![]() ![]() |
![]() ![]() |
![]() ![]() | |
© 1997 The McGraw-Hill Companies, Inc. All rights reserved. Any use of this Beta Book is subject to the rules stated in the Terms of Use. |
Chapter 3
Manipulating the Registry Indirectly
This section discusses the different methods of
modifying parameters in the registry through applications. We
will also discuss those parameters that are modified by common
front-end applications such as the Control Panels. Methods of
modifying per-user registry parameters are discussed using system
policies and user profiles. Often it may become necessary to use
the registry as a means of controlling a user's environment. This
chapter will address this issue as well
Viewing Configuration using WinMSD
Windows NT Diagnostics
Figure 3-1: Windows NT Diagnostics (WINMSD.EXE)
Windows NT Diagnostics, shown above in Figure 3-1, allows an administrator to gather hardware and operating system parameters for troubleshooting, reporting, and configuration management. Windows NT Diagnostics can also read and display registry data about the system resources used by drivers. Once you have opened the Windows NT Diagnostics dialog box, you can then click a tab to display data from the Registry in an easily readable format.
It is important to understand that Registry entries
cannot be edited by using Windows NT Diagnostics, so the Registry
contents are protected while you browse for information. However,
you can select and copy any value if you want to paste information
by using Registry Editor or a text editor.
Figure 3-2: Report Options within WinMSD
When managing inventory, hardware is probably the
most crucial asset to track - especially internal components such
as storage devices, hard drives, CPU's, BIOS, and video boards.
Windows NT Diagnostics takes information from the following major
registry keys:
HKEY_LOCAL_MACHINE\Hardware HKEY_LOCAL_MACHINE\System\CurrentControlSet
It also takes dynamic system information such as
memory loads, service and device states and reports their statistics.
The areas reported in WinMSD include:
Figure 3-3: IRQ resources viewed in WinMSD
Remember that most hardware component information
is stored as binary data, and can be displayed in Registry Editor
in hexadecimal or binary format. The Windows NT Diagnostics program
(WINMSD.EXE) displays a great deal of this information in an easy-to-read
format.
Manipulating Indirectly via Applications
The Control Panels
Figure 3-4: The Control Panels
The Control Panel is an excellent and SAFE way to
modify the Registry. There are three basic types of applets within
the Control Panel. They are:
The following table lists the major Control Panel applets and their type:
Table 3-1: Control Panel Applets
Add/Remove Programs | System-Specific | HKEY_LOCAL_MACHINE\SOFTWARE |
Console | User-Specific | HKEY_CURRENT_USER |
Date/Time | System-Specific | BIOS and HKEY_LOCAL_MACHINE\
SOFTWARE |
Devices | System-Specific | HKEY_LOCAL_MACHINE\SYSTEM |
Display | User-Specific and System-Specific | HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE\SYSTEM |
Fonts | System-Specific | HKEY_LOCAL_MACHINE\SOFTWARE |
Keyboard | System-Specific and User Specific | HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE\SOFTWARE |
Modems | System-Specific | HKEY_LOCAL_MACHINE\SYSTEM |
Mouse | System-Specific and User Specific | HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE\SOFTWARE |
Multimedia | System-Specific and User Specific | HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE\SOFTWARE |
Network | System-Specific | HKEY_LOCAL_MACHINE\SYSTEM and HKEY_LOCAL_MACHINE\SOFTWARE |
PC Card | System-Specific | HKEY_LOCAL_MACHINE\SYSTEM |
Ports | System-Specific | HKEY_LOCAL_MACHINE\SYSTEM |
Regional Settings | System-Specific and User Specific | HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE\SOFTWARE |
SCSI Adapters | System Specific | HKEY_LOCAL_MACHINE\SYSTEM |
Services | System Specific | HKEY_LOCAL_MACHINE\SYSTEM |
Sounds | User-Specific | HKEY_CURRENT_USER |
System | System-Specific and User Specific | HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE\SOFTWARE and HKEY_LOCAL_MACHINE\SYSTEM |
Tape Devices | System-Specific | HKEY_LOCAL_MACHINE\SYSTEM |
Telephony | User-Specific and System-Specific | HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE\SOFTWARE |
UPS | System-Specific | HKEY_LOCAL_MACHINE\SYSTEM |
Registry Keys Manipulated via the Control Panel
The amazing aspect of the registry is the fact that even though most users do not ever actually work inside the registry, they indeed manipulate it using applications. For lack of a better term, I will use the term "front-end" application. The most common examples are those applications we mentioned previously - the Control Panel applications. In the earlier table, we see which control panels are per-user, and which ones are per-computer. I will now begin to dive into some interesting individual keys that are actually manipulated using the control panels.
The System Control Panel
In the System applet of Control Panel, there is a
Recovery dialog box where an administrator makes settings that
control what happens in the event of a system lock-up. This section
describes values for the Recovery dialog box, found in the following
Registry path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl
AutoReboot
This is a REG_DWORD data type that can have a value of 0 or 1. This specifies whether the system is to automatically reboot upon failure or to lock-up.
The default is 1 (enabled) for Windows NT Server
and 0 (disabled) for Windows NT Workstation.
CrashDumpEnabled
This is a REG_DWORD data type that can have a value of 0 or 1
This specifies whether debugging information is to be written to a log file.
The default is 1 (enabled) for Windows NT Server,
0 (disabled) for Windows NT Workstation.
DumpFile
This is a REG_EXPAND_SZ value that contains a path
and file name. The default is %Systemroot%\MEMORY.LOG. This specifies
the file for which debugging information is to be written.
LogEvent
This is a REG_DWORD with a range of 0 or 1. The default
is 1 (enabled) for Windows NT Server, 0 for Windows NT Workstation.
This tells the system to write events to the system event log.
Overwrite
This is a REG_DWORD with a range of 0 or 1. The default
is 1 (enabled) for Windows NT Server, 0 (disabled) for Windows NT Workstation.
This specifies whether an existing log file is to be overwritten
by the new one.
SendAlert
This is a REG_DWORD with a range of 0 or 1. The default
is 1 (enabled) for Windows NT Server, 0 (disabled) for Windows
NT Workstation. This controls whether an administrative alert
is sent. If Overwrite is disabled and the LogEvent is enabled,
the system displays a message saying that the log is full, and
all further log attempts are ignored. If this is unacceptable,
create the CrashOnAuditFail value (REG_DWORD) in the following
Registry path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
After setting CrashOnAuditFail to 1, when a log attempt
fails, the system will halt and not reboot.
The Display Control Panel
Color Options
Color Schemes are popular Display settings that are
modified indirectly. Their registry key parameters are located
under the colors subkey. The Colors subkey specifies the color
as a series of three numbers for each area of the Windows screen,
in the following Registry path:
HKEY_CURRENT_USER\Control Panel\Colors
Each entry has a REG_SZ data type. The following
lists the defaults for each entry under the Colors subkey:
Table 3-2: Color Option Codes
COLOR OPTION | CODE |
ActiveBorder | 192 192 192 |
ActiveTitle | 0 0 128 |
AppWorkSpace | 255 255 255 |
Background | 255 255 255 |
ButtonFace | 192 192 192 |
ButtonHilight | 255 255 255 |
ButtonShadow | 128 128 128 |
ButtonText | 0 0 0 |
GrayText | 128 128 128 |
Hilight | 0 0 128 |
HilightText | 255 255 255 |
InactiveBorder | 192 192 192 |
InactiveTitle | 192 192 192 |
InactiveTitleText | 0 0 0 |
Menu | 255 255 255 |
MenuText | 0 0 0 |
Scrollbar | 192 192 192 |
TitleText | 255 255 255 |
Window | 255 255 255 |
WindowFrame | 0 0 0 |
WindowText | 0 0 0 |
Color Schemes
The entries in the Color Schemes subkey define the colors for
each element of specific color schemes, as set by choosing the
Color icon in Control Panel. These entries appear under the following
Registry path:
HKEY_CURRENT_USER\Control Panel\Color Schemes
The Current subkey specifies the current color scheme,
based on those listed in the Color Schemes subkey.
The Custom Colors subkey defines the custom colors
in the color palette, as set by choosing the Color icon in Control
Panel. The entries are designated ColorA through ColorP, and all
have the value FFFFFF by default.
Each entry in these subkeys has a REG_SZ data type.
The following Table shows their scheme codes:
Table 3-3: Scheme Codes
Arizona | 804000,FFFFFF,FFFFFF,0,FFFFFF,0,808040,C0C0C0,FFFFFF,4080FF,C0C0C0,0,C0C0C0,C0C0C0,808080,0,808080,808000,FFFFFF,0,FFFFFF |
Black Leather Jacket | 0,C0C0C0,FFFFFF,0,C0C0C0,0,800040,808080,FFFFFF,808080,808080,0,10E0E0E0,C0C0C0,808080,0,808080,0,FFFFFF,0,FFFFFF |
Bordeaux | 400080,C0C0C0,FFFFFF,0,FFFFFF,0,800080,C0C0C0,FFFFFF,FF0080,C0C0C0,0,C0C0C0,C0C0C0,808080,0,808080,800080,FFFFFF,0,FFFFFF |
Cinnamon | 404080,C0C0C0,FFFFFF,0,FFFFFF,0,80,C0C0C0,FFFFFF,80,C0C0C0,0,C0C0C0,C0C0C0,808080,0,808080,80,FFFFFF,0,FFFFFF |
Designer | 7C7C3F,C0C0C0,FFFFFF,0,FFFFFF,0,808000,C0C0C0,FFFFFF,C0C0C0,C0C0C0,0,C0C0C0,C0C0C0,808080,0,C0C0C0,808000,0,0,FFFFFF |
Emerald City | 404000,C0C0C0,FFFFFF,0,C0C0C0,0,408000,808040,FFFFFF,408000,808040,0,C0C0C0,C0C0C0,808080,0,808080,8000,FFFFFF,0,FFFFFF |
Fluorescent | 0,FFFFFF,FFFFFF,0,FF00,0,FF00FF,C0C0C0,0,FF80,C0C0C0,0,C0C0C0,C0C0C0,808080,0,808080,0,FFFFFF,0,FFFFFF |
Hotdog Stand | FFFF,FFFF,FF,FFFFFF,FFFFFF,0,0,FF,FFFFFF,FF,FF,0,C0C0C0,C0C0C0,808080,0,808080,0,FFFFFF,FFFFFF,FFFFFF |
LCD Default Screen Settings | 808080,C0C0C0,C0C0C0,0,C0C0C0,0,800000,C0C0C0,FFFFFF,800000,C0C0C0,0,C0C0C0,C0C0C0,7F8080,0,808080,800000,FFFFFF,0,FFFFFF |
LCD Reversed - Dark | 0,80,80,FFFFFF,8080,0,8080,800000,0,8080,800000,0,8080,C0C0C0,7F8080,0,C0C0C0,800000,FFFFFF,828282,FFFFFF |
LCD Reversed - Light | 800000,FFFFFF,FFFFFF,0,FFFFFF,0,808040,FFFFFF,0,C0C0C0,C0C0C0,800000,C0C0C0,C0C0C0,7F8080,0,808040,800000,FFFFFF,0,FFFFFF |
Mahogany | 404040,C0C0C0,FFFFFF,0,FFFFFF,0,40,C0C0C0,FFFFFF,C0C0C0,C0C0C0,0,C0C0C0,C0C0C0,808080,0,C0C0C0,80,FFFFFF,0,FFFFFF |
Monochrome | C0C0C0,FFFFFF,FFFFFF,0,FFFFFF,0,0,C0C0C0,FFFFFF,C0C0C0,C0C0C0,0,808080,C0C0C0,808080,0,808080,0,FFFFFF,0,FFFFFF |
Ocean | 808000,408000,FFFFFF,0,FFFFFF,0,804000,C0C0C0,FFFFFF,C0C0C0,C0C0C0,0,C0C0C0,C0C0C0,808080,0,0,808000,0,0,FFFFFF |
Pastel | C0FF82,80FFFF,FFFFFF,0,FFFFFF,0,FFFF80,FFFFFF,0,C080FF,FFFFFF,808080,C0C0C0,C0C0C0,808080,0,C0C0C0,FFFF00,0,0,FFFFFF |
Patchwork | 9544BB,C1FBFA,FFFFFF,0,FFFFFF,0,FFFF80,FFFFFF,0,64B14E,FFFFFF,0,C0C0C0,C0C0C0,808080,0,808080,FFFF00,0,0,FFFFFF |
Plasma Power Saver | 0,FF0000,0,FFFFFF,FF00FF,0,800000,C0C0C0,0,80,FFFFFF,C0C0C0,FF0000,C0C0C0,808080,0,C0C0C0,FFFFFF,0,0,FFFFFF |
Rugby | C0C0C0,80FFFF,FFFFFF,0,FFFFFF,0,800000,FFFFFF,FFFFFF,80,FFFFFF,0,C0C0C0,C0C0C0,808080,0,808080,800000,FFFFFF,0,FFFFFF |
The Blues | 804000,C0C0C0,FFFFFF,0,FFFFFF,0,800000,C0C0C0,FFFFFF,C0C0C0,C0C0C0,0,C0C0C0,C0C0C0,808080,0,C0C0C0,800000,FFFFFF,0,FFFFFF |
Tweed | 6A619E,C0C0C0,FFFFFF,0,FFFFFF,0,408080,C0C0C0,FFFFFF,404080,C0C0C0,0,10E0E0E0,C0C0C0,808080,0,C0C0C0,8080,0,0,FFFFFF |
Valentine | C080FF,FFFFFF,FFFFFF,0,FFFFFF,0,8000FF,400080,FFFFFF,C080FF,C080FF,0,C0C0C0,C0C0C0,808080,0,808080,FF00FF,0,FFFFFF,FFFFFF |
Wingtips | 408080,C0C0C0,FFFFFF,0,FFFFFF,0,808080,FFFFFF,FFFFFF,4080,FFFFFF,0,808080,C0C0C0,808080,0,C0C0C0,808080,FFFFFF,0,FFFFFF |
Desktop Patterns
Desktop Pattern Settings can be established under the following
subkey:
HKEY_CURRENT_USER\Control Panel\Patterns
The Patterns subkey contains entries that define
the color values for the bitmap patterns, as set by choosing the
Desktop icon. Each value is a set of eight numbers, corresponding
to the colors in the eight basic elements of the pattern.
Each entry has a REG_SZ data type.
The following table shows the default colors for
the default patterns:
Table 3-4: Code entries for Desktop Patterns
50% Gray | 170 85 170 85 170 85 170 85 |
Boxes | 127 65 65 65 65 65 127 0 |
Critters | 0 80 114 32 0 5 39 2 |
Diamonds | 32 80 136 80 32 0 0 0 |
Paisley | 2 7 7 2 32 80 80 32 |
Pattern | 224 128 142 136 234 10 14 0 |
Quilt | 130 68 40 17 40 68 130 1 |
Scottie | 64 192 200 120 120 72 0 0 |
Spinner | 20 12 200 121 158 19 48 40 |
Thatches | 248 116 34 71 143 23 34 113 |
Tulip | 0 0 84 124 124 56 146 124 |
Waffle | 0 0 0 0 128 128 128 240 |
Weave | 136 84 34 69 136 21 34 81 |
Screen Saver Settings
Screen Saver Settings can be found under the following key:
HKEY_CURRENT_USER\Control Panel\ScreenSaverName
The various Screen Saver subkeys define user preferences
for specific screen savers. All entries have a REG_SZ data type.
The following list details the default entries under the Screen
Saver subkeys.
Screen Saver.Marquee
Screen Saver.Mystify
Screen Saver.Stars
Cursor Settings
The Registry Location for Cursors determine which
Cursor Schemes will be used by the user. The location is as follows:
HKEY_CURRENT_USER\Control Panel\Cursor
The Cursor subkey contains entries that specify the
.ANI or .CUR files containing custom cursors defined using the
Cursor icon in Control Panel. There are no entries in this key
unless the user changes cursor styles in Control Panel. All data
types are REG_SZ. The following lists the names for possible default
entries:
Table 3-5: Possible Cursor Scheme Entries
· 3-D Bronze | · 3-D White |
· AppStarting | · Arrow |
· Conductor | · CrossHair |
· Dinosaur | · Hands 1 or 2 |
· IBeam | · Magnified |
· No | · Old Fashioned |
· SizeAll | · SizeNESW |
· SizeNS | · SizeNWSE |
SizeWE | Variations |
Wait | Windows Animated |
Windows Default |
Other Desktop Preferences
Registry path:
HKEY_CURRENT_USER\Control Panel\Desktop
AutoEndTasks
This Value has a data type of REG_SZ and can have
a range of 0 or 1. The default is 0 (disabled). This value determines
whether user processes are ended automatically when the user logs
off or stops Windows NT. If the value of this entry is 1
(or other than 0), processes are ended automatically. If it is
set to 0, the system waits until the process ends and, if the
process exceeds the timeout threshold (HungAppTimeout), the End
Task dialog box appears stating that the application cannot respond
to the End Task request.
BorderWidth
This value has a data type of REG_SZ and can have
a range of 1 through 49. The default value is 3. This value sets
the width of the borders around all the windows that have sizable
borders. The possible range is 1 (narrowest) to 49 (widest).
This value entry does not appear in the Registry unless you add
it.
CoolSwitch
This value has a data type of REG_SZ. It is a value
entry that is not supported in Windows NT 4.0 . In previous versions
of Windows NT, it determined whether fast task switching (ALT+TAB
) was enabled or disabled. In Windows NT 4.0, fast task
switching is always enabled. You need not remove this value entry
from your registry; it is ignored by the system.
CoolSwitchColumns
This value has a data type of REG_SZ. It range contains
a number of columns. The default value is 7. This value determines
how many columns of icons can appear in the Fast Switch (ALT+TAB)
dialog box.
CoolSwitchRows
This value has a data type of REG_SZ. The range contains
a number of rows. The default is 3. This value determines how
many rows of icons can appear in the Fast Switch (ALT+TAB) dialog
box.
CursorBlinkRate
This value is REG_SZ and its range is determined
in milliseconds. The default value is 530. This value indicates
how much time elapses between each blink of the selection cursor.
To change this value, double-click the Keyboard icon in Control
Panel, click the Speed tab, then use the sliding pointer in the
Cursor blink rate box.
DragFullWindows
This value has a data type of REG_SZ. The range is
either 0 (Disabled) or 1 (Enabled). The default value is 1 (Enabled).
This value determines what is displayed while users drag a window.
If the value of this entry is 1, the entire window and its contents
move as it is dragged. If it is 0, the only the window rectangle
moves as the window is dragged. To enable or disable this feature,
double-click the Display icon in Control Panel, click the Plus!
Tab, then click the Show window contents while dragging check
box in the Visual settings box.
DragHeight
This value has a data type of REG_SZ and its range
is determined in pixels. The default value is 2. This determines
the height of the rectangle used to detect the start of a drag
operation. 2 will be sufficient for most screens however it may
be wise to increase this to four or five on displays with a higher
degree of resolution.
DragWidth
This value has a data type of REG_SZ and its range
is too determined in Pixel units. The default is 2. Determines
the width of the rectangle used to detect the start of a drag
operation. The same guidelines for DragHeight apply to this value
as well.
FontSmoothing
This value has a data type of REG_SZ and can have
a range of 0 (Disabled) or 1 (Enabled). The default value is 0.
This value determines whether the edges of large fonts are painted
in different shades of Grey to make the font look smoother. To
enable or disable font smoothing, double-click the Display icon
in Control Panel, click the Plus! Tab, then click the Smooth edges
of screen fonts check box in the Visual Settings box.
GridGranularity
This value has a data type of REG_SZ and can have
a range of 0 - 49 The default value is 0. This value specifies
the size of the grid used to position windows on the screen. The
possible range is 0 through 49, in units of 8 pixels.
HungAppTimeout
This value has a data type of REG_SZ and its range
is determined in milliseconds (msec). The default value is 5000.
This determines how long the system waits for user processes to
end in response to the End Task button command in Task Manager.
If this threshold is exceeded, the End Task dialog box appears
stating that the process did not respond or, if AutoEndTasks is
enabled, the system ends the process automatically.
MenuShowDelay
This is a very popular hidden setting. This value
has a data type of REG_SZ and its range is too determined in milliseconds
(msec). The default value is 400. This value determines how long
after the cursor is pointed at a menu that the menu items drop
down.
WaitToKillAppTimeout
This value has a data type of REG_SZ. Like the previous
entries, its range is determined in milliseconds. The default
value is 20000. This value determines how long the system waits
for user processes to end after the user attempts to log off or
to shut down Windows NT. If this threshold is exceeded,
the End Task dialog box appears stating that the process did not
respond or, if AutoEndTasks is enabled, the system ends the process
automatically.
WheelScrollLines
This value has a data type of REG_SZ yet its range
is determined using Hexadecimal numbers. The range is from 0 to
0xFFFFFFFF. The default value is 3. This value determines the
number of lines scrolled for each rotation of the mouse wheel
on a Microsoft IntelliMouse when no modifier keys (such
as CTRL or SHIFT) are pressed. If the value of this entry is 0,
the screen will not scroll when the mouse wheel is turned. If
the value of this entry is greater than the number of lines visible
in the window, the screen will scroll up or down by one page.
To direct Windows NT to interpret all wheel rotations as page-up
or page-down commands, set the value of this entry to 0xFFFFFFFF.
TileWallpaper
This value has a data type of REG_SZ and its range
is either 0 or 1. The default value is 0. This value specifies
that the desktop wallpaper is tiled across the screen if this
value is 1, or centered if this value is 0.
Note: You can use the System Policy Editor to
change this value.
Wallpaper
This value has a data type of REG_SZ and its range
is actually a bitmap filename. The default is (None) (This string
appears when no pattern is specified.) This value supplies the
filename for the bitmap on the screen background. Include the
path if the file is not in the %SystemRoot% or %SystemRoot%\SYSTEM32
directory.
Note: You can use the System Policy Editor to
change this value.
ScreenSaveActive
This value has a data type of REG_SZ and its range
is either 0 or 1. The default value is 0. This specifies whether
a screen saver should be displayed if the system is not actively
being used. Set this value to 1 to use a screen saver; 0 turns
off the screen saver.
ScreenSaverIsSecure
This value has a data type of REG_SZ and can have
a value of either 0 or 1 with a default of 0. This value specifies
whether a password is assigned to the screen saver.
ScreenSaveTimeOut
This value has a data type of REG_SZ and its range
is determined in seconds. The default value is 900 (15 minutes.)
This value specifies the amount of time that the system must be
idle before the screen saver appears.
SCRNSAVE.EXE
This value has a data type of REG_SZ and it designates
a file name for the screen saver. The default is (None). This
specifies the screensaver executable filename.
IconHorizontalSpacing
This value has a data type of REG_SZ. Its range is
determined in pixels. The default is 60. This value specifies
the width of an icon cell, in numbers of pixels.
IconSpacing
This value has a data type of REG_SZ. Its range is
also in pixels. The default is 75. This value specifies the number
of pixels that appear horizontally between icons. A larger number
increases the space between icons.
IconTitleFaceName
This value has a data type of REG_SZ. The range is
a fontname. The default: Helv for Helvetica. This value specifies
the font used to display icon titles. Change this value if the
icon title is difficult to read.
IconTitleSize
This value has a data type of REG_SZ and its range
is determined by font size. The default value is 9. This specifies
the size of the font used to display icon titles. Change this
value if the icon title is difficult to read.
IconTitleStyle
This value has a data type of REG_SZ and its range
is unknown. The default however is 0. I have no idea whatsoever
what this means. I do not think anybody does.
IconTitleWrap
This value has a data type of REG_SZ and its range
is either 0 or 1. The default is 1. This specifies whether to
wrap icon titles. A value of 1 allows icon title wrapping and
increases icon vertical spacing by three lines; 0 turns off icon
title wrapping.
IconVerticalSpacing
This value has a data type of REG_SZ and its range is determined in pixels. The default value is 60. This specifies the height of an icon cell.
Environment Variables
The Environment subkey contains the user environment
variables, as defined by choosing the System icon in Control Panel.
Changes to these variables take effect the next time a non-Windows
NT-based application is run or the command prompt is used. The
registry path in which these values are stored are found in:
HKEY_CURRENT_USER\Environment
The default is the environment variables defined
in the user's profile at startup.
Extensions
Commonly known as associations, the Extensions subkey
identifies personal preferences for document files with corresponding
command lines, so that opening a document file in Windows Explorer
or File Manager automatically starts the application. The extensions
are found in the following Registry path:
HKEY_CURRENT_USER\Software \Microsoft\Windows NT\CurrentVersion\Extensions
The following default entries are defined. All have
a REG_SZ data type.
Table 3-6: Extension Association Entries
Extension | Association |
Bmp | pbrush.exe ^.bmp |
crd | cardfile.exe ^.crd |
ini | notepad.exe ^.ini |
pcx | pbrush.exe ^.pcx |
rec | recorder.exe ^.rec |
trm | terminal.exe ^.trm |
txt | notepad.exe ^.txt |
wri | write.exe ^.wri |
The extension information for all users can be viewed and modified
in HKEY_CLASSES_ROOT. This is where you will find the filetypes
and extension information for Windows Explorer and File Manager.
Multimedia and Sound Entries for Users
Values related to user preferences for multimedia
items in Control Panel are found in the following Registry path:
HKEY_CURRENT_USER\Control Panel
It is recommended that all changes should be made
using the Devices, Drivers, MIDI Mapper, and Sound icons in Control
Panel. The following lists the default entries. All are REG_SZ
data types.
Table 3-7: General Multimedia Entries and their
default values:
Value | Default |
H | 230 |
NumApps | 20 |
W | 442 |
X | 88 |
Y | 84 |
Table 3-8: Sound Entries
Value | Default |
Beep | yes |
Enable | 1 |
SystemAsterisk | chord.wav,Asterisk |
SystemDefault | ding.wav,Default Beep |
SystemExclamation | chord.wav,Exclamation |
SystemExit | chimes.wav,Windows Logoff |
SystemHand | chord.wav,Critical Stop |
SystemQuestion | chord.wav,Question |
SystemStart | tada.wav,Windows Logon |
Network Administration Entries for Users
The Network Client Administrator
The Network Client Administrator (NCADMIN.EXE) is
an application found only on Windows NT Server. It is used to
create client diskettes that are pre-configured to participate
in a Windows NT Server-based domain. This utility can also be
used to set up client based administrative tools for both NT Workstation
and Windows '95. The following Registry path contains values used
by administrators to remember the last server and client share
points used by the NCADMIN.EXE application between executions:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Network\NCAdmin
LastClientServer
This value has a data type of REG_SZ and contains
a range from 0 to 15 characters. The default value is (none).
This value remembers the last server used for the creation of
network client installation disks or Over the Network Installation
startup disks.
LastClientSharepoint
This value has a data type of REG_SZ and has two
possible ranges: 0 to 8 characters (MS-DOS) or 0 to 80 characters
(Windows NT). The default value is (none). This value remembers
the last share used for the creation of network client installation
disks or Over the Network Installation startup disks.
LastToolsServer
This value has a data type of REG_SZ. The range is
from 0 to 15 characters. The default is (none). This value remembers
the last server that referenced the network administration tools
directory path.
LastToolsSharepoint
This value has a data type of REG_SZ. Like the previous
entry, it too has two possible ranges: 0 to 8 characters (MS-DOS),
or 0 to 80 characters (Windows NT). The default is (none). This
remembers the last share that referenced the network administration
tools directory path. One important point to consider is that
the LastToolsSharepoint plus LastToolsServer must be less than
MAX_PATH - 3. (The 3 accounts for the two backslashes (\) at the
beginning of the path and the one between the server and the share.)
This same rule applies to LastClientSharepoint and LastClientServer.
Characters may be any legal UNICODE characters that
can be used in a server or share name. The NCAdmin key and these
values do not appear until NCAdmin has been run at least once
by the current user.
Network Connection Entries for Users
The following Registry path contains the list of
specific shares to reconnect when the user logs on:
HKEY_CURRENT_USER\Network
The Network subkey does not appear unless you are
connected to a shared directory when the Reconnect At Logon option
was checked in Windows Explorer or File Manager. There is a subkey
for each shared directory to be reconnected at system startup.
The name of the subkey is the drive-letter designated for the
connection. Each such subkey can contain the following entries:
ConnectionType
This entry has a data type of REG_DWORD. The default
value is 0x1.
ProviderName
This has a data type of REG_SZ for each connection,
there is a provider service. The range is actually the network
name. The expected and common one is the Microsoft Windows Network.
RemotePath
This entry has a data type of REG_SZ and the data
is the UNC (Universal Naming Convention) path to the network share.
This follows the syntax \\server\sharename.
UserName
This field has a data type of REG_SZ and this will
contain the name of the user that is used to authenticate the
share. By default, there is no entry because the currently logged
on user name is assumed. This specifies the username under which
connection was made to the shared directory if a name was added
to the Connect As box in the Connect Network Drive dialog box
in Windows Explorer or File Manager.
User Preferences for Administrative Utilities
As administrators use different utilities to manage
an NT Workstation, Server, and/or Domain, specific preferences
for these administrative tools will be stored in the user's profile
along with the other information we have already mentioned.. The
following path contains subkeys with settings for user preferences
related to Event Viewer, Server Manager, User Manager, and User
Manager for Domains:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network
The following tables summarize the default settings in the Network subkeys. All entries have REG_SZ data types.
Table 3-9: User Preferences for the Event Viewer:
Filter | (as chosen in the Filter dialog box) |
Find | : (string from Find dialog box) |
FontFaceName | (none) |
FontHeight | 0 |
FontItalic | 0 |
FontWeight | 0 |
IfNT | 1 (focused on Windows NT server) |
LogType | 0 (system); 1 (security); 2 (application); 4 (read from a file) |
SaveSettings | 1 |
SortOrder | 0 (new events first); 1 (old events first) |
Window | 132 126 504 282 0 (position and minimize) |
Table 3-10: User Preferences for the Server Manager:
AccountsOnly | 0 (default if Show Domain Members Only is not set, otherwise 1) |
FontFaceName | (none) |
FontHeight | 0 |
FontItalic | 0 |
FontWeight | 0 |
SaveSettings | 1 |
View | (default is 2 for Low Speed Connection, otherwise 3) (0 means View using extension DLL specified in key ViewExtension; 1 means view workstations only; 2 means view servers only; and 3 means view workstations and servers) |
Table 3-11: User Preferences for the User Manager:
FontFaceName | (none) |
FontHeight | 0 |
FontItalic | 0 |
FontWeight | 0 |
ListBoxSplit | 500 |
SaveSettings | 1 |
Window | 132 126 504 282 0 (position and minimize) |
Table 3-12: User Preferences for the User Manager for Domains:
Value Name | Default |
Confirmation | 1 |
FontFaceName | (none) |
FontHeight | 0 |
FontItalic | 0 |
FontWeight | 0 |
GroupCommentsCutoffMsec | (none) |
ListBoxSplit | 667 |
SaveSettings | 1 |
SortOrder | 0 (for sort by full name) |
Window | 132 126 504 282 0 (position and minimize) |
All of these applications have common parameters, meaning they
have identical entries that affect each application or its environment
in the same way. The following defines most of the common parameters
for these applications:
HKEY_CURRENT_USER\SOFTWARE\Microsoft \Windows NT\CurrentVersion\Network\<ApplicationName>
Confirmation
This entry has a data type of REG_SZ and its value
is determined with a Boolean expression. This entry specifies
whether the application requests user confirmation for actions
such as deletions or other value changes.
FontFaceName
This value has a data type of REG_SZ and it value
is a specified name. There is no default. This specifies font
to use in the application main window, for example, Times New
Roman.
FontHeight
This value has a data type of REG_SZ and its range
is a number to specify height. The default is 0 (normal). This
specifies point size of font in the application main window.
FontItalic
This has a data type of REG_SZ and can have a range
of 0 or 1. The default is 0 (normal). This specifies normal (0)
or italic (1) font style in the application main window.
FontWeight
This has a data type of REG_SZ and can have a range
from 0 to 900. The default is 0. This specifies the font weight
(thin to heavy) of the font used in the application main window,
where 400 is normal, 700 is bold, and 900 is heavy.
GroupCommentsCutoffMsec
This value has a data type of REG_SZ and its range
is determined in number of milliseconds. The default is (none).
Separate remote API calls must be made for each group comment,
which many are excessively slow for some installations. Setting
this value to greater than zero suppresses the loading of local
group comments (and global group comments against a non-Windows
NT target), if loading the user list took more than the defined
number of milliseconds. Set this value lower if you experience
long User Manager for Domains startup, listbox refresh, or heavy
network traffic over slow links.
ListBoxSplit
This value has a data type of REG_SZ and its range
is determined in a number from 0 to 1000. The default is 667 (That
is, the top two-thirds of the display is given to the user listbox.)
In User Manager and User Manager for Domains only, specifies the
vertical space (in thousandths) devoted to the user listbox as
opposed to the group listbox.
SaveSettings
This value has a data type of REG_SZ and its range
is determined in a boolean expression. This specifies whether
options selected in the application are saved when the application
is closed.
SortOrder
This value has a data type of REG_SZ and its range
is determined as a Boolean expression. This value specifies the
sort order followed by the application, where 1 specifies sort
by username, and 0 specifies sort by full name.
Window
This value has a data type of REG_SZ and its range
is determined by Pixel location for window. This value specifies
window location when application was last closed as four numbers
plus 1 or 0 to indicate whether the window was iconized. The Persistent
Connections subkey contains entries that control the restoration
of network connections, under this Registry path:
HKEY_CURRENT_USER\SOFTWARE\Microsoft \Windows NT\CurrentVersion\Network\Persistent Connections
DriveMappingLetter
This value has a data type of REG_SZ and its range
is determined by designating a UNC sharename. An entry appears
for each connection to a shared network directory.
Order
This value has a data type of REG_SZ and its range
is determined by drive-letter order. This parameter specifies
the order for the shared directory connections.
SaveConnections
This value has a data type of REG_SZ and its range
is either Yes or No. The default is yes. This contains the value
set by the Reconnect At Logon check box in the Connect Network
Drive dialog box in Windows Explorer or File Manager.
The following additional parameters are found in
this Registry path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\World Full Access Shared Parameters
ExpandLogonDomain
This value has a data type of REG_SZ and its range
is either Yes or No. The default value is Yes. This specifies
whether the Shared Directories list is expanded by default in
the Connect Network Drive dialog box. This is the value set in
the Connect Network Drive dialog box in Windows Explorer or File
Manager by checking the Expand By Default check box.
The following additional parameter is found in the
following Registry path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\SMAddOns
.DLL Name
This value has a data type of REG_SZ and its range
is a String. The default value is (none). This contains a pointer
to Server Manager extension .DLLs used to augment RAS.
The following parameter is used by the Windows NT
administrative applications:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Shared Parameters
Slow Mode
This value has a data type of REG_SZ and its range is determined as a string to close and far domains and domain controllers. The default string is "CLOSEDOMAIN;h;FARDOMAIN;l;\\CLOSEMACHINE;h;\\FARMACHINE;1"
Stores information about which servers and domains
are across a Low Speed Connection. User Manager for Domains, Server
Manager, and Event Viewer read this information unless explicitly
told whether to start in Low Speed Connection mode. The cache
is updated each time one of these applications is started or set
to a new, nonlocal focus, or when the user explicitly changes
the Low Speed Connection setting. This is an LRU cache of up to
20 focus targets. The first entry is the most recently used. This
is a shared state between users, so if one user changes the cached
setting for a target focus, other users get that setting by default.
SortHyphens
This entry has a data type of REG_DWORD and can have a range of 0 or 1. The default value is 0. This value specifies whether to ignore hyphens when sorting lists alphabetically in some applications. For example, set SortHyphens to 1 (true) if you want "a-test" to sort after "Administrator". The default setting of 0 (false) causes the hyphen to be ignored, and "a-test" would sort before "Administrator."
In addition to these executables, the base sort order of the Control Panel tools for customizing network settings (NCPA.CPL), server, services, and devices (SRVMGR.CPL), and the FTP server services (FTPMGR.CPL) can be controlled as well.
Using User Profiles to Modify Registries
User Profiles
Windows NT maintains the desktop and shell environment
settings for each individual user in a file referred to as user
profile. User profiles are a collection of information
about a user's environment and preferences, maintained so that
each user has a consistent interface displayed each time they
log into a Windows NT computer.
When we use the control panel and make changes using
those applications that edit user-specific settings, we are indeed,
making changes to our user profile.
User profiles automatically create and maintain the
desktop settings for each user's work environment on the local
computer. These profiles are created for each user when they log
into any computer for the first time.
Profile contents consist of:
Benefits of User Profiles
User profiles can provide many benefits to both users and administrators. Each user views their desktop settings as they existed when they last logged off. Many users can use the same computer, and each one receives their own customized desktop when logging in. When using roaming profiles, a user will have their profile available at any Windows NT computer at which they logon.
For the administrator, customized user profiles can be created and assigned to users to provide consistent work environments. Administrators can make profiles mandatory, which will prevent users from changing any settings.
Types of User Profiles
There are three types of user profiles:
Local Profiles
These are profiles that are specific to each computer.
A user who creates a local profile on a particular computer can
only access that profile while logged on to that specific computer.
Roaming Profiles
These are profiles that can be accessed from any
computer. A user who creates a roaming profile, can logon at any
computer and access the profile.
Mandatory Profiles
These are pre-configured, roaming profiles that cannot be changed by the user. They are typically assigned to a person or a group of people for whom a common interface is required.
Settings Saved in User Profiles
Each user profile contains configuration preferences and options for each user in addition to the user's desktop environment.
Source Parameters saved:
The Explorer Shell - All
user-definable settings for Windows NT Explorer as well as persistent
network connections.
Taskbar - All personal
program groups and their properties, all program items and their
properties, and all Taskbar settings.
Printer Settings - Network
printer connections
Control Panel - All user-defined
settings made in Control Panel.
Accessories - All user-specific
application settings that affect the Windows NT environment including
utilities such as Calculator, Clock, Notepad, Paint and HyperTerminal,
among others.
Help Bookmarks - Any bookmarks
placed in the Windows NT Help System.
Structure of a User Profile
User profiles have two main parts: a directory, which maintains shortcuts, and a data file, which keeps a copy of the registry settings specific to the user. Together, these maintain all settings tracked for an individual, which can be used any time that user logs into the computer.
All profile information can be viewed by viewing
the \%SystemRoot%\profiles folder.
Figure 3-5: User Profile Locations
A profile called Default User is created during the Microsoft® Windows NT installation process. Each time a new user logs onto a computer running Windows NT, a profile is created for the user by copying the default user profile. The default user profile is copied into a folder for the user, and then any modifications the user makes are saved to this profile.
Folders and Their Purpose
The Profile Registry File
In addition to maintaining information about shortcuts and desktop items, information about a user's individual registry settings must also be stored.
For each user, a file called NTUSER.DAT is created within the user's profile folder. This file is a cached copy of the Windows NT Registry HKEY_CURRENT_USER sub-tree on the local computer. This portion of the registry maintains information about the computer's configuration such as the installed software, environment settings, and other user specific information.
In addition to the registry file, Windows NT also
maintains a file in each profile titled NTUSER.DAT.LOG. This file
is a transaction log of recent changes made by the user. That
is, any time the owner of a profile modifies settings, the change
is entered into the NTUSER.DAT.LOG file. When logging out of Windows
NT, the changes are applied to the NTUSER.DAT file. In the event
there are problems that prevent the changes from being applied,
the log file will keep the changes until next logon, when the
changes can be applied.
All Users Folder
In addition to the Default User profile, Windows
NT also maintains a folder titled All Users. The All Users folder
maintains a listing of common program groups that have been created
on the computer.
Identical Login Names
If a user logs in with two different Windows NT user accounts with the same user name, (for instance, a local user account and a domain user account that have the same name), multiple profiles will be created for the user. By default, the first profile created will be the user's Windows NT user name. Subsequent logons with a different user account but the same user name will result in a new profile created with 000 appended to the name.
Multiple profiles are created based on the Security
Identifier (SID) of the user logging on. The counter 000 that
is appended will be incremented by 1 for each profile that is
created.
Roaming Profiles
Roaming profiles allow a user to maintain a single profile on the network and use the profile from any computer running Microsoft Windows NT. This provides for consistent access no matter where the user is and fault tolerance in some cases.
Roaming profiles are enabled by using the User Manager for domains to specify a user profile path. By identifying this path, the user can be identified as roaming.
Once a path has been entered, an empty user profile is created for the user in the specified server location. That user can then login and any changes made to their profile will be stored on the server.
If required, a pre-configured user profile can be
copied to the specified path. When the user logs on, they will
then have the default settings of that profile. Profiles should
be copied using the Control Panel System application.
The directories should not be copied with Explorer or File Manager. If they are, the necessary registry entries will not be created and Windows NT will not be aware of, or know, to load the profile. The profiles that Windows NT is aware of have entries in the registry under:
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Mandatory Profiles
Mandatory profiles are pre-configured roaming profiles that cannot be updated by the user. Mandatory profiles may be useful in scenarios where the administrator requires that the profile for each user be exactly the same. Changes made by the user during any logon sessions are never saved to the original profile.
Renaming the NTUSER.DAT file to NTUSER.MAN in the
profile folder and then specifying \\SERVERNAME\SHARENAME\PROFILENAME.MAN
in User Manager can create mandatory profiles. It is important
to note that the product documentation states that it is only
necessary to name the file NTUSER.MAN. If only the administrator
does this portion and the profile is available at logon, the user
will still be able to logon. To prevent a user with a mandatory
profile from logging on when the profile is not available, the
profile path and file name must be specified in User Manager.
Creating and Maintaining User Profiles
A mandatory profile can be created from any existing profile by copying the profile and renaming the NTUSER.DAT file with a .MAN extension. Administrators may find it easier to create corresponding Microsoft® Windows NT® user accounts with each profile to maintain the profiles long term.
For example, an administrator may want a mandatory profile for all support personnel. That administrator could create a user account called Support, logon to that account, configure it as desired, and then use the Copy option in Control Panel System to copy the profile.
Future modifications to the profile are easily accomplished
by logging back on to the Support account and then simply recopying
the profile over the old one.
Default User Profiles
Administrators can create a default profile for all
users within a domain running Microsoft Windows NT. Creating a
customized user profile and copying it to the domain controllers
for the domain using Control Panel System does this. After this,
all users will automatically receive the user profile when they
logon to the domain.
This works as follow:
Profile Access
The first time a user logs on to a computer running Microsoft Windows NT and their account has been configured for Roaming profiles, their profile will be copied from the path specified in their account to the local computer. This ensures optimum performance since access to the profile is local, rather than continual access of the profile across the network. All changes to the profile are written to the local profile and upon logoff, the profile is copied back to the server for storage.
In subsequent logons to the same computer, both profiles (local and server) are compared using date and time stamps. If the local copy of the profile is equal to the server profile, then it is used again. If the server profile is most current, it is copied to the local computer again.
In scenarios where a change is made to a profile
on a local computer that is not on the network, such as a laptop,
the profile can only be saved locally. The next time the user
logs on when their laptop is connected to the network, the user
will be notified that the local copy of the profile is more current
and then must select which profile should be kept.
Slow Connections
When a user logs on over a slow link, such as over a dial-up line, the time required to access a server-stored profile may be lengthy. In such cases, a user can specify that the system uses the local copy of the profile rather than the server copy. This results in faster logon time.
When using a slow connection, a dialog box appears which allows the user to specify which profile to be used. This dialog box is displayed based on the amount of time it takes for the computer to retrieve the user profile path from the domain controller. The logon process starts a counter, requests the user profile path, and waits for a response. If the response takes longer than two seconds, the dialog box is presented to the user.
Common Problem
Sometimes when a user logs on to a workstation other
than their own, the correct wall-paper is not displayed even though
User Profiles is enabled. This behavior can occur when the wallpaper
specified in the user's profile does not exist on the workstation
they have logged on to. It can also occur when the wallpaper specified
in the user's profile exists on the workstation they have logged
on to, but it is not located in the same directory as it is on
their local workstation. To work around this behavior, place a
copy of the wallpaper file that you want to use on the workstation
you are logging on to. You must place the wallpaper file in the
same directory as it is on your local workstation.
Desktop Restrictions within the Registry
Desktop restrictions can be implemented by editing
the following Explorer values in the registry: (all values default
to 0)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoCommonGroups:REG_DWORD
Set it to 1 so that common program groups do not
appear on the Start menu.
NoDesktop:REG_DWORD
Set it to 1 to hide all desktop icons.
NoDrives:REG_DWORD
The low order (right most) bit is drive A: while the 26th bit is Drive Z:
To hide a drive, turn on its' bit. These drives will still appear in File Manager. To remove File Manager, delete winfile.exe. If your not happy working in Hex, add these decimal number to hide the drive(s):
A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L:
2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144,
T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z:
33554432, ALL: 67108863
NoFileMenu:REG_DWORD
If set to 1, the File menu in Explorer is removed.
NoFind:REG_DWORD
Set it to 1 to remove the Find command from the Start
Menu.
NoNetConnectDisconnect:REG_DWORD
A value of 1 removes the "Map Network Drive"
and Disconnect Network Drive menu and right click options.
NoNetHood:REG_DWORD
Set it to 1 to remove the Network Neighborhood icon
and prevent network access from explorer (it will still work from
a command prompt).
NoRun:REG_DWORD
If set to 1, the Run command is removed from the
Start menu.
NoSetFolders:REG_DWORD
Set it to 1 to hide Control Panel and Printers and
My Computer in Explorer and on the Start Menu.
NoSetTaskbar:REG_DWORD
If set to 1, only Drag and Drop can be used to alter the Start Menu and Desktop.
The Taskbar does not appear on the Start Menu.
NoTrayContextMenu:REG_DWORD
If set to 1, menus do not display upon right click
of the taskbar, start button, clock, or taskbar application icons.
The entry is only available for NT 4.0 with SP 2 or greater.
NoViewContextMenu:REG_DWORD
If set to 1, menus do not display upon right click
of the desktop or Explorer's results pane. The entry is only available
for NT 4.0 with SP 2 or greater.
RestrictRun:REG_DWORD
Set it to 1 and only programs that you define at:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
can be run on the Workstation.
NoClose:REG_DWORD
Set it to 1 to remove the Shut Down button from the
Start Menu. This does not disable shutdown from CTRL+ALT+DEL.
To totally disable a users ability to shutdown, remove the "advanced"
right to "Shutdown the System" from Policies/User Rights
of User Manager for Domains.
To really lock down the desktop, replace the Explorer
or Progman shell with your own launcher. Edit
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell
and replace the current .exe with yourshell.exe.
System Policies
On computers running Windows NT Workstation or Windows NT Server, the contents of the user profile are taken from the user portion of the Windows NT Registry. Another portion of the registry, the local computer portion, contains configuration settings that can be managed, along with user profiles, using System Policy Editor. With this tool, you create a system policy to control user work environments and actions, and to enforce system configuration for all computers running Windows NT Workstation and Windows NT Server.
With system policy, you can control some aspects of user work environments without enforcing the restrictions of a mandatory user profile. You can restrict what users can do from the desktop; such as restrict certain options in Control Panel, customize parts of the desktop, or configure network settings.
To enforce system policy on your network, you need
at least one computer on your network running Windows NT Server,
configured as a primary domain controller (PDC).
Managing User Profiles Using the System Policy
Editor
User profiles can be assigned to users in a much
more efficient way than creating one profile, and assigning the
profile to each user with User Manager. User profiles can be
configured using the System Policy Editor.
System policies are restrictions
an administrator can place on a computer, user, or global group.
System policies are stored in the registry. User profiles are
stored under the key HKEY_CURRENT_USER. Policies are viewed and
modified using the System Policy Editor.
There are three kinds of policies that can be modified:
computer policies- restrictions to a particular system
user policies- restrictions for a particular user
group policies- restrictions
applied to a global group
On every NT 4.0 machine, there will be a default user policy and a default computer policy, as shown in the screen above. These default policies will apply to every user or computer that does not have a specific policy assigned.
The next few pages will focus on assigning user and
group profiles. A later chapter will discuss assigning of profiles
for the system.
Figure 3-6: Setting Computer Settings with the
System Policy Editor
Double Clicking on the Default Computer Icon in the System Policy Editor will bring up the screen above. As you can see, there are several areas that can be configured, which expand to even more detailed settings that can be configured in a user or computer profile.
Notice that for every configuration option, there
are three different settings:
a checkbox means that restriction is in force
a blank box means that restriction is NOT enforced for this user
a shaded box means that this policy does not
set that restriction in any way
Figure 3-7: User Profile Settings in the System
Policy Editor
User Profile Settings in System Policy Editor
The next few pages will list of all available settings
for controlling User Profiles via the Registry using the System
Policy Editor. When applicable, the registry keys that are modified
are included.
Display Control Panel
Restrict user's access to Display Control Panel
This particular restriction gives the administrator
many options. These options can be manipulated by going to the
following registry path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
And in most cases, changing the REG_DWORD option to a value of 1.
No Display Setting Tab
Change the NoDispSettings
value to 1 to enable, 0 to disable.
No Display Appearance Page
Change the NoDispAppearancePage
value to 1 to enable, 0 to disable.
No Display Background Page
Change the NoDispBackgroundPage
to a value of 1 to enable, 0 to disable
No Display Control Panel
Set the NoDispCPL
value to 1 to enable, 0 to disable
No Screen Saver tab
Change the NoDispScrSavPage
to 1 to enable, 0 to disable.
Desktop
These options can be manipulated by going to the
following registry path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
These values, unless otherwise specified, have a
data type of REG_DWORD.
Set user's wallpaper
This option gives the administrator the potential
to restrict the user to using a specific bitmap for the desktop
wallpaper.
Set user's color scheme
This allows an administrator the potential to restrict the user to using a specific color scheme for the desktop and all shell windows.
Shell Restrictions
These options can be manipulated by going to the
following registry path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
These values, unless otherwise specified, have a
data type of REG_DWORD.
Remove the run command from the Start menu
Change the RestrictRun
value to 1 to enable, 0 to disable.
Remove the taskbar from Settings on Start menu
Change the NoSetTaskbar
to 1 to enable, 0 to disable.
Remove Find command from Start menu
Change the NoFind
value to 1 to enable, 0 to disable.
Hide the drives from the user in My Computer
As mentioned earlier in the chapter, NoDrives can be set in a variety of ways. The low order (right most) bit is drive A: while the 26th bit is Drive Z:
To hide a drive, turn on its bit. These drives will still appear in File Manager. To remove File Manager, delete winfile.exe. If your not happy working in Hex, add these decimal number to hide the drive(s):
A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L:
2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144,
T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z:
33554432, ALL: 67108863
Hide desktop Network Neighborhood icon
Change the NoNetHood
value to 1 to enable, 0 to disable.
Do not list "Entire Network" in Network
Neighborhood
This is located in the following registry path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
Change the NoEntireNetwork
to 1 to enable, 0 to disable.
Do not show workgroup contents in Network Neighborhood
This entry is found under the same path as before.
Change the NoWorkgroupContents
to 1 to enable, 0 to disable.
Hide all the items on the desktop
These options can be manipulated by going to the
following registry path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
These values, unless otherwise specified, have a data type of REG_DWORD.
Change the NoDesktop
value to 1 to enable, 0 to disable.
Disable the shutdown command
Change the NoClose
value 1o 1 to enable, 0 to disable.
Don't save user settings at exit
Change the NoSaveSettings value to 1 to enable, 0 to disable.
System Restrictions
Disable registry-editing tools
These options can be manipulated by going to the
following registry path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
These values, unless otherwise specified, have a
data type of REG_DWORD.
Change the DisableRegistryTools
value to 1 to enable, 1 to enable.
Run only allowed Windows applications
These options can be manipulated by going to the
following registry path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
These values, unless otherwise specified, have a
data type of REG_SZ. The following values are examples of how
listed restricted applications are stored in the registry:
Table 3-13: Example registry entries dealing with
restricted applications.
1:REG_SZ:cmd.exe" 2:REG_SZ:command.com" 3:REG_SZ:excel.exe" 4:REG_SZ:iexplore.exe" 5:REG_SZ:notepad.exe" 6:REG_SZ:poledit.exe" 7:REG_SZ:regedit.exe" 8:REG_SZ:regedt32.exe" 9:REG_SZ:winword.exe" 10:REG_SZ:wordpad.exe"
Windows NT Shell Custom Folders
These settings point the users' explorer shell to
specific directories for use as object containers.
Set a particular path for the Programs folder
The default location of this folder is %SystemRoot%\Profiles\%USERNAME%\Start
Menu\Programs
Set a particular path to find desktop icons
The default location of this folder is %SystemRoot%\Profiles\%USERNAME%\Desktop
Hide start menu subfolders
This option can be manipulated by going to the following
registry path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Set the NoStartMenuSubFolders
(REG_DWORD) to 1 to enable, 0 to disable.
Set a particular path for the Startup items
The default location of this folder is %SystemRoot%\Profiles\%USERNAME%\Startup
Set a particular path for the Network Neighborhood
items
The default location of this folder is %SystemRoot%\Profiles\%USERNAME%\NetHood
Set a particular path for the Start menu items
The default location of this folder is %SystemRoot%\Profiles\%USERNAME%\Start
Menu
Windows NT Shell Restrictions
This option can be manipulated by going to the following
registry path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Only user approved shell extensions
Change the EnforceShellExtensionSecurity
to 1 to enable, 0 to disable.
Remove File menu from Explorer to prevent creation
of new folders or shortcuts
Change to the NoFileMenu
option to 1 to enable, 0 to disable.
Remove common program groups from Start menu
Change the NoCommonGroups
value to 1 to enable, 0 to disable.
Disable context menus for the task bar
Change the NoTrayContextMenu
to 1 to enable, 0 to disable.
Disable Explorer's default context menu
Change the NoDriveTypeAutoRun
to 95 to disable, 0 to enable.
Remove "Map Network Drive" and "Disconnect
Network Drive" options
Change the NoNetConnectDisconnect
value to 1 to enable, 0 to disable.
Disable link file tracking
Change the LinkResolveIgnoreLinkInfo
value to 1 to enable, 0 to disable.
Figure 3-8: More Options within the System Policy
Editor
Windows NT System Restrictions
These parameters will pass down and modify registry
settings that affect the local computer's internal registry.
Disable Task Manager
This parameter is found in the following registry
path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Change the value DisableTaskMgr
to 1 to enable, 0 to disable.
Parse AUTOEXEC.BAT
This parameter can be set to determine whether or
not Windows NT will parse the contents of an AUTOEXEC.BAT file
to use SET and PATH environment variables. The Registry path is
as follows:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Set the value ParseAutoexec
to 1 to enable, 0 to disable.
Run Login Script in Sync
When a user logs on to Windows NT, the user can have both a Login Script and a Profile controlling their user environment. At first, they will remain in sync unless you turn this value off. If set to off, the User Profile will not load until the login script completes. The registry path for this location is:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Change the RunLogonScriptSync value to 1 to enable, 0 to disable.
Show Welcome Tips at Login
The user, when logging on, will see "Welcome
To Windows NT " on the screen with a "tip of the day."
By default, the user will have the option of changing the screen
to where it does not appear everytime they log on. However, the
following registry path:
Software\Microsoft\Windows\CurrentVersion\Explorer\Tips
Has a value called Show which when set to 1, will force the user to see it every time they log on. When set to 0, this is disabled.
Computer Policies/Restrictions
There are certain restrictions you can place on Computers via System Policies. If these computers belong to a domain, you can use the system policy editor to set system-wide restrictions that will affect all users who will use that computer.
Network policies
System Policies Update
Remote Update is a setting that can determine how
an administrator wants system policies to be updated remotely
on participating Windows NT computers. The registry path is as
follows:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Update
The first value UpdateMode,
will determine whether or not System policies will be remotely
updated. A value of 1 will enable this feature automatically,
2 will enable it manually, and 0 will disable this. The value
name NetworkPath
will display the path for manual updating of system policies.
The value name Verbose
determines whether or not errors will be displayed. The value
for this will be 1 to enable, 0 to disable.
System
SNMP
SNMP stands for Simple Network Management Protocol.
This is a component that is managed as an optional TCP/IP service
that allow for vendor-independent tracking and management in which
an SNMP-compatible manager can keep tabs on any node that has
an SNMP-compatible agent. The following SNMP parameters can be
set using System Policies.
The Communities option can be set in the following
registry path:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities
Community names are case-sensitive strings (REG_SZ)
that are set with blank value names.
The Permitted Managers option can be set in the following
registry path:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers
The Permitted Managers option is a list of REG_SZ
options that contain the addresses of stations in which SNMP management
are allowed.
The Traps for Public Community option can be set
in the following registry path:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration\Public
The trpas option has REG_SZ values that contain the
address of station where SNMP traps are logged.
Run
This is where an administrator can place entries
that are actually program that will automatically run at startup.
These programs can be set in the following registry path:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
The entry above actually is the next stage to the
former "run" option in the WIN.INI file found in previous
version of 16-bit Windows. All items that the administrator wants
running on that machine when the Windows subsystem starts.
Windows NT Network
The remainder of these options are actually manipulated
by going directly to those registry entries on the local machine
and making those modifications. We will avoid redundancies by
mentioning those in forthcoming chapters as we further discuss
those sections.
Sharing
There are two options that prevent or enable the
computer to maintain hidden administrative shares. By default
the shares are in place. The root of every volume on an NT Workstation
or Server is shared by the corresponding drive letter followed
by a dollar sign (C$, D$, etc.) These are exclusively for administrators
to access via a direct UNC path (\\servername\C$) and the permissions
can not be set. The two policy options for these shares are:
Windows NT Printers
Windows NT has System Policy options that control
the Print Process on that specific computer. The following options
can disable print browsing, adjust the priority of the Print Spooler,
and to audibly notify the user in the event of a print error respectively:
Windows NT Remote Access
Windows NT has System Policy options that control
the Remote Access options on that specific computer. The following
options can be set:
Windows NT Shell
Windows NT has System Policy options that control
the various shell parameters that are system-wide on that specific
computer.
Custom shared folders
These are folders that will appear as common program
groups, start menu, and desktop icons that will appear on all
computers. The individual options include:
Windows NT System
Logon
Windows NT has System Policy options that control
the Logon dialog box on that computer on that specific computer.
These include:
File System
Windows NT has System Policy options that control
certain File System options on that specific computer. They include:
Windows NT User Profiles
This is where an administrator can adjust how a Windows NT Computer deals with Roaming and Local Profiles on that particular computer. These parameters include:
OTHERS
These are options that can be set within the Registry
that are not included with the standard system policy templates
installed with Windows NT. You can either create a Policy Template
file (.ADM extension) in order to incorporate with system policies
or edit directly using a Registry Editor.
Printers
These options are found in the following registry
path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoAddPrinter:REG_DWORD
This parameter will prevent users from invoking the
Add Printer wizard. Setting to 1 prevents using it, setting it
to 0 allows for its use.
NoDeletePrinter:REG_DWORD
This parameter will prevent users from deleting an
existing wizard. Setting to 1 prevents using it, setting it to
0 allows for its use.
Network
File Sharing Control
To prevent the user from establishing shared folders,
an administrator can adjust the "NoFileSharingControl"
option located in:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
Setting this value to 1 enables this feature, 0 disables
it.
No Network Properties
To restrict the user from accessing the Network Properties
dialog box, go to the following registry path:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network
Change the "NoNetSetup"
value to 1 to enable it, 0 to disable it.
Killing Services
In order to adjust the time it takes to kill services
when shutting down the computer, add the following registry value
under the following path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Value Name: WaitToKillServiceTimeout Data Type: REG_SZ Value: in milliseconds.
This key tells the service control manager how long to wait for services to
complete the shut-down request. The default is 20000
milliseconds.
You must wait long enough for the services to complete
an orderly shutdown.
Policy Files
Policy files are stored in the NETLOGON share of the domain controller
The policy file must be called NTCONFIG.POL
When a user logs in, the policy file is read, and
the user's desktop is restricted as you configured.
System Policy Files
To make a change to a user or group profile, follow these steps. Note that these steps assume you haven't any pre-existing policies.
After starting System Policy Editor, create a new policy.
Add the user or group you want to make changes to. Double click on the new icon to see the properties screen.
Select the polices that you want to modify (you can use the list on the previous two pages). Recall that a checkmark indicates that option is true, a white box indicates that option is false, and a gray box indicates no setting. Set the values as you see appropriate.
When you have completed changes, you will need to save your changes to a policy file. Policy files are stored in the NETLOGON share of the domain controller for that domain. (That directory is typically %systemroot%\system32\Repl\Import\Scripts.) The file name must be NTCONFIG.POL.
The next time that user logs in, their desktop will be restricted as you configured.
![]() ![]() |
![]() ![]() |
![]() ![]() |
COMPUTING MCGRAW-HILL | Beta Books | Contact Us | Order Information | Online Catalog
Computing McGraw-Hill is an imprint of the McGraw-Hill Professional Book Group.