How about less?
I didn't find a Group Policy to stop it. The closest I could find through Group Policy was Software Restrictions. Restricting the file C:\Windows\System32\utilman.exe stops it from being run while logged in, but not on the logon screen.
However...
Changing the permissions on utilman.exe works wonders!
1)
Take ownership of the file first!!! VERY important!!! Make sure that you make your user account or a group that your account is a member of the owner!!!
2) Remove all permissions to the file (yes, that includes Administrators, Users, TrustedInstaller, and SYSTEM). You'll get a warning saying that nobody can access the file and only the owner can change permissions. Go ahead and click "Yes."
NOTE: If there are minimal permissions that can be assigned without allowing the button to work, I'll find out shortly and edit this post.3) Reboot.
4) Try clicking the Ease of Access button on the logon screen.
5)
??
6) Profit! (aka: nothing happens)
Now, to mass deploy something like this, you'll probably have to use a batch file containing a
for loop, a list of computers in a text file, connect to \\computername\c$\windows\system32, and run a series of icacls commands against utilman.exe that would allow the domain admin to take ownership and nuke all the permissions on each utilman.exe file.
EDIT: I've tried only the SYSTEM account with Read permissions, and that restores functionality to the button. Same with only Users Read and Administrators Read. So what I said still stands: NUKE 'EM ALL!!!! You might be able to get away with granting only one individual user account access, though...
