Orders Orders Backward Forward
Comments Comments
© 1997 The McGraw-Hill Companies, Inc. All rights reserved.
Any use of this Beta Book is subject to the rules stated in the Terms of Use.

Chapter 3

Manipulating the Registry Indirectly

This section discusses the different methods of modifying parameters in the registry through applications. We will also discuss those parameters that are modified by common front-end applications such as the Control Panels. Methods of modifying per-user registry parameters are discussed using system policies and user profiles. Often it may become necessary to use the registry as a means of controlling a user's environment. This chapter will address this issue as well

Viewing Configuration using WinMSD

Windows NT Diagnostics

Figure 3-1

Figure 3-1: Windows NT Diagnostics (WINMSD.EXE)

Windows NT Diagnostics, shown above in Figure 3-1, allows an administrator to gather hardware and operating system parameters for troubleshooting, reporting, and configuration management. Windows NT Diagnostics can also read and display registry data about the system resources used by drivers. Once you have opened the Windows NT Diagnostics dialog box, you can then click a tab to display data from the Registry in an easily readable format.

It is important to understand that Registry entries cannot be edited by using Windows NT Diagnostics, so the Registry contents are protected while you browse for information. However, you can select and copy any value if you want to paste information by using Registry Editor or a text editor.

Figure 3-2

Figure 3-2: Report Options within WinMSD

When managing inventory, hardware is probably the most crucial asset to track - especially internal components such as storage devices, hard drives, CPU's, BIOS, and video boards. Windows NT Diagnostics takes information from the following major registry keys:

HKEY_LOCAL_MACHINE\Hardware
HKEY_LOCAL_MACHINE\System\CurrentControlSet

It also takes dynamic system information such as memory loads, service and device states and reports their statistics. The areas reported in WinMSD include:

Figure 3-3

Figure 3-3: IRQ resources viewed in WinMSD

Remember that most hardware component information is stored as binary data, and can be displayed in Registry Editor in hexadecimal or binary format. The Windows NT Diagnostics program (WINMSD.EXE) displays a great deal of this information in an easy-to-read format.

Manipulating Indirectly via Applications

The Control Panels

Figure 3-4

Figure 3-4: The Control Panels

The Control Panel is an excellent and SAFE way to modify the Registry. There are three basic types of applets within the Control Panel. They are:

The following table lists the major Control Panel applets and their type:

Table 3-1: Control Panel Applets
Control Panel
Type
Primary Registry Hive
Add/Remove ProgramsSystem-Specific HKEY_LOCAL_MACHINE\SOFTWARE
ConsoleUser-Specific HKEY_CURRENT_USER
Date/TimeSystem-Specific BIOS and HKEY_LOCAL_MACHINE\

SOFTWARE

DevicesSystem-Specific HKEY_LOCAL_MACHINE\SYSTEM
DisplayUser-Specific and System-Specific HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE\SYSTEM
FontsSystem-Specific HKEY_LOCAL_MACHINE\SOFTWARE
KeyboardSystem-Specific and User Specific HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE\SOFTWARE
ModemsSystem-Specific HKEY_LOCAL_MACHINE\SYSTEM
MouseSystem-Specific and User Specific HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE\SOFTWARE
MultimediaSystem-Specific and User Specific HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE\SOFTWARE
NetworkSystem-Specific HKEY_LOCAL_MACHINE\SYSTEM and HKEY_LOCAL_MACHINE\SOFTWARE
PC CardSystem-Specific HKEY_LOCAL_MACHINE\SYSTEM
PortsSystem-Specific HKEY_LOCAL_MACHINE\SYSTEM
Regional SettingsSystem-Specific and User Specific HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE\SOFTWARE
SCSI AdaptersSystem Specific HKEY_LOCAL_MACHINE\SYSTEM
ServicesSystem Specific HKEY_LOCAL_MACHINE\SYSTEM
SoundsUser-Specific HKEY_CURRENT_USER
SystemSystem-Specific and User Specific HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE\SOFTWARE and HKEY_LOCAL_MACHINE\SYSTEM
Tape DevicesSystem-Specific HKEY_LOCAL_MACHINE\SYSTEM
TelephonyUser-Specific and System-Specific HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE\SOFTWARE
UPSSystem-SpecificHKEY_LOCAL_MACHINE\SYSTEM


Registry Keys Manipulated via the Control Panel

The amazing aspect of the registry is the fact that even though most users do not ever actually work inside the registry, they indeed manipulate it using applications. For lack of a better term, I will use the term "front-end" application. The most common examples are those applications we mentioned previously - the Control Panel applications. In the earlier table, we see which control panels are per-user, and which ones are per-computer. I will now begin to dive into some interesting individual keys that are actually manipulated using the control panels.

The System Control Panel

In the System applet of Control Panel, there is a Recovery dialog box where an administrator makes settings that control what happens in the event of a system lock-up. This section describes values for the Recovery dialog box, found in the following Registry path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl

AutoReboot

This is a REG_DWORD data type that can have a value of 0 or 1. This specifies whether the system is to automatically reboot upon failure or to lock-up.

The default is 1 (enabled) for Windows NT Server and 0 (disabled) for Windows NT Workstation.

CrashDumpEnabled

This is a REG_DWORD data type that can have a value of 0 or 1

This specifies whether debugging information is to be written to a log file.

The default is 1 (enabled) for Windows NT Server, 0 (disabled) for Windows NT Workstation.

DumpFile

This is a REG_EXPAND_SZ value that contains a path and file name. The default is %Systemroot%\MEMORY.LOG. This specifies the file for which debugging information is to be written.

LogEvent

This is a REG_DWORD with a range of 0 or 1. The default is 1 (enabled) for Windows NT Server, 0 for Windows NT Workstation. This tells the system to write events to the system event log.

Overwrite

This is a REG_DWORD with a range of 0 or 1. The default is 1 (enabled) for Windows NT Server, 0 (disabled) for Windows NT Workstation. This specifies whether an existing log file is to be overwritten by the new one.

SendAlert

This is a REG_DWORD with a range of 0 or 1. The default is 1 (enabled) for Windows NT Server, 0 (disabled) for Windows NT Workstation. This controls whether an administrative alert is sent. If Overwrite is disabled and the LogEvent is enabled, the system displays a message saying that the log is full, and all further log attempts are ignored. If this is unacceptable, create the CrashOnAuditFail value (REG_DWORD) in the following Registry path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

After setting CrashOnAuditFail to 1, when a log attempt fails, the system will halt and not reboot.

The Display Control Panel

Color Options

Color Schemes are popular Display settings that are modified indirectly. Their registry key parameters are located under the colors subkey. The Colors subkey specifies the color as a series of three numbers for each area of the Windows screen, in the following Registry path:

HKEY_CURRENT_USER\Control Panel\Colors

Each entry has a REG_SZ data type. The following lists the defaults for each entry under the Colors subkey:

Table 3-2: Color Option Codes
COLOR OPTION CODE
ActiveBorder192 192 192
ActiveTitle0 0 128
AppWorkSpace255 255 255
Background255 255 255
ButtonFace192 192 192
ButtonHilight255 255 255
ButtonShadow128 128 128
ButtonText0 0 0
GrayText128 128 128
Hilight0 0 128
HilightText255 255 255
InactiveBorder192 192 192
InactiveTitle192 192 192
InactiveTitleText0 0 0
Menu255 255 255
MenuText0 0 0
Scrollbar192 192 192
TitleText255 255 255
Window255 255 255
WindowFrame0 0 0
WindowText0 0 0

Color Schemes

The entries in the Color Schemes subkey define the colors for each element of specific color schemes, as set by choosing the Color icon in Control Panel. These entries appear under the following Registry path:

HKEY_CURRENT_USER\Control Panel\Color Schemes

The Current subkey specifies the current color scheme, based on those listed in the Color Schemes subkey.

The Custom Colors subkey defines the custom colors in the color palette, as set by choosing the Color icon in Control Panel. The entries are designated ColorA through ColorP, and all have the value FFFFFF by default.

Each entry in these subkeys has a REG_SZ data type.

The following Table shows their scheme codes:

Table 3-3: Scheme Codes
Arizona804000,FFFFFF,FFFFFF,0,FFFFFF,0,808040,C0C0C0,FFFFFF,4080FF,C0C0C0,0,C0C0C0,C0C0C0,808080,0,808080,808000,FFFFFF,0,FFFFFF
Black Leather Jacket0,C0C0C0,FFFFFF,0,C0C0C0,0,800040,808080,FFFFFF,808080,808080,0,10E0E0E0,C0C0C0,808080,0,808080,0,FFFFFF,0,FFFFFF
Bordeaux400080,C0C0C0,FFFFFF,0,FFFFFF,0,800080,C0C0C0,FFFFFF,FF0080,C0C0C0,0,C0C0C0,C0C0C0,808080,0,808080,800080,FFFFFF,0,FFFFFF
Cinnamon404080,C0C0C0,FFFFFF,0,FFFFFF,0,80,C0C0C0,FFFFFF,80,C0C0C0,0,C0C0C0,C0C0C0,808080,0,808080,80,FFFFFF,0,FFFFFF
Designer7C7C3F,C0C0C0,FFFFFF,0,FFFFFF,0,808000,C0C0C0,FFFFFF,C0C0C0,C0C0C0,0,C0C0C0,C0C0C0,808080,0,C0C0C0,808000,0,0,FFFFFF
Emerald City404000,C0C0C0,FFFFFF,0,C0C0C0,0,408000,808040,FFFFFF,408000,808040,0,C0C0C0,C0C0C0,808080,0,808080,8000,FFFFFF,0,FFFFFF
Fluorescent0,FFFFFF,FFFFFF,0,FF00,0,FF00FF,C0C0C0,0,FF80,C0C0C0,0,C0C0C0,C0C0C0,808080,0,808080,0,FFFFFF,0,FFFFFF
Hotdog StandFFFF,FFFF,FF,FFFFFF,FFFFFF,0,0,FF,FFFFFF,FF,FF,0,C0C0C0,C0C0C0,808080,0,808080,0,FFFFFF,FFFFFF,FFFFFF
LCD Default Screen Settings808080,C0C0C0,C0C0C0,0,C0C0C0,0,800000,C0C0C0,FFFFFF,800000,C0C0C0,0,C0C0C0,C0C0C0,7F8080,0,808080,800000,FFFFFF,0,FFFFFF
LCD Reversed - Dark0,80,80,FFFFFF,8080,0,8080,800000,0,8080,800000,0,8080,C0C0C0,7F8080,0,C0C0C0,800000,FFFFFF,828282,FFFFFF
LCD Reversed - Light800000,FFFFFF,FFFFFF,0,FFFFFF,0,808040,FFFFFF,0,C0C0C0,C0C0C0,800000,C0C0C0,C0C0C0,7F8080,0,808040,800000,FFFFFF,0,FFFFFF
Mahogany404040,C0C0C0,FFFFFF,0,FFFFFF,0,40,C0C0C0,FFFFFF,C0C0C0,C0C0C0,0,C0C0C0,C0C0C0,808080,0,C0C0C0,80,FFFFFF,0,FFFFFF
MonochromeC0C0C0,FFFFFF,FFFFFF,0,FFFFFF,0,0,C0C0C0,FFFFFF,C0C0C0,C0C0C0,0,808080,C0C0C0,808080,0,808080,0,FFFFFF,0,FFFFFF
Ocean808000,408000,FFFFFF,0,FFFFFF,0,804000,C0C0C0,FFFFFF,C0C0C0,C0C0C0,0,C0C0C0,C0C0C0,808080,0,0,808000,0,0,FFFFFF
PastelC0FF82,80FFFF,FFFFFF,0,FFFFFF,0,FFFF80,FFFFFF,0,C080FF,FFFFFF,808080,C0C0C0,C0C0C0,808080,0,C0C0C0,FFFF00,0,0,FFFFFF
Patchwork9544BB,C1FBFA,FFFFFF,0,FFFFFF,0,FFFF80,FFFFFF,0,64B14E,FFFFFF,0,C0C0C0,C0C0C0,808080,0,808080,FFFF00,0,0,FFFFFF
Plasma Power Saver0,FF0000,0,FFFFFF,FF00FF,0,800000,C0C0C0,0,80,FFFFFF,C0C0C0,FF0000,C0C0C0,808080,0,C0C0C0,FFFFFF,0,0,FFFFFF
RugbyC0C0C0,80FFFF,FFFFFF,0,FFFFFF,0,800000,FFFFFF,FFFFFF,80,FFFFFF,0,C0C0C0,C0C0C0,808080,0,808080,800000,FFFFFF,0,FFFFFF
The Blues804000,C0C0C0,FFFFFF,0,FFFFFF,0,800000,C0C0C0,FFFFFF,C0C0C0,C0C0C0,0,C0C0C0,C0C0C0,808080,0,C0C0C0,800000,FFFFFF,0,FFFFFF
Tweed6A619E,C0C0C0,FFFFFF,0,FFFFFF,0,408080,C0C0C0,FFFFFF,404080,C0C0C0,0,10E0E0E0,C0C0C0,808080,0,C0C0C0,8080,0,0,FFFFFF
ValentineC080FF,FFFFFF,FFFFFF,0,FFFFFF,0,8000FF,400080,FFFFFF,C080FF,C080FF,0,C0C0C0,C0C0C0,808080,0,808080,FF00FF,0,FFFFFF,FFFFFF
Wingtips408080,C0C0C0,FFFFFF,0,FFFFFF,0,808080,FFFFFF,FFFFFF,4080,FFFFFF,0,808080,C0C0C0,808080,0,C0C0C0,808080,FFFFFF,0,FFFFFF

Desktop Patterns

Desktop Pattern Settings can be established under the following subkey:

HKEY_CURRENT_USER\Control Panel\Patterns

The Patterns subkey contains entries that define the color values for the bitmap patterns, as set by choosing the Desktop icon. Each value is a set of eight numbers, corresponding to the colors in the eight basic elements of the pattern.

Each entry has a REG_SZ data type.

The following table shows the default colors for the default patterns:

Table 3-4: Code entries for Desktop Patterns
50% Gray170 85 170 85 170 85 170 85
Boxes127 65 65 65 65 65 127 0
Critters0 80 114 32 0 5 39 2
Diamonds32 80 136 80 32 0 0 0
Paisley2 7 7 2 32 80 80 32
Pattern224 128 142 136 234 10 14 0
Quilt130 68 40 17 40 68 130 1
Scottie64 192 200 120 120 72 0 0
Spinner20 12 200 121 158 19 48 40
Thatches248 116 34 71 143 23 34 113
Tulip0 0 84 124 124 56 146 124
Waffle0 0 0 0 128 128 128 240
Weave136 84 34 69 136 21 34 81

Screen Saver Settings

Screen Saver Settings can be found under the following key:

HKEY_CURRENT_USER\Control Panel\ScreenSaverName

The various Screen Saver subkeys define user preferences for specific screen savers. All entries have a REG_SZ data type. The following list details the default entries under the Screen Saver subkeys.

Screen Saver.Marquee

Screen Saver.Mystify

Screen Saver.Stars

Cursor Settings

The Registry Location for Cursors determine which Cursor Schemes will be used by the user. The location is as follows:

HKEY_CURRENT_USER\Control Panel\Cursor

The Cursor subkey contains entries that specify the .ANI or .CUR files containing custom cursors defined using the Cursor icon in Control Panel. There are no entries in this key unless the user changes cursor styles in Control Panel. All data types are REG_SZ. The following lists the names for possible default entries:

Table 3-5: Possible Cursor Scheme Entries
· 3-D Bronze · 3-D White
· AppStarting · Arrow
· Conductor · CrossHair
· Dinosaur · Hands 1 or 2
· IBeam · Magnified
· No · Old Fashioned
· SizeAll · SizeNESW
· SizeNS · SizeNWSE
SizeWEVariations
WaitWindows Animated
Windows Default

Other Desktop Preferences

Registry path:

HKEY_CURRENT_USER\Control Panel\Desktop

AutoEndTasks

This Value has a data type of REG_SZ and can have a range of 0 or 1. The default is 0 (disabled). This value determines whether user processes are ended automatically when the user logs off or stops Windows NT. If the value of this entry is 1 (or other than 0), processes are ended automatically. If it is set to 0, the system waits until the process ends and, if the process exceeds the timeout threshold (HungAppTimeout), the End Task dialog box appears stating that the application cannot respond to the End Task request.

BorderWidth

This value has a data type of REG_SZ and can have a range of 1 through 49. The default value is 3. This value sets the width of the borders around all the windows that have sizable borders. The possible range is 1 (narrowest) to 49 (widest). This value entry does not appear in the Registry unless you add it.

CoolSwitch

This value has a data type of REG_SZ. It is a value entry that is not supported in Windows NT 4.0 . In previous versions of Windows NT, it determined whether fast task switching (ALT+TAB ) was enabled or disabled. In Windows NT 4.0, fast task switching is always enabled. You need not remove this value entry from your registry; it is ignored by the system.

CoolSwitchColumns

This value has a data type of REG_SZ. It range contains a number of columns. The default value is 7. This value determines how many columns of icons can appear in the Fast Switch (ALT+TAB) dialog box.

CoolSwitchRows

This value has a data type of REG_SZ. The range contains a number of rows. The default is 3. This value determines how many rows of icons can appear in the Fast Switch (ALT+TAB) dialog box.

CursorBlinkRate

This value is REG_SZ and its range is determined in milliseconds. The default value is 530. This value indicates how much time elapses between each blink of the selection cursor. To change this value, double-click the Keyboard icon in Control Panel, click the Speed tab, then use the sliding pointer in the Cursor blink rate box.

DragFullWindows

This value has a data type of REG_SZ. The range is either 0 (Disabled) or 1 (Enabled). The default value is 1 (Enabled). This value determines what is displayed while users drag a window. If the value of this entry is 1, the entire window and its contents move as it is dragged. If it is 0, the only the window rectangle moves as the window is dragged. To enable or disable this feature, double-click the Display icon in Control Panel, click the Plus! Tab, then click the Show window contents while dragging check box in the Visual settings box.

DragHeight

This value has a data type of REG_SZ and its range is determined in pixels. The default value is 2. This determines the height of the rectangle used to detect the start of a drag operation. 2 will be sufficient for most screens however it may be wise to increase this to four or five on displays with a higher degree of resolution.

DragWidth

This value has a data type of REG_SZ and its range is too determined in Pixel units. The default is 2. Determines the width of the rectangle used to detect the start of a drag operation. The same guidelines for DragHeight apply to this value as well.

FontSmoothing

This value has a data type of REG_SZ and can have a range of 0 (Disabled) or 1 (Enabled). The default value is 0. This value determines whether the edges of large fonts are painted in different shades of Grey to make the font look smoother. To enable or disable font smoothing, double-click the Display icon in Control Panel, click the Plus! Tab, then click the Smooth edges of screen fonts check box in the Visual Settings box.

GridGranularity

This value has a data type of REG_SZ and can have a range of 0 - 49 The default value is 0. This value specifies the size of the grid used to position windows on the screen. The possible range is 0 through 49, in units of 8 pixels.

HungAppTimeout

This value has a data type of REG_SZ and its range is determined in milliseconds (msec). The default value is 5000. This determines how long the system waits for user processes to end in response to the End Task button command in Task Manager. If this threshold is exceeded, the End Task dialog box appears stating that the process did not respond or, if AutoEndTasks is enabled, the system ends the process automatically.

MenuShowDelay

This is a very popular hidden setting. This value has a data type of REG_SZ and its range is too determined in milliseconds (msec). The default value is 400. This value determines how long after the cursor is pointed at a menu that the menu items drop down.

WaitToKillAppTimeout

This value has a data type of REG_SZ. Like the previous entries, its range is determined in milliseconds. The default value is 20000. This value determines how long the system waits for user processes to end after the user attempts to log off or to shut down Windows NT. If this threshold is exceeded, the End Task dialog box appears stating that the process did not respond or, if AutoEndTasks is enabled, the system ends the process automatically.

WheelScrollLines

This value has a data type of REG_SZ yet its range is determined using Hexadecimal numbers. The range is from 0 to 0xFFFFFFFF. The default value is 3. This value determines the number of lines scrolled for each rotation of the mouse wheel on a Microsoft IntelliMouse™ when no modifier keys (such as CTRL or SHIFT) are pressed. If the value of this entry is 0, the screen will not scroll when the mouse wheel is turned. If the value of this entry is greater than the number of lines visible in the window, the screen will scroll up or down by one page. To direct Windows NT to interpret all wheel rotations as page-up or page-down commands, set the value of this entry to 0xFFFFFFFF.

TileWallpaper

This value has a data type of REG_SZ and its range is either 0 or 1. The default value is 0. This value specifies that the desktop wallpaper is tiled across the screen if this value is 1, or centered if this value is 0.

Note: You can use the System Policy Editor to change this value.

Wallpaper

This value has a data type of REG_SZ and its range is actually a bitmap filename. The default is (None) (This string appears when no pattern is specified.) This value supplies the filename for the bitmap on the screen background. Include the path if the file is not in the %SystemRoot% or %SystemRoot%\SYSTEM32 directory.

Note: You can use the System Policy Editor to change this value.

ScreenSaveActive

This value has a data type of REG_SZ and its range is either 0 or 1. The default value is 0. This specifies whether a screen saver should be displayed if the system is not actively being used. Set this value to 1 to use a screen saver; 0 turns off the screen saver.

ScreenSaverIsSecure

This value has a data type of REG_SZ and can have a value of either 0 or 1 with a default of 0. This value specifies whether a password is assigned to the screen saver.

ScreenSaveTimeOut

This value has a data type of REG_SZ and its range is determined in seconds. The default value is 900 (15 minutes.) This value specifies the amount of time that the system must be idle before the screen saver appears.

SCRNSAVE.EXE

This value has a data type of REG_SZ and it designates a file name for the screen saver. The default is (None). This specifies the screensaver executable filename.

IconHorizontalSpacing

This value has a data type of REG_SZ. Its range is determined in pixels. The default is 60. This value specifies the width of an icon cell, in numbers of pixels.

IconSpacing

This value has a data type of REG_SZ. Its range is also in pixels. The default is 75. This value specifies the number of pixels that appear horizontally between icons. A larger number increases the space between icons.

IconTitleFaceName

This value has a data type of REG_SZ. The range is a fontname. The default: Helv for Helvetica. This value specifies the font used to display icon titles. Change this value if the icon title is difficult to read.

IconTitleSize

This value has a data type of REG_SZ and its range is determined by font size. The default value is 9. This specifies the size of the font used to display icon titles. Change this value if the icon title is difficult to read.

IconTitleStyle

This value has a data type of REG_SZ and its range is unknown. The default however is 0. I have no idea whatsoever what this means. I do not think anybody does.

IconTitleWrap

This value has a data type of REG_SZ and its range is either 0 or 1. The default is 1. This specifies whether to wrap icon titles. A value of 1 allows icon title wrapping and increases icon vertical spacing by three lines; 0 turns off icon title wrapping.

IconVerticalSpacing

This value has a data type of REG_SZ and its range is determined in pixels. The default value is 60. This specifies the height of an icon cell.

Environment Variables

The Environment subkey contains the user environment variables, as defined by choosing the System icon in Control Panel. Changes to these variables take effect the next time a non-Windows NT-based application is run or the command prompt is used. The registry path in which these values are stored are found in:

HKEY_CURRENT_USER\Environment

The default is the environment variables defined in the user's profile at startup.

Extensions

Commonly known as associations, the Extensions subkey identifies personal preferences for document files with corresponding command lines, so that opening a document file in Windows Explorer or File Manager automatically starts the application. The extensions are found in the following Registry path:

HKEY_CURRENT_USER\Software	\Microsoft\Windows NT\CurrentVersion\Extensions

The following default entries are defined. All have a REG_SZ data type.

Table 3-6: Extension Association Entries
Extension Association
Bmppbrush.exe ^.bmp
crdcardfile.exe ^.crd
ininotepad.exe ^.ini
pcxpbrush.exe ^.pcx
recrecorder.exe ^.rec
trmterminal.exe ^.trm
txtnotepad.exe ^.txt
wriwrite.exe ^.wri

The extension information for all users can be viewed and modified in HKEY_CLASSES_ROOT. This is where you will find the filetypes and extension information for Windows Explorer and File Manager.

Multimedia and Sound Entries for Users

Values related to user preferences for multimedia items in Control Panel are found in the following Registry path:

HKEY_CURRENT_USER\Control Panel

It is recommended that all changes should be made using the Devices, Drivers, MIDI Mapper, and Sound icons in Control Panel. The following lists the default entries. All are REG_SZ data types.

Table 3-7: General Multimedia Entries and their default values:
Value Default
H230
NumApps20
W442
X88
Y84

Table 3-8: Sound Entries
ValueDefault
Beepyes
Enable1
SystemAsteriskchord.wav,Asterisk
SystemDefaultding.wav,Default Beep
SystemExclamationchord.wav,Exclamation
SystemExitchimes.wav,Windows Logoff
SystemHandchord.wav,Critical Stop
SystemQuestionchord.wav,Question
SystemStarttada.wav,Windows Logon

Network Administration Entries for Users

The Network Client Administrator

The Network Client Administrator (NCADMIN.EXE) is an application found only on Windows NT Server. It is used to create client diskettes that are pre-configured to participate in a Windows NT Server-based domain. This utility can also be used to set up client based administrative tools for both NT Workstation and Windows '95. The following Registry path contains values used by administrators to remember the last server and client share points used by the NCADMIN.EXE application between executions:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Network\NCAdmin

LastClientServer

This value has a data type of REG_SZ and contains a range from 0 to 15 characters. The default value is (none). This value remembers the last server used for the creation of network client installation disks or Over the Network Installation startup disks.

LastClientSharepoint

This value has a data type of REG_SZ and has two possible ranges: 0 to 8 characters (MS-DOS) or 0 to 80 characters (Windows NT). The default value is (none). This value remembers the last share used for the creation of network client installation disks or Over the Network Installation startup disks.

LastToolsServer

This value has a data type of REG_SZ. The range is from 0 to 15 characters. The default is (none). This value remembers the last server that referenced the network administration tools directory path.

LastToolsSharepoint

This value has a data type of REG_SZ. Like the previous entry, it too has two possible ranges: 0 to 8 characters (MS-DOS), or 0 to 80 characters (Windows NT). The default is (none). This remembers the last share that referenced the network administration tools directory path. One important point to consider is that the LastToolsSharepoint plus LastToolsServer must be less than MAX_PATH - 3. (The 3 accounts for the two backslashes (\) at the beginning of the path and the one between the server and the share.) This same rule applies to LastClientSharepoint and LastClientServer.

Characters may be any legal UNICODE characters that can be used in a server or share name. The NCAdmin key and these values do not appear until NCAdmin has been run at least once by the current user.

Network Connection Entries for Users

The following Registry path contains the list of specific shares to reconnect when the user logs on:

HKEY_CURRENT_USER\Network

The Network subkey does not appear unless you are connected to a shared directory when the Reconnect At Logon option was checked in Windows Explorer or File Manager. There is a subkey for each shared directory to be reconnected at system startup. The name of the subkey is the drive-letter designated for the connection. Each such subkey can contain the following entries:

ConnectionType

This entry has a data type of REG_DWORD. The default value is 0x1.

ProviderName

This has a data type of REG_SZ for each connection, there is a provider service. The range is actually the network name. The expected and common one is the Microsoft Windows Network.

RemotePath

This entry has a data type of REG_SZ and the data is the UNC (Universal Naming Convention) path to the network share. This follows the syntax \\server\sharename.

UserName

This field has a data type of REG_SZ and this will contain the name of the user that is used to authenticate the share. By default, there is no entry because the currently logged on user name is assumed. This specifies the username under which connection was made to the shared directory if a name was added to the Connect As box in the Connect Network Drive dialog box in Windows Explorer or File Manager.

User Preferences for Administrative Utilities

As administrators use different utilities to manage an NT Workstation, Server, and/or Domain, specific preferences for these administrative tools will be stored in the user's profile along with the other information we have already mentioned.. The following path contains subkeys with settings for user preferences related to Event Viewer, Server Manager, User Manager, and User Manager for Domains:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network

The following tables summarize the default settings in the Network subkeys. All entries have REG_SZ data types.

Table 3-9: User Preferences for the Event Viewer:
Value Name
Default
Filter(as chosen in the Filter dialog box)
Find: (string from Find dialog box)
FontFaceName(none)
FontHeight0
FontItalic0
FontWeight0
IfNT1 (focused on Windows NT server)
LogType0 (system); 1 (security); 2 (application); 4 (read from a file)
SaveSettings1
SortOrder0 (new events first); 1 (old events first)
Window132 126 504 282 0 (position and minimize)

Table 3-10: User Preferences for the Server Manager:
Value Name
Default
AccountsOnly0 (default if Show Domain Members Only is not set, otherwise 1)
FontFaceName(none)
FontHeight0
FontItalic0
FontWeight0
SaveSettings1
View(default is 2 for Low Speed Connection, otherwise 3) (0 means View using extension DLL specified in key ViewExtension; 1 means view workstations only; 2 means view servers only; and 3 means view workstations and servers)

Table 3-11: User Preferences for the User Manager:
Value Name
Default
FontFaceName(none)
FontHeight0
FontItalic0
FontWeight0
ListBoxSplit500
SaveSettings1
Window132 126 504 282 0 (position and minimize)

Table 3-12: User Preferences for the User Manager for Domains:
Value NameDefault
Confirmation1
FontFaceName(none)
FontHeight0
FontItalic0
FontWeight0
GroupCommentsCutoffMsec(none)
ListBoxSplit667
SaveSettings1
SortOrder0 (for sort by full name)
Window132 126 504 282 0 (position and minimize)

All of these applications have common parameters, meaning they have identical entries that affect each application or its environment in the same way. The following defines most of the common parameters for these applications:

HKEY_CURRENT_USER\SOFTWARE\Microsoft	\Windows NT\CurrentVersion\Network\<ApplicationName>

Confirmation

This entry has a data type of REG_SZ and its value is determined with a Boolean expression. This entry specifies whether the application requests user confirmation for actions such as deletions or other value changes.

FontFaceName

This value has a data type of REG_SZ and it value is a specified name. There is no default. This specifies font to use in the application main window, for example, Times New Roman.

FontHeight

This value has a data type of REG_SZ and its range is a number to specify height. The default is 0 (normal). This specifies point size of font in the application main window.

FontItalic

This has a data type of REG_SZ and can have a range of 0 or 1. The default is 0 (normal). This specifies normal (0) or italic (1) font style in the application main window.

FontWeight

This has a data type of REG_SZ and can have a range from 0 to 900. The default is 0. This specifies the font weight (thin to heavy) of the font used in the application main window, where 400 is normal, 700 is bold, and 900 is heavy.

GroupCommentsCutoffMsec

This value has a data type of REG_SZ and its range is determined in number of milliseconds. The default is (none). Separate remote API calls must be made for each group comment, which many are excessively slow for some installations. Setting this value to greater than zero suppresses the loading of local group comments (and global group comments against a non-Windows NT target), if loading the user list took more than the defined number of milliseconds. Set this value lower if you experience long User Manager for Domains startup, listbox refresh, or heavy network traffic over slow links.

ListBoxSplit

This value has a data type of REG_SZ and its range is determined in a number from 0 to 1000. The default is 667 (That is, the top two-thirds of the display is given to the user listbox.) In User Manager and User Manager for Domains only, specifies the vertical space (in thousandths) devoted to the user listbox as opposed to the group listbox.

SaveSettings

This value has a data type of REG_SZ and its range is determined in a boolean expression. This specifies whether options selected in the application are saved when the application is closed.

SortOrder

This value has a data type of REG_SZ and its range is determined as a Boolean expression. This value specifies the sort order followed by the application, where 1 specifies sort by username, and 0 specifies sort by full name.

Window

This value has a data type of REG_SZ and its range is determined by Pixel location for window. This value specifies window location when application was last closed as four numbers plus 1 or 0 to indicate whether the window was iconized. The Persistent Connections subkey contains entries that control the restoration of network connections, under this Registry path:

HKEY_CURRENT_USER\SOFTWARE\Microsoft	\Windows NT\CurrentVersion\Network\Persistent Connections

DriveMappingLetter

This value has a data type of REG_SZ and its range is determined by designating a UNC sharename. An entry appears for each connection to a shared network directory.

Order

This value has a data type of REG_SZ and its range is determined by drive-letter order. This parameter specifies the order for the shared directory connections.

SaveConnections

This value has a data type of REG_SZ and its range is either Yes or No. The default is yes. This contains the value set by the Reconnect At Logon check box in the Connect Network Drive dialog box in Windows Explorer or File Manager.

The following additional parameters are found in this Registry path:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\World Full Access Shared Parameters

ExpandLogonDomain

This value has a data type of REG_SZ and its range is either Yes or No. The default value is Yes. This specifies whether the Shared Directories list is expanded by default in the Connect Network Drive dialog box. This is the value set in the Connect Network Drive dialog box in Windows Explorer or File Manager by checking the Expand By Default check box.

The following additional parameter is found in the following Registry path:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\SMAddOns

.DLL Name

This value has a data type of REG_SZ and its range is a String. The default value is (none). This contains a pointer to Server Manager extension .DLLs used to augment RAS.

The following parameter is used by the Windows NT administrative applications:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Shared Parameters

Slow Mode

This value has a data type of REG_SZ and its range is determined as a string to close and far domains and domain controllers. The default string is "CLOSEDOMAIN;h;FARDOMAIN;l;\\CLOSEMACHINE;h;\\FARMACHINE;1"

Stores information about which servers and domains are across a Low Speed Connection. User Manager for Domains, Server Manager, and Event Viewer read this information unless explicitly told whether to start in Low Speed Connection mode. The cache is updated each time one of these applications is started or set to a new, nonlocal focus, or when the user explicitly changes the Low Speed Connection setting. This is an LRU cache of up to 20 focus targets. The first entry is the most recently used. This is a shared state between users, so if one user changes the cached setting for a target focus, other users get that setting by default.

SortHyphens

This entry has a data type of REG_DWORD and can have a range of 0 or 1. The default value is 0. This value specifies whether to ignore hyphens when sorting lists alphabetically in some applications. For example, set SortHyphens to 1 (true) if you want "a-test" to sort after "Administrator". The default setting of 0 (false) causes the hyphen to be ignored, and "a-test" would sort before "Administrator."

In addition to these executables, the base sort order of the Control Panel tools for customizing network settings (NCPA.CPL), server, services, and devices (SRVMGR.CPL), and the FTP server services (FTPMGR.CPL) can be controlled as well.

Using User Profiles to Modify Registries

User Profiles

Windows NT maintains the desktop and shell environment settings for each individual user in a file referred to as user profile. User profiles are a collection of information about a user's environment and preferences, maintained so that each user has a consistent interface displayed each time they log into a Windows NT computer.

When we use the control panel and make changes using those applications that edit user-specific settings, we are indeed, making changes to our user profile.

User profiles automatically create and maintain the desktop settings for each user's work environment on the local computer. These profiles are created for each user when they log into any computer for the first time.

Profile contents consist of:

Benefits of User Profiles

User profiles can provide many benefits to both users and administrators. Each user views their desktop settings as they existed when they last logged off. Many users can use the same computer, and each one receives their own customized desktop when logging in. When using roaming profiles, a user will have their profile available at any Windows NT computer at which they logon.

For the administrator, customized user profiles can be created and assigned to users to provide consistent work environments. Administrators can make profiles mandatory, which will prevent users from changing any settings.

Types of User Profiles

There are three types of user profiles:

Local Profiles

These are profiles that are specific to each computer. A user who creates a local profile on a particular computer can only access that profile while logged on to that specific computer.

Roaming Profiles

These are profiles that can be accessed from any computer. A user who creates a roaming profile, can logon at any computer and access the profile.

Mandatory Profiles

These are pre-configured, roaming profiles that cannot be changed by the user. They are typically assigned to a person or a group of people for whom a common interface is required.

Settings Saved in User Profiles

Each user profile contains configuration preferences and options for each user in addition to the user's desktop environment.

Source Parameters saved:

The Explorer Shell - All user-definable settings for Windows NT Explorer as well as persistent network connections.

Taskbar - All personal program groups and their properties, all program items and their properties, and all Taskbar settings.

Printer Settings - Network printer connections

Control Panel - All user-defined settings made in Control Panel.

Accessories - All user-specific application settings that affect the Windows NT environment including utilities such as Calculator, Clock, Notepad, Paint and HyperTerminal, among others.

Help Bookmarks - Any bookmarks placed in the Windows NT Help System.

Structure of a User Profile

User profiles have two main parts: a directory, which maintains shortcuts, and a data file, which keeps a copy of the registry settings specific to the user. Together, these maintain all settings tracked for an individual, which can be used any time that user logs into the computer.

All profile information can be viewed by viewing the \%SystemRoot%\profiles folder.

Figure 3-5

Figure 3-5: User Profile Locations

A profile called Default User is created during the Microsoft® Windows NT installation process. Each time a new user logs onto a computer running Windows NT, a profile is created for the user by copying the default user profile. The default user profile is copied into a folder for the user, and then any modifications the user makes are saved to this profile.

Folders and Their Purpose

The Profile Registry File

In addition to maintaining information about shortcuts and desktop items, information about a user's individual registry settings must also be stored.

For each user, a file called NTUSER.DAT is created within the user's profile folder. This file is a cached copy of the Windows NT Registry HKEY_CURRENT_USER sub-tree on the local computer. This portion of the registry maintains information about the computer's configuration such as the installed software, environment settings, and other user specific information.

In addition to the registry file, Windows NT also maintains a file in each profile titled NTUSER.DAT.LOG. This file is a transaction log of recent changes made by the user. That is, any time the owner of a profile modifies settings, the change is entered into the NTUSER.DAT.LOG file. When logging out of Windows NT, the changes are applied to the NTUSER.DAT file. In the event there are problems that prevent the changes from being applied, the log file will keep the changes until next logon, when the changes can be applied.

All Users Folder

In addition to the Default User profile, Windows NT also maintains a folder titled All Users. The All Users folder maintains a listing of common program groups that have been created on the computer.

Identical Login Names

If a user logs in with two different Windows NT user accounts with the same user name, (for instance, a local user account and a domain user account that have the same name), multiple profiles will be created for the user. By default, the first profile created will be the user's Windows NT user name. Subsequent logons with a different user account but the same user name will result in a new profile created with 000 appended to the name.

Multiple profiles are created based on the Security Identifier (SID) of the user logging on. The counter 000 that is appended will be incremented by 1 for each profile that is created.

Roaming Profiles

Roaming profiles allow a user to maintain a single profile on the network and use the profile from any computer running Microsoft Windows NT. This provides for consistent access no matter where the user is and fault tolerance in some cases.

Roaming profiles are enabled by using the User Manager for domains to specify a user profile path. By identifying this path, the user can be identified as roaming.

Once a path has been entered, an empty user profile is created for the user in the specified server location. That user can then login and any changes made to their profile will be stored on the server.

If required, a pre-configured user profile can be copied to the specified path. When the user logs on, they will then have the default settings of that profile. Profiles should be copied using the Control Panel System application.

The directories should not be copied with Explorer or File Manager. If they are, the necessary registry entries will not be created and Windows NT will not be aware of, or know, to load the profile. The profiles that Windows NT is aware of have entries in the registry under:

\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Mandatory Profiles

Mandatory profiles are pre-configured roaming profiles that cannot be updated by the user. Mandatory profiles may be useful in scenarios where the administrator requires that the profile for each user be exactly the same. Changes made by the user during any logon sessions are never saved to the original profile.

Renaming the NTUSER.DAT file to NTUSER.MAN in the profile folder and then specifying \\SERVERNAME\SHARENAME\PROFILENAME.MAN in User Manager can create mandatory profiles. It is important to note that the product documentation states that it is only necessary to name the file NTUSER.MAN. If only the administrator does this portion and the profile is available at logon, the user will still be able to logon. To prevent a user with a mandatory profile from logging on when the profile is not available, the profile path and file name must be specified in User Manager.

Creating and Maintaining User Profiles

A mandatory profile can be created from any existing profile by copying the profile and renaming the NTUSER.DAT file with a .MAN extension. Administrators may find it easier to create corresponding Microsoft® Windows NT® user accounts with each profile to maintain the profiles long term.

For example, an administrator may want a mandatory profile for all support personnel. That administrator could create a user account called Support, logon to that account, configure it as desired, and then use the Copy option in Control Panel System to copy the profile.

Future modifications to the profile are easily accomplished by logging back on to the Support account and then simply recopying the profile over the old one.

Default User Profiles

Administrators can create a default profile for all users within a domain running Microsoft Windows NT. Creating a customized user profile and copying it to the domain controllers for the domain using Control Panel System does this. After this, all users will automatically receive the user profile when they logon to the domain.

This works as follow:

Profile Access

The first time a user logs on to a computer running Microsoft Windows NT and their account has been configured for Roaming profiles, their profile will be copied from the path specified in their account to the local computer. This ensures optimum performance since access to the profile is local, rather than continual access of the profile across the network. All changes to the profile are written to the local profile and upon logoff, the profile is copied back to the server for storage.

In subsequent logons to the same computer, both profiles (local and server) are compared using date and time stamps. If the local copy of the profile is equal to the server profile, then it is used again. If the server profile is most current, it is copied to the local computer again.

In scenarios where a change is made to a profile on a local computer that is not on the network, such as a laptop, the profile can only be saved locally. The next time the user logs on when their laptop is connected to the network, the user will be notified that the local copy of the profile is more current and then must select which profile should be kept.

Slow Connections

When a user logs on over a slow link, such as over a dial-up line, the time required to access a server-stored profile may be lengthy. In such cases, a user can specify that the system uses the local copy of the profile rather than the server copy. This results in faster logon time.

When using a slow connection, a dialog box appears which allows the user to specify which profile to be used. This dialog box is displayed based on the amount of time it takes for the computer to retrieve the user profile path from the domain controller. The logon process starts a counter, requests the user profile path, and waits for a response. If the response takes longer than two seconds, the dialog box is presented to the user.

Common Problem

Sometimes when a user logs on to a workstation other than their own, the correct wall-paper is not displayed even though User Profiles is enabled. This behavior can occur when the wallpaper specified in the user's profile does not exist on the workstation they have logged on to. It can also occur when the wallpaper specified in the user's profile exists on the workstation they have logged on to, but it is not located in the same directory as it is on their local workstation. To work around this behavior, place a copy of the wallpaper file that you want to use on the workstation you are logging on to. You must place the wallpaper file in the same directory as it is on your local workstation.

Desktop Restrictions within the Registry

Desktop restrictions can be implemented by editing the following Explorer values in the registry: (all values default to 0)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

NoCommonGroups:REG_DWORD

Set it to 1 so that common program groups do not appear on the Start menu.

NoDesktop:REG_DWORD

Set it to 1 to hide all desktop icons.

NoDrives:REG_DWORD

The low order (right most) bit is drive A: while the 26th bit is Drive Z:

To hide a drive, turn on its' bit. These drives will still appear in File Manager. To remove File Manager, delete winfile.exe. If your not happy working in Hex, add these decimal number to hide the drive(s):

A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L:

2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144,

T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z:

33554432, ALL: 67108863

NoFileMenu:REG_DWORD

If set to 1, the File menu in Explorer is removed.

NoFind:REG_DWORD

Set it to 1 to remove the Find command from the Start Menu.

NoNetConnectDisconnect:REG_DWORD

A value of 1 removes the "Map Network Drive" and Disconnect Network Drive menu and right click options.

NoNetHood:REG_DWORD

Set it to 1 to remove the Network Neighborhood icon and prevent network access from explorer (it will still work from a command prompt).

NoRun:REG_DWORD

If set to 1, the Run command is removed from the Start menu.

NoSetFolders:REG_DWORD

Set it to 1 to hide Control Panel and Printers and My Computer in Explorer and on the Start Menu.

NoSetTaskbar:REG_DWORD

If set to 1, only Drag and Drop can be used to alter the Start Menu and Desktop.

The Taskbar does not appear on the Start Menu.

NoTrayContextMenu:REG_DWORD

If set to 1, menus do not display upon right click of the taskbar, start button, clock, or taskbar application icons. The entry is only available for NT 4.0 with SP 2 or greater.

NoViewContextMenu:REG_DWORD

If set to 1, menus do not display upon right click of the desktop or Explorer's results pane. The entry is only available for NT 4.0 with SP 2 or greater.

RestrictRun:REG_DWORD

Set it to 1 and only programs that you define at:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun

can be run on the Workstation.

NoClose:REG_DWORD

Set it to 1 to remove the Shut Down button from the Start Menu. This does not disable shutdown from CTRL+ALT+DEL. To totally disable a users ability to shutdown, remove the "advanced" right to "Shutdown the System" from Policies/User Rights of User Manager for Domains.

To really lock down the desktop, replace the Explorer or Progman shell with your own launcher. Edit

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell

and replace the current .exe with yourshell.exe.

System Policies

On computers running Windows NT Workstation or Windows NT Server, the contents of the user profile are taken from the user portion of the Windows NT Registry. Another portion of the registry, the local computer portion, contains configuration settings that can be managed, along with user profiles, using System Policy Editor. With this tool, you create a system policy to control user work environments and actions, and to enforce system configuration for all computers running Windows NT Workstation and Windows NT Server.

With system policy, you can control some aspects of user work environments without enforcing the restrictions of a mandatory user profile. You can restrict what users can do from the desktop; such as restrict certain options in Control Panel, customize parts of the desktop, or configure network settings.

To enforce system policy on your network, you need at least one computer on your network running Windows NT Server, configured as a primary domain controller (PDC).

Managing User Profiles Using the System Policy Editor

User profiles can be assigned to users in a much more efficient way than creating one profile, and assigning the profile to each user with User Manager. User profiles can be configured using the System Policy Editor.

System policies are restrictions an administrator can place on a computer, user, or global group. System policies are stored in the registry. User profiles are stored under the key HKEY_CURRENT_USER. Policies are viewed and modified using the System Policy Editor.

There are three kinds of policies that can be modified:

computer policies- restrictions to a particular system

user policies- restrictions for a particular user

group policies- restrictions applied to a global group

On every NT 4.0 machine, there will be a default user policy and a default computer policy, as shown in the screen above. These default policies will apply to every user or computer that does not have a specific policy assigned.

The next few pages will focus on assigning user and group profiles. A later chapter will discuss assigning of profiles for the system.

Figure 3-6

Figure 3-6: Setting Computer Settings with the System Policy Editor

Double Clicking on the Default Computer Icon in the System Policy Editor will bring up the screen above. As you can see, there are several areas that can be configured, which expand to even more detailed settings that can be configured in a user or computer profile.

Notice that for every configuration option, there are three different settings:

a checkbox means that restriction is in force

a blank box means that restriction is NOT enforced for this user

a shaded box means that this policy does not set that restriction in any way

Figure 3-7

Figure 3-7: User Profile Settings in the System Policy Editor

User Profile Settings in System Policy Editor

The next few pages will list of all available settings for controlling User Profiles via the Registry using the System Policy Editor. When applicable, the registry keys that are modified are included.

Display Control Panel

Restrict user's access to Display Control Panel

This particular restriction gives the administrator many options. These options can be manipulated by going to the following registry path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

And in most cases, changing the REG_DWORD option to a value of 1.

No Display Setting Tab

Change the NoDispSettings value to 1 to enable, 0 to disable.

No Display Appearance Page

Change the NoDispAppearancePage value to 1 to enable, 0 to disable.

No Display Background Page

Change the NoDispBackgroundPage to a value of 1 to enable, 0 to disable

No Display Control Panel

Set the NoDispCPL value to 1 to enable, 0 to disable

No Screen Saver tab

Change the NoDispScrSavPage to 1 to enable, 0 to disable.

Desktop

These options can be manipulated by going to the following registry path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

These values, unless otherwise specified, have a data type of REG_DWORD.

Set user's wallpaper

This option gives the administrator the potential to restrict the user to using a specific bitmap for the desktop wallpaper.

Set user's color scheme

This allows an administrator the potential to restrict the user to using a specific color scheme for the desktop and all shell windows.

Shell Restrictions

These options can be manipulated by going to the following registry path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

These values, unless otherwise specified, have a data type of REG_DWORD.

Remove the run command from the Start menu

Change the RestrictRun value to 1 to enable, 0 to disable.

Remove the taskbar from Settings on Start menu

Change the NoSetTaskbar to 1 to enable, 0 to disable.

Remove Find command from Start menu

Change the NoFind value to 1 to enable, 0 to disable.

Hide the drives from the user in My Computer

As mentioned earlier in the chapter, NoDrives can be set in a variety of ways. The low order (right most) bit is drive A: while the 26th bit is Drive Z:

To hide a drive, turn on its bit. These drives will still appear in File Manager. To remove File Manager, delete winfile.exe. If your not happy working in Hex, add these decimal number to hide the drive(s):

A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L:

2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144,

T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z:

33554432, ALL: 67108863

Hide desktop Network Neighborhood icon

Change the NoNetHood value to 1 to enable, 0 to disable.

Do not list "Entire Network" in Network Neighborhood

This is located in the following registry path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network

Change the NoEntireNetwork to 1 to enable, 0 to disable.

Do not show workgroup contents in Network Neighborhood

This entry is found under the same path as before.

Change the NoWorkgroupContents to 1 to enable, 0 to disable.

Hide all the items on the desktop

These options can be manipulated by going to the following registry path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

These values, unless otherwise specified, have a data type of REG_DWORD.

Change the NoDesktop value to 1 to enable, 0 to disable.

Disable the shutdown command

Change the NoClose value 1o 1 to enable, 0 to disable.

Don't save user settings at exit

Change the NoSaveSettings value to 1 to enable, 0 to disable.

System Restrictions

Disable registry-editing tools

These options can be manipulated by going to the following registry path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

These values, unless otherwise specified, have a data type of REG_DWORD.

Change the DisableRegistryTools value to 1 to enable, 1 to enable.

Run only allowed Windows applications

These options can be manipulated by going to the following registry path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun

These values, unless otherwise specified, have a data type of REG_SZ. The following values are examples of how listed restricted applications are stored in the registry:

Table 3-13: Example registry entries dealing with restricted applications.

1:REG_SZ:cmd.exe"
2:REG_SZ:command.com"
3:REG_SZ:excel.exe"
4:REG_SZ:iexplore.exe"
5:REG_SZ:notepad.exe"
6:REG_SZ:poledit.exe"
7:REG_SZ:regedit.exe"
8:REG_SZ:regedt32.exe"
9:REG_SZ:winword.exe"
10:REG_SZ:wordpad.exe"

Windows NT Shell Custom Folders

These settings point the users' explorer shell to specific directories for use as object containers.

Set a particular path for the Programs folder

The default location of this folder is %SystemRoot%\Profiles\%USERNAME%\Start Menu\Programs

Set a particular path to find desktop icons

The default location of this folder is %SystemRoot%\Profiles\%USERNAME%\Desktop

Hide start menu subfolders

This option can be manipulated by going to the following registry path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Set the NoStartMenuSubFolders (REG_DWORD) to 1 to enable, 0 to disable.

Set a particular path for the Startup items

The default location of this folder is %SystemRoot%\Profiles\%USERNAME%\Startup

Set a particular path for the Network Neighborhood items

The default location of this folder is %SystemRoot%\Profiles\%USERNAME%\NetHood

Set a particular path for the Start menu items

The default location of this folder is %SystemRoot%\Profiles\%USERNAME%\Start Menu

Windows NT Shell Restrictions

This option can be manipulated by going to the following registry path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Only user approved shell extensions

Change the EnforceShellExtensionSecurity to 1 to enable, 0 to disable.

Remove File menu from Explorer to prevent creation of new folders or shortcuts

Change to the NoFileMenu option to 1 to enable, 0 to disable.

Remove common program groups from Start menu

Change the NoCommonGroups value to 1 to enable, 0 to disable.

Disable context menus for the task bar

Change the NoTrayContextMenu to 1 to enable, 0 to disable.

Disable Explorer's default context menu

Change the NoDriveTypeAutoRun to 95 to disable, 0 to enable.

Remove "Map Network Drive" and "Disconnect Network Drive" options

Change the NoNetConnectDisconnect value to 1 to enable, 0 to disable.

Disable link file tracking

Change the LinkResolveIgnoreLinkInfo value to 1 to enable, 0 to disable.

Figure 3-8

Figure 3-8: More Options within the System Policy Editor

Windows NT System Restrictions

These parameters will pass down and modify registry settings that affect the local computer's internal registry.

Disable Task Manager

This parameter is found in the following registry path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

Change the value DisableTaskMgr to 1 to enable, 0 to disable.

Parse AUTOEXEC.BAT

This parameter can be set to determine whether or not Windows NT will parse the contents of an AUTOEXEC.BAT file to use SET and PATH environment variables. The Registry path is as follows:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Set the value ParseAutoexec to 1 to enable, 0 to disable.

Run Login Script in Sync

When a user logs on to Windows NT, the user can have both a Login Script and a Profile controlling their user environment. At first, they will remain in sync unless you turn this value off. If set to off, the User Profile will not load until the login script completes. The registry path for this location is:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Change the RunLogonScriptSync value to 1 to enable, 0 to disable.

Show Welcome Tips at Login

The user, when logging on, will see "Welcome To Windows NT " on the screen with a "tip of the day." By default, the user will have the option of changing the screen to where it does not appear everytime they log on. However, the following registry path:

Software\Microsoft\Windows\CurrentVersion\Explorer\Tips

Has a value called Show which when set to 1, will force the user to see it every time they log on. When set to 0, this is disabled.

Computer Policies/Restrictions

There are certain restrictions you can place on Computers via System Policies. If these computers belong to a domain, you can use the system policy editor to set system-wide restrictions that will affect all users who will use that computer.

Network policies

System Policies Update

Remote Update is a setting that can determine how an administrator wants system policies to be updated remotely on participating Windows NT computers. The registry path is as follows:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Update

The first value UpdateMode, will determine whether or not System policies will be remotely updated. A value of 1 will enable this feature automatically, 2 will enable it manually, and 0 will disable this. The value name NetworkPath will display the path for manual updating of system policies. The value name Verbose determines whether or not errors will be displayed. The value for this will be 1 to enable, 0 to disable.

System

SNMP

SNMP stands for Simple Network Management Protocol. This is a component that is managed as an optional TCP/IP service that allow for vendor-independent tracking and management in which an SNMP-compatible manager can keep tabs on any node that has an SNMP-compatible agent. The following SNMP parameters can be set using System Policies.

The Communities option can be set in the following registry path:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities

Community names are case-sensitive strings (REG_SZ) that are set with blank value names.

The Permitted Managers option can be set in the following registry path:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers

The Permitted Managers option is a list of REG_SZ options that contain the addresses of stations in which SNMP management are allowed.

The Traps for Public Community option can be set in the following registry path:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration\Public

The trpas option has REG_SZ values that contain the address of station where SNMP traps are logged.

Run

This is where an administrator can place entries that are actually program that will automatically run at startup. These programs can be set in the following registry path:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

The entry above actually is the next stage to the former "run" option in the WIN.INI file found in previous version of 16-bit Windows. All items that the administrator wants running on that machine when the Windows subsystem starts.

Windows NT Network

The remainder of these options are actually manipulated by going directly to those registry entries on the local machine and making those modifications. We will avoid redundancies by mentioning those in forthcoming chapters as we further discuss those sections.

Sharing

There are two options that prevent or enable the computer to maintain hidden administrative shares. By default the shares are in place. The root of every volume on an NT Workstation or Server is shared by the corresponding drive letter followed by a dollar sign (C$, D$, etc.) These are exclusively for administrators to access via a direct UNC path (\\servername\C$) and the permissions can not be set. The two policy options for these shares are:

Windows NT Printers

Windows NT has System Policy options that control the Print Process on that specific computer. The following options can disable print browsing, adjust the priority of the Print Spooler, and to audibly notify the user in the event of a print error respectively:

Windows NT Remote Access

Windows NT has System Policy options that control the Remote Access options on that specific computer. The following options can be set:

Windows NT Shell

Windows NT has System Policy options that control the various shell parameters that are system-wide on that specific computer.

Custom shared folders

These are folders that will appear as common program groups, start menu, and desktop icons that will appear on all computers. The individual options include:

Windows NT System

Logon

Windows NT has System Policy options that control the Logon dialog box on that computer on that specific computer. These include:

File System

Windows NT has System Policy options that control certain File System options on that specific computer. They include:

Windows NT User Profiles

This is where an administrator can adjust how a Windows NT Computer deals with Roaming and Local Profiles on that particular computer. These parameters include:

OTHERS

These are options that can be set within the Registry that are not included with the standard system policy templates installed with Windows NT. You can either create a Policy Template file (.ADM extension) in order to incorporate with system policies or edit directly using a Registry Editor.

Printers

These options are found in the following registry path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

NoAddPrinter:REG_DWORD

This parameter will prevent users from invoking the Add Printer wizard. Setting to 1 prevents using it, setting it to 0 allows for its use.

NoDeletePrinter:REG_DWORD

This parameter will prevent users from deleting an existing wizard. Setting to 1 prevents using it, setting it to 0 allows for its use.

Network

File Sharing Control

To prevent the user from establishing shared folders, an administrator can adjust the "NoFileSharingControl" option located in:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network

Setting this value to 1 enables this feature, 0 disables it.

No Network Properties

To restrict the user from accessing the Network Properties dialog box, go to the following registry path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network

Change the "NoNetSetup" value to 1 to enable it, 0 to disable it.

Killing Services

In order to adjust the time it takes to kill services when shutting down the computer, add the following registry value under the following path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\

Value Name: WaitToKillServiceTimeout Data Type: REG_SZ Value: in milliseconds.

This key tells the service control manager how long to wait for services to

complete the shut-down request. The default is 20000 milliseconds.

You must wait long enough for the services to complete an orderly shutdown.

Policy Files

Policy files are stored in the NETLOGON share of the domain controller

The policy file must be called NTCONFIG.POL

When a user logs in, the policy file is read, and the user's desktop is restricted as you configured.

System Policy Files

To make a change to a user or group profile, follow these steps. Note that these steps assume you haven't any pre-existing policies.

After starting System Policy Editor, create a new policy.

Add the user or group you want to make changes to. Double click on the new icon to see the properties screen.

Select the polices that you want to modify (you can use the list on the previous two pages). Recall that a checkmark indicates that option is true, a white box indicates that option is false, and a gray box indicates no setting. Set the values as you see appropriate.

When you have completed changes, you will need to save your changes to a policy file. Policy files are stored in the NETLOGON share of the domain controller for that domain. (That directory is typically %systemroot%\system32\Repl\Import\Scripts.) The file name must be NTCONFIG.POL.

The next time that user logs in, their desktop will be restricted as you configured.

Orders Orders Backward Forward
Comments Comments


 COMPUTING MCGRAW-HILL | Beta Books | Contact Us | Order Information | Online Catalog

Computing McGraw-Hill is an imprint of the McGraw-Hill Professional Book Group.


A Division of the McGraw-Hill Companies
Copyright © 1997 The McGraw-Hill Companies. All rights reserved. Any use is subject to the Terms of Use; the corporation also has a comprehensive Privacy Policy governing information we may collect from our customers.