place, and almost nothing on your computer will run. This is rare, but computers are not infallible. If it happens, Full Control provides a number of recovery options. They are listed below in the recommended order.

First, generally Full Control itself will still run, so just start Full Control and exit (immediately if you like). Doing so will clear any leftover control settings.

If you can't launch Full Control normally, try starting in Reset Mode. You can run the Full Control Reset program (reset.exe) from the Start menu, from Explorer, or in any other convenient way. Like Full Control itself, reset.exe should always run. As above, simply start Full Control and exit normally to clear the settings.

Or, restart the computer in Safe Mode. Strict security settings are ignored in Safe Mode, so Full Control will always run. Launch Full Control and then exit normally; the security settings will be cleared. Then reboot in regular Windows and you'll be back to normal.

My computer doesn't shut down properly. What should I do?

Full Control offers three ways it can shut down your computer. Strong Shutdown is the most secure, however some computers hang at exit when using the Strong method. If this happens, try the Medium or Soft shutdown method.

A program acts cranky when Full Control is running. How can I get Full Control to totally ignore it?

Full Control totally ignores system components such as the Taskbar or desktop. Sometimes it's useful to treat an application as if it were a system component too (for example a fax monitor, proxy software, or antivirus application) if it doesn't respond well to Full Control's oversight monitoring. To leave such a program completely undisturbed by Full Control, go to the first tab of the Group Setup screen and list it as an Allowed Filename. Check the "system component" box on the add-entry screen. You'll generally list it by filename, but you can also list it by window title.

In Win98, changing the Start menu restrictions doesn't update my settings until the next logon.

This is a documented bug in Windows 98. In Windows 95, ME, NT, 2000, XP, or later, if you go into Setup Mode or exit from Full Control, your Start menu is immediately restored. But Win98 only accepts updates at logon. Even if you go into Setup Mode, or completely exit from Full Control, you'll find that the elements you removed from the Start menu won't be replaced. To handle this, Full Control has a special option to force Windows to re-read these settings. Go to the first tab of the System Setup screen and check the box labeled Reset the Windows interface on exit.

What is the issue regarding January 1 2010? Why do I need to upgrade older versions before that date?

If you are using older versions of Bardon software, you should upgrade before the end of 2009. For most of you this will be a free upgrade under your Maintenance Plan subscription.

Why? Many years ago we began including a date/time "sanity check" with all of Bardon's software, because we noticed a number of programs that would go haywire if the system date was maliciously set into the far future. To prevent this, if the system date was set in the far future, our software set it back to a reasonable date.

That "far future" trigger date was January 1 2010. When older versions of our software see that (or later) as the system date, they will change the system date to a date between 2002 and 2006, depending on what version you have. So if you are using older versions, you will want to upgrade to the current release.

The relevant versions are

WinU 4.x and 5.x
Full Control 1.x and 2.x
Full Control Internet 1.x

Some versions of WinU 6 and Full Control 3 are also included.

If you aren't sure whether your version is included, or just want to check, feel free to contact us to ask.