In Windows 2000, There are registry keys to disable nearly everything.
I'm a net admin trying to deal with a SERIOUS mischeif problem among
the users.  They're changing file properties (read only, hidden) and
sometimes the ACLs, and unfortunately I can neither assault nor fire
them.  So I am stuck trying to make it impossible for them to do this.
 I've searched or a while and found no way so far.

I'm comfortable that the users will not us using ATTRIB in dos, and
there are vlaid reasons for applications we use to set a file to read
only or hidden, so i don't want to keep the comptuer from being able
to set attributes.  Rather, I would like to disable that nice tab that
comes up with you right click a file.  I cannot just disable right
clicking, however, because other apps need it, and, for example, the
users need to be able to empty the recycle bin via right-click.

What I need, would be similar to when you disable changing the
screensaver via its tab in the "display properties" window by
applying:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
;hide screen saver page
"NoDispScrSavPage"=dword:00000001

Even more preferable would be "greying out" the checkboxes.  This way
they would be unable to change it, and would know its there, but has
been disabled. (Thus they would know the admin is aware of their
abuse.)

Again, what i want to restrict is the part of the user shell which
GUIs attribute changing.  I don't want to do away with attribute
changing altogether.  I just want to keep the windows GUI shell from
changing it.  Also of note is that the users are and must be logged in
as administrator, and the solution must use a registry key.  All of my
policies are applied via .reg files, and most of the apps are picky
enough that they only run as admin.

I realise that if they got smart enough they could change the reg
back, but that's not a problem.

If in your network, on computers it is established WINDOWS 2000 I
advise, that on them HDD disks the file system would be converted in
NTFS. It will allow to set restrictions for users on change of
sanctions of files.
If in a network it is a lot of such computers, You must be
installation Windows 2000 Server for the centralized management (with
started service AD) probably is required

I don't know if you can see my correspondence with the previous
suggestion, but the solution ABSOLUTELY CAN NOT involve NTFS.  Firstly
NTFS is already on the systems.  The users must be local admins for
software to work though and they know how to change it.  Furthermore,
I have batch files that execute as that user and must be able to
change them.  I DO NOT WANT TO RESTRICT A DIRECTORY.  I WANT TO
RESTRICT THE USER SHELL.