1. Performance Enhancements.
To free up memory, you can automatically unload unused dlls when they are not required by creating the following key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDll]
and change the default data value to 1.
To change the maximum number of connections available for IE to download files (usually set at three if I remember correctly) create or modify the following:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MaxConnectionsPerServer"=dword:0000000a
"MaxConnectionsPer1_0Server"=dword:0000000a
To remove the welcome screen at bootup, in theory speeding up boot times:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoWelcomeScreen"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWelcomeScreen"=dword:00000001
Note that while the first entry should do the trick, the current_user entry ensures that this is the case.
To reduce menu speeds and application start up and shutdown times, the following entries can be modified thus:
[HKEY_CURRENT_USER\Control Panel\desktop]
"AutoEndTasks"="1" (closes running apps on shutdown - default value is 0)
"HungAppTimeout"="500" (default value is about 10 times this)
"MenuShowDelay"="50" (menu popup delay - default value is about 10 times this)
"WaitToKillAppTimeout"="2000" (waittime before windows shuts down - default value is about 10 times this)
NB - please see also the section on wallpapers under user restrictions for other entries relating to [HKEY_CURRENT_USER\Control Panel\desktop].
2. Restricting Access on Multi-user Machines.
Setting up multiple-user machines often requires that the end-users are restricted in their ability to roam the system, preventing them from making changes willy-nilly, deleting files and generally making a nuisance of themselves. Multiple-user systems can be an administrative nightmare, but a few simple steps can severely impede your users from destroying the system you have lovingly built for them.
Firstly, create a dummy user with administrative privileges.
Log on as this dummy user.
Open up the registry using regedit.
There are two areas of the registry that are of relevance here:
i. explorer and system management entries - protecting the system.
Firstly, in explorer, select tools
options
view
select "do not show hidden files and folders" and
select "hide protected operating system files (recommended)"
Now, in the registry, find:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
and create the following entry:
"NoFolderOptions"=dword:00000001
Next, back in explorer, hide (right click, then select "properties" from the context menu) all directories/folders that you don't want you users to see. When given the option, just hide the top of the folder trees, leaving all the files within unchanged.
Using tweakui, in "my computer" hide all the drives that you don't want your users to see (programs can still be run from within these hidden drives, folders and directories, the users just wont be able to see the files within them.) I prefer to hide just about everything bar the users' document and settings directory - what they can't see, they can't destroy!
Now, add these two further entries to:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoManageMyComputerVerb"=dword:00000001
"NoPropertiesMyComputer"=dword:00000001
This will prevent your users from accessing the system properties window, or from being allowed to modify the various changes you make to the registry.
There are some further control options of interest to be found within
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]...
Force the windows classic menu by adding the following: "NoSimpleStartMenu"=dword:00000001 Remove the run option from the start menu: "NoRun"=dword:00000001 In conjunction with the above, you should also remove all links to the command prompt in the start menu.
Please note - it is also possible to prevent access to the command prompt by applying the following registry setting to: [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System] "DisableCMD"=dword:00000001 Remove the logoff button from the start menu: "StartMenuLogOff"=dword:00000001 and remove the shutdown button from the start menu: "NoClose"=dword:00000001
Q - why would you want to use the above two entries?
A - I don't want them to be able to turn off the machine easily. To allow them some modicum of control, create a batch file containing the following:
@echo off
msg /w /time:20 * Auto-shutdown! Press OK to continue.
c:\windows\system32\rundll32.exe powrprof.dll, SetSuspendState Hibernate
shutdown -l -t 0
and place links to this batch file within the user's desktop and start menu, called "shut down!"
Users can use this to force the machine into hibernation but, when the machine is turned on again, the batch file continues, logging out the user and returning them to the login screen. Secondly, create a power profile so that, when the user presses the power button on the computer, the system hibernates rather than shuts down. (See also the selection below on power profiles.)
Now, as the system administrator (not the dummy user) create two new jobs in the task scheduler, one called "reboot", the other "hibernate". Their names are self-explanatory.
While "reboot" should call a batch file containing the following:
shutdown -r -t 0
"hibernate" should call a batch file containing the following:
c:\windows\system32\rundll32.exe powrprof.dll, SetSuspendState Hibernate
Under the settings section for both jobs, ensure that, for power management, "Wake the computer to run this task" has been turned on, while the other two options, "Don't start the task if the computer is running on batteries" and "Stop the task if battery mode begins" are unchecked. Set the two jobs to run everyday, at a time when your users are unlikely to be inconvenienced (the middle of the night is an obvious time) - the two jobs should be set to run a few minutes apart, with the "reboot" job being the first to run.
The principle behind running these two seperate batch jobs is as follows. Firstly, to allow for optimum system performance, it is advisable to occasionally reboot your machine, as opposed to always pushing it into hibernation. Secondly, this setup ensures that, if a user abandons the machine overnight and is still logged in to their account, when the machine is turned on again in the morning, users are presented with a login prompt, rather than access to somebody's account.
To prevent similar problems occuring during daytime use, it is advisable to prompt the user for a password when the computer resumes from standby. This can be setup on the "advanced" page of the power options aplet.
Finally, log in again as the dummy user. Edit the registry once more and, if it does not exist, create the following registry key:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Task Scheduler5.0]
Within this registry key, create the following DWORD values:
"Property Pages"=dword:00000001
"Execution"=dword:00000001
"Task Deletion"=dword:00000001
This will prevent your users from interfering with the two scheduled tasks you have setup.
Q - honestly, why would you want to do this?
A - in simple terms, short of pulling the plug out, this allows you and only you, the administrator, to shut down the machine, and hence get access to safe mode booting and command prompts etc.
ii. Desktop Management Entries.
Remember, you should still be logged on as the dummy user (with administrative priviliges) when performing
the following registry changes.
Power Profiles.
To prevent your users from altering the power profile you have created, in the following registry key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
add:
"NoDispScrSavPage"=dword:00000001
Display Settings.
If you want to preserve your functioning desktop, you can prevent your users from making any changes (right clicking the desktop and selecting "properties" from the context menu) by adding the following to the same registry key as before:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispSettingsPage"=dword:00000001
"NoDispBackgroundPage"=dword:00000001
"NoDispAppearancePage"=dword:00000001
Employing all four of the above DWORD entries will effectively remove all the standard tabs from the desktop properties window.
Wallpapers.
Once you have hidden the display settings screen (as described above), it is essential that you adjust the following registry key:
[HKEY_CURRENT_USER\Control Panel\desktop]
change:-
"wallpaper"="C:\\Documents and Settings\\dummyuser\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp"
"OriginalWallpaper"="C:\\Documents and Settings\\dummyuser\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp"
to:-
"wallpaper"="%USERPROFILE%\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp"
"OriginalWallpaper"="%USERPROFILE%\\Local Settings\\Application Data\\Microsoft\\Wallpaper1.bmp"
Finally, back in tweakui, remove all unnecessary components from the control panel, including tweakui itself.
Entries suitable for removal are:
appwiz.cpl - add / remove programs applet.
desk.cpl - desktop control panel window.
hdwwiz.cpl - add new hardware applet.
main.cpl - mouse and keyboard applets.
mmsys.cpl - sound and audio setup applet.
nusrmgr.cpl - user accounts.
powercfg.cpl - power options.
sysdm.cpl - system applet.
tweakui.cpl - tweak.
Now, log off and log on again as administrator.
Change dummy user's privileges to limited. Logon and logoff dummy user once more, logon as administrator then copy the dummy user profile into the default user profile in documents and settings using:
control panel
system
advanced
user profiles - click on settings
select dummy, then "copy to"
select default user under documents and settings
and press OK.
Finally, to ensure that the default desktop wallpaper is being used, copy the contents of:
C:\Documents and Settings\[dummy]\Local Settings\Application Data\Microsoft
to:- C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
Now, all new users you set up will have the same initial setup, desktop and restrictions as your dummy user.
3. "Beautification."
i. Adobe Photoshop ShellNew Entries.
If, like me, you hope to run a clean machine, you may be inclined to reduce the number of superfluous features available during the everyday operation of your XP system. One feature I personally find rather unnecessary is the unwanted addition of new files types to the shellnew menu (the various file-types you can create by right clicking on the desktop or in a folder, then selecting 'new') that occurs whenever I install a new application. Fortunately, by using tweakui or one of its counterparts, it is possible to control your shellnew entries. However, if you deselect adobe photoshop (.PSD) inside tweakui, you will soon discover that, although the entry is temporarily removed from the right-click new file list (even after rebooting), as soon as you run photoshop again, the entry reappears on the list, and again has to be removed via tweakui. Even removing the following entries in the registry:
[HKEY_CLASSES_ROOT\.psd\ShellNew]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.psd\ShellNew]
makes no difference - as soon as you run the application, back they come again, like the veritable bad penny.
However, there is a way of beating this annoying feature of photoshop.
Firstly, as an administrator, create in notepad a simple registry file called say, photoshopfix.reg, and place within it the following entries:
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\.psd\ShellNew]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.psd\ShellNew]
Then, create a batchfile called say photoshopfix.bat and place within it the line:
regedit /s photoshopfix.reg
Place both photoshopfix.reg and photoshopfix.bat in the following directory:
C:\WINDOWS\SYSTEM32\GroupPolicy\Machine\Scripts\Shutdown
Finally, from the run menu, type gpedit.msc to open up the group policy editor and select:-
local computer policy
computer configuration
windows settings
scripts (startup/shutdown) and select shutdown in the right hand window
click on add, then click on "browse"
goto C:\WINDOWS\SYSTEM32\GroupPolicy\Machine\Scripts\Shutdown
if you are not there already and select photoshopfix.bat
Now, every time you reboot your machine, any changes made by photoshop to the shellnew menu will be automatically removed.
ii. Low Disk Space Notification.
I am a big fan of using custom-sized paging (swap) files, and providing them with their own disk space. Whenever you set up a new computer, create a separate logical drive the same size as the required swapfile (about one and half to two times the size of available system RAM) and then, after installing windows, select via system options in the control panel the following:-
advanced
performance
advanced
virtual memory.
Now, prevent windows from controlling the paging file and instead create and set a custom paging file on the drive you have setup specifically for this purpose, setting both the minimum and maximum values of the paging file to the total size of the drive.
However, doing this creates a new problem. Once you have assigned the entire drive space of the logical "swap" drive to this newly created paging file, windows becomes determined to constantly remind you that you are running out of disk space on this drive. Under older versions of windows, it was possible to control this feature using the following registry entry:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"DisableLowDiskSpaceBroadcast"=dword:00000032
The DWORD values for this registry entry are documented here, and here.
In this case 32 refers to the hex value for drive F: where my paging file resides (see above).
However, this does not appear to work very well under xp.
You can disable ALL broadcasts relating to low disk space by using the following entry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoLowDiskSpaceChecks"=dword:00000001
Unfortunately, if you have other drives where you need to know if you are running out of space, then this is not a viable alternative.
Another option is to change the system-wide broadcast level, which is usually set at 10%, to a much lower value, say 1%.
To do this, under:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver]
add the following registry entry:
(NB if default = 10%
"DiskSpaceThreshold"=dword:00000010)
"DiskSpaceThreshold"=dword:00000001
then reduce the size of your paging file to slightly less than 99% of the total size of your swap drive, and you will no longer receive "out of disk space" messages for this drive, while any other drives dropping below this 1% limit will continue to generate low disk space broadcast messages.
iii. Balloon Tips.
Once you've grown used to windows, it's unlikely to hold many surprises for you. If you no longer want to experience the often irritating balloon tips that appear whenever something "of importance" happens on your system, modify the following registry entries.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSMBalloonTip"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced]
"EnableBalloonTips"=dword:00000000
