From baad469be6dcdc59b9dc2b0e658cd17a319557a6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Damian=20B=C3=BCchel?= <damian.buechel@let.ethz.ch>
Date: Wed, 8 Feb 2023 19:40:32 +0100
Subject: [PATCH] SEBWIN-633: Attempt to completely remove ease of access
 option from Security Screen.

---
 .../MachineHive/EaseOfAccessConfiguration.cs               | 7 ++++++-
 .../MachineHive/RemoteConnectionConfiguration.cs           | 6 +++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/SafeExamBrowser.Lockdown/FeatureConfigurations/RegistryConfigurations/MachineHive/EaseOfAccessConfiguration.cs b/SafeExamBrowser.Lockdown/FeatureConfigurations/RegistryConfigurations/MachineHive/EaseOfAccessConfiguration.cs
index 7401e111..f386acd8 100644
--- a/SafeExamBrowser.Lockdown/FeatureConfigurations/RegistryConfigurations/MachineHive/EaseOfAccessConfiguration.cs
+++ b/SafeExamBrowser.Lockdown/FeatureConfigurations/RegistryConfigurations/MachineHive/EaseOfAccessConfiguration.cs
@@ -12,11 +12,16 @@ using SafeExamBrowser.Logging.Contracts;
 
 namespace SafeExamBrowser.Lockdown.FeatureConfigurations.RegistryConfigurations.MachineHive
 {
+	/// <summary>
+	/// Controls whether the ease of access option is available on the Security / Login Screen of the operating system. See also
+	/// https://learn.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-embedded-embeddedlogon-brandingneutral.
+	/// </summary>
 	[Serializable]
 	internal class EaseOfAccessConfiguration : MachineHiveConfiguration
 	{
-		protected override IEnumerable<RegistryConfigurationItem> Items => new []
+		protected override IEnumerable<RegistryConfigurationItem> Items => new[]
 		{
+			new RegistryConfigurationItem(@"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Embedded\EmbeddedLogon", "BrandingNeutral", 8, 0),
 			new RegistryConfigurationItem(@"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Utilman.exe", "Debugger", "SebDummy.exe", "")
 		};
 
diff --git a/SafeExamBrowser.Lockdown/FeatureConfigurations/RegistryConfigurations/MachineHive/RemoteConnectionConfiguration.cs b/SafeExamBrowser.Lockdown/FeatureConfigurations/RegistryConfigurations/MachineHive/RemoteConnectionConfiguration.cs
index 08deb342..183977f7 100644
--- a/SafeExamBrowser.Lockdown/FeatureConfigurations/RegistryConfigurations/MachineHive/RemoteConnectionConfiguration.cs
+++ b/SafeExamBrowser.Lockdown/FeatureConfigurations/RegistryConfigurations/MachineHive/RemoteConnectionConfiguration.cs
@@ -16,13 +16,13 @@ namespace SafeExamBrowser.Lockdown.FeatureConfigurations.RegistryConfigurations.
 	/// Specifies whether Remote Desktop connections are enabled.
 	/// 
 	/// See https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-terminalservices-localsessionmanager-fdenytsconnections:
-	/// •	0 = Specifies that remote desktop connections are enabled.
-	/// •	1 = Specifies that remote desktop connections are denied. This is the default value.
+	///		0 = Specifies that remote desktop connections are enabled.
+	///		1 = Specifies that remote desktop connections are denied. This is the default value.
 	/// </summary>
 	[Serializable]
 	internal class RemoteConnectionConfiguration : MachineHiveConfiguration
 	{
-		protected override IEnumerable<RegistryConfigurationItem> Items => new []
+		protected override IEnumerable<RegistryConfigurationItem> Items => new[]
 		{
 			new RegistryConfigurationItem(@"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server", "fDenyTSConnections", 1, 0)
 		};