Blacklisting Applications
I had an email from a partner of ours who was looking to stop a user from changing the time on a Windows Mobile device.
I discovered that this can be achieved quite easily by modifying the following registry key. HKLM\Software\Microsoft\Clock\AppState
If it’s 11 hex they can change the time – if it’s 10 hex the clock applet won’t run.
This then lead to a broader discussion of whether it is possible to prevent certain applications from being run. My colleague Rabi Satter directed me to a great blog article he has written which describes how to setup a list of programs that are not allowed to run regardless of whether they have valid certificates or in ROM.