The procedure that follows is based on the assumption that only authorised users (administrators) are allowed to access to the NT operating system, and those not authorised to do so (operators) can only access Citect.

1. Create an operator account and add it to the users group.
2. Create a text file named 'Citect.cmd' open this file and add the line start c:\citect\bin\citect32.exe adjust the path as necessary.
3. Copy this file to the \winnt\system32\repl\import\scripts directory.
4. Assign the new logon script to the operator. Open User Properties click on the profile button. Add Citect.cmd to the Logon Script Name.
5. If you have a button in your Citect project which starts explorer change it to Cexplorer.exe.
6. In the WinNT directory copy explorer.exe to cexplorer.exe.
7. Right mouse click on explorer.exe.  Select properties then the security tab (if there isn't one you will need to convert your hard disk format from VFat to NTFS use the cmd line utility convert.exe)
8. Click the add button from the list select 'user' then add button.
9. In the Type of Access select 'No Access', click OK then OK.
10. Next go to the winnt\system32 directory and locate Taskmgr.exe and perform the same steps as described above for explorer.exe.

From now on whenever a user logs on Citect will run, and I believe it is as secure as setting it as the shell.

When an Administrator logs on the normal desktop is started.

One note: When an operator shuts down Citect, it will not automatically log off, this can be achieve by pressing CTRL+ALT+DEL and selecting logoff.

I have only used this system for a few days now but it appears to work well. If you discover any nasty side effects please let me know.