No, you cannot. Users can't get into the configuration options without credentials, but those are considered standard end user choices - why would you want to prevent your users from rebooting, choosing their source, etc? Not really a question I'm asking, just indicating the logic behind not making those restricted items.