With an emphasis on creating a versatile multi-user system, this document outlines a number of simple registry tweaks, covering three specific areas:
1. Performance Enhancements. 2. Restricting Access on Multi-user Machines. i. Explorer and System Management Entries. ii. Desktop Management Entries. 3. "Beautification". i. Photoshop ShellNew entries. ii. Low Disk Space Notification. iii. Balloon Tips.
This document assumes that the reader has a decent working knowledge of computer management and editing the system registry under Windows XP. It goes without saying (although I will say it anyway) that (a) if you don't know what you're doing, perhaps you should stay away, and (b) you should always back up your registry before making potentially disastrous changes to it. Please don't blame me if you screw up.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDll]and change the default data value to 1.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "MaxConnectionsPerServer"=dword:0000000a "MaxConnectionsPer1_0Server"=dword:0000000aTo remove the welcome screen at bootup, in theory speeding up boot times:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoWelcomeScreen"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoWelcomeScreen"=dword:00000001Note that while the first entry should do the trick, the current_user entry ensures that this is the case.
[HKEY_CURRENT_USER\Control Panel\desktop] "AutoEndTasks"="1" (closes running apps on shutdown - default value is 0) "HungAppTimeout"="500" (default value is about 10 times this) "MenuShowDelay"="50" (menu popup delay - default value is about 10 times this) "WaitToKillAppTimeout"="2000" (waittime before windows shuts down - default value is about 10 times this)
Setting up multiple-user machines often requires that the end-users are restricted in their ability to roam the system, preventing them from making changes willy-nilly, deleting files and generally making a nuisance of themselves. Multiple-user systems can be an administrative nightmare, but a few simple steps can severely impede your users from destroying the system you have lovingly built for them.
Firstly, create a dummy user with administrative privileges. Log on as this dummy user. Open up the registry using regedit. There are two areas of the registry that are of relevance here:
i. explorer and system management entries - protecting the system. Firstly, in explorer, select tools options view select "do not show hidden files and folders" and select "hide protected operating system files (recommended)" Now, in the registry, find: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] and create the following entry: "NoFolderOptions"=dword:00000001
Next, back in explorer, hide (right click, then select "properties" from the context menu) all directories/folders that you don't want you users to see. When given the option, just hide the top of the folder trees, leaving all the files within unchanged.
Using tweakui, in "my computer" hide all the drives that you don't want your users to see (programs can still be run from within these hidden drives, folders and directories, the users just wont be able to see the files within them.) I prefer to hide just about everything bar the users' document and settings directory - what they can't see, they can't destroy!
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoManageMyComputerVerb"=dword:00000001 "NoPropertiesMyComputer"=dword:00000001This will prevent your users from accessing the system properties window, or from being allowed to modify the various changes you make to the registry.
@echo off msg /w /time:20 * Auto-shutdown! Press OK to continue. c:\windows\system32\rundll32.exe powrprof.dll, SetSuspendState Hibernate shutdown -l -t 0
Users can use this to force the machine into hibernation but, when the machine is turned on again, the batch file continues, logging out the user and returning them to the login screen. Secondly, create a power profile so that, when the user presses the power button on the computer, the system hibernates rather than shuts down. (See also the selection below on power profiles.)
Now, as the system administrator (not the dummy user) create two new jobs in the task scheduler, one called "reboot", the other "hibernate". Their names are self-explanatory.
While "reboot" should call a batch file containing the following:
shutdown -r -t 0"hibernate" should call a batch file containing the following:
c:\windows\system32\rundll32.exe powrprof.dll, SetSuspendState Hibernate
Under the settings section for both jobs, ensure that, for power management, "Wake the computer to run this task" has been turned on, while the other two options, "Don't start the task if the computer is running on batteries" and "Stop the task if battery mode begins" are unchecked. Set the two jobs to run everyday, at a time when your users are unlikely to be inconvenienced (the middle of the night is an obvious time) - the two jobs should be set to run a few minutes apart, with the "reboot" job being the first to run.
The principle behind running these two seperate batch jobs is as follows. Firstly, to allow for optimum system performance, it is advisable to occasionally reboot your machine, as opposed to always pushing it into hibernation. Secondly, this setup ensures that, if a user abandons the machine overnight and is still logged in to their account, when the machine is turned on again in the morning, users are presented with a login prompt, rather than access to somebody's account.
To prevent similar problems occuring during daytime use, it is advisable to prompt the user for a password when the computer resumes from standby. This can be setup on the "advanced" page of the power options aplet.
Finally, log in again as the dummy user. Edit the registry once more and, if it does not exist, create the following registry key:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Task Scheduler5.0] Within this registry key, create the following DWORD values: "Property Pages"=dword:00000001 "Execution"=dword:00000001 "Task Deletion"=dword:00000001This will prevent your users from interfering with the two scheduled tasks you have setup.
ii. Desktop Management Entries. Remember, you should still be logged on as the dummy user (with administrative priviliges) when performing the following registry changes. Power Profiles. To prevent your users from altering the power profile you have created, in the following registry key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] add: "NoDispScrSavPage"=dword:00000001 Display Settings.If you want to preserve your functioning desktop, you can prevent your users from making any changes (right clicking the desktop and selecting "properties" from the context menu) by adding the following to the same registry key as before:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "NoDispSettingsPage"=dword:00000001 "NoDispBackgroundPage"=dword:00000001 "NoDispAppearancePage"=dword:00000001Employing all four of the above DWORD entries will effectively remove all the standard tabs from the desktop properties window.
[HKEY_CURRENT_USER\Control Panel\desktop] change:-
Entries suitable for removal are: appwiz.cpl - add / remove programs applet. desk.cpl - desktop control panel window. hdwwiz.cpl - add new hardware applet. main.cpl - mouse and keyboard applets. mmsys.cpl - sound and audio setup applet. nusrmgr.cpl - user accounts. powercfg.cpl - power options. sysdm.cpl - system applet. tweakui.cpl - tweak. Now, log off and log on again as administrator.Change dummy user's privileges to limited. Logon and logoff dummy user once more, logon as administrator then copy the dummy user profile into the default user profile in documents and settings using:
control panel system advanced user profiles - click on settings select dummy, then "copy to" select default user under documents and settings and press OK.Finally, to ensure that the default desktop wallpaper is being used, copy the contents of:
C:\Documents and Settings\[dummy]\Local Settings\Application Data\Microsoft to:- C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft Now, all new users you set up will have the same initial setup, desktop and restrictions as your dummy user.
If, like me, you hope to run a clean machine, you may be inclined to reduce the number of superfluous features available during the everyday operation of your XP system. One feature I personally find rather unnecessary is the unwanted addition of new files types to the shellnew menu (the various file-types you can create by right clicking on the desktop or in a folder, then selecting 'new') that occurs whenever I install a new application. Fortunately, by using tweakui or one of its counterparts, it is possible to control your shellnew entries. However, if you deselect adobe photoshop (.PSD) inside tweakui, you will soon discover that, although the entry is temporarily removed from the right-click new file list (even after rebooting), as soon as you run photoshop again, the entry reappears on the list, and again has to be removed via tweakui. Even removing the following entries in the registry:
[HKEY_CLASSES_ROOT\.psd\ShellNew] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.psd\ShellNew]makes no difference - as soon as you run the application, back they come again, like the veritable bad penny.
Windows Registry Editor Version 5.00 [-HKEY_CLASSES_ROOT\.psd\ShellNew] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.psd\ShellNew]Then, create a batchfile called say photoshopfix.bat and place within it the line:
regedit /s photoshopfix.regPlace both photoshopfix.reg and photoshopfix.bat in the following directory:
C:\WINDOWS\SYSTEM32\GroupPolicy\Machine\Scripts\ShutdownFinally, from the run menu, type gpedit.msc to open up the group policy editor and select:-
local computer policy computer configuration windows settings scripts (startup/shutdown) and select shutdown in the right hand window click on add, then click on "browse" goto C:\WINDOWS\SYSTEM32\GroupPolicy\Machine\Scripts\Shutdown if you are not there already and select photoshopfix.batNow, every time you reboot your machine, any changes made by photoshop to the shellnew menu will be automatically removed.
I am a big fan of using custom-sized paging (swap) files, and providing them with their own disk space. Whenever you set up a new computer, create a separate logical drive the same size as the required swapfile (about one and half to two times the size of available system RAM) and then, after installing windows, select via system options in the control panel the following:-
advanced performance advanced virtual memory.
Now, prevent windows from controlling the paging file and instead create and set a custom paging file on the drive you have setup specifically for this purpose, setting both the minimum and maximum values of the paging file to the total size of the drive.
However, doing this creates a new problem. Once you have assigned the entire drive space of the logical "swap" drive to this newly created paging file, windows becomes determined to constantly remind you that you are running out of disk space on this drive. Under older versions of windows, it was possible to control this feature using the following registry entry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem] "DisableLowDiskSpaceBroadcast"=dword:00000032The DWORD values for this registry entry are documented here, and here.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoLowDiskSpaceChecks"=dword:00000001Unfortunately, if you have other drives where you need to know if you are running out of space, then this is not a viable alternative.
To do this, under: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver] add the following registry entry: (NB if default = 10% "DiskSpaceThreshold"=dword:00000010) "DiskSpaceThreshold"=dword:00000001
then reduce the size of your paging file to slightly less than 99% of the total size of your swap drive, and you will no longer receive "out of disk space" messages for this drive, while any other drives dropping below this 1% limit will continue to generate low disk space broadcast messages.
iii. Balloon Tips.
Once you've grown used to windows, it's unlikely to hold many surprises for you. If you no longer want to experience the often irritating balloon tips that appear whenever something "of importance" happens on your system, modify the following registry entries.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoSMBalloonTip"=dword:00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced] "EnableBalloonTips"=dword:00000000
There are obviously a myriad other little tweaks that you can perform to control your system but, in general, I find that the above setup provides for a fast, secure multi-user machine.
For a more comprehensive list of registry tweaks available for Windows XP, please refer to http://j79zlr.com.
dw - oct mmvi