You are here

Making Windows not so bad...

6 posts / 0 new
Last post
Bahamut
Bahamut's picture
Offline
Last seen: 12 years 6 months ago
Joined: 2006-04-07 08:44
Making Windows not so bad...

Share tips/tricks related to customizing/hardening/bettering Windows. This includes, but is not limited to registry hacks, system file hacks (e.g. various files used by msconfig, service configuration tips, and 3rd party software (e.g. alternative shells).

Registry hacks (or "changes" if you prefer) should be in the following format:

Description
OS (Vista has many things added, removed, or rearranged since previous versions)
Permissions needed (any user, affected user, admin; admin implies elevated status)
What needs to be done to see the change (i.e. reboot, log off, or nothing; reboot is the safest way to go)
Key (abbreviations are fine)
Change to be made
Caveats (if any)

It should be understood that a change to HKCU affects only the logged on user and a change to HKLM affects the entire system.

---

Tip:
HKU (HKEY_USERS) contains HKCU entries for all users. It is useful for making changes to another account's HKCU hive or to affect multiple multiple account. This can be quite useful since a user doesn't have full control over his/her own HKCU (why this is baffles me). Finding the user's ID can be a challenge if there are many accounts. Most changes will need to be made in the long ID folders. The last number should be 1000 or more (i.e. it is on my setup). 1000 should be for the first user created (i.e. the admin account you created during the installation process). AFAIK, the numbers go in order of account creation (1001 is the 2nd account created, 1002 the 3rd, etc.). To know for sure, open regedit as the user you want to affect and create a bogus key somewhere in HKCU. Then close regedit and reopen it as an admin (elevated). Look for that key in HKU and you'll find your magic number.

Registry hack:
Desc: Disable desktop icons (icons will be accessible, but won't be drawn on the desktop)
OS: Works with Vista SP1 HP, will probably work on 2K and XP
Permissions needed: Admin (IIRC, SYSTEM owns the key and the user only has read permissions; see tip on HKU above)
Action needed to see a change: Probably a reboot.
Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer (or HKU\[ID] instead of HKCU if you need to do this for a limited user)
Change: New binary value named NoDesktop. Set value to 01 00 00 00.
Caveat 1: the right-click on the desktop doesn't work anymore. You should have access to the features elsewhere (e.g. Personalize is available via Control panel).
Caveat 2: You may be missing your wallpaper. Don't worry; just go to the picture with your file manager and use the right-click menu option "Set as Desktop Background".
Caveat 3: Your shell (Explorer, which includes your taskbar/start menu, etc.) may not start (this happened to me, but it could be the result of something else). An Explorer window should be open. Navigate to %windir%\system32 and open explorer (not strictly necessary, but it will help you keep your sanity). Open regedit and go to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon and set Shell to explorer.exe. If for some reason the key doesn't exist, create it (it's a string value). A logoff should be sufficient.

I have a few more, but I don't have much time right now.

YMMV, especially if you're not using Vista HP SP1. And always export the key before changing so that you can revert in case something bad happens. You may want to make a System Restore point as well.

m2
Offline
Last seen: 13 years 4 months ago
Joined: 2006-12-12 12:00
PowerPro

PowerPro.
It's a tool similar to AutoIT / AutoHotkey, but let's you do a lot...really a lot of things with GUI. Also, it has great number if plugins which simplify doing some unusual stuff.
It's Windows only => Linux sucks.

"Those people who think they know everything are a great annoyance to those of us who do." Asimov

Bahamut
Bahamut's picture
Offline
Last seen: 12 years 6 months ago
Joined: 2006-04-07 08:44
As promised, I have a more.

Reg. Hack 1:
Desc.: NTFS options (disabling a feature reduces overhead and improves performance)
OS: Works with Vista SP1, probably works with XP
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
Change 1: NtfsDisableCompression - set to 1 to disable NTFS compression, 0 to enable
Change 2: NtfsDisableEncryption - set to 1 to disable NTFS encryption capabilities, 0 to enable
Change 3: NtfsDisable8dot3NameCreation - set to 1 to disable 8.3 file names for DOS, 0 to enable
Caveat 1: You will probably not be able to decrypt/decompress anything encrypted via NTFS encryption/compression while it is disabled.
Caveat 2: Disabling 8.3 name creation will break DOS compatibility.

Vintage!

m2
Offline
Last seen: 13 years 4 months ago
Joined: 2006-12-12 12:00
It's not only DOS

It's not only DOS compatibility, some modern programs use it too. One example I know is a tool meant to delete "undeletable" files. I don't know if it needs them, but I see some 8.3 names in files generated by Total Commander.

"Those people who think they know everything are a great annoyance to those of us who do." Asimov

Bahamut
Bahamut's picture
Offline
Last seen: 12 years 6 months ago
Joined: 2006-04-07 08:44
I was in the middle of

I was in the middle of editing that post. Grrrr...

Vintage!

Bahamut
Bahamut's picture
Offline
Last seen: 12 years 6 months ago
Joined: 2006-04-07 08:44
UAC options and more

RH 1:
Desc.: Disable Secure Desktop for UAC prompt (acts like a normal window)
OS: Vista (should work for all versions)
Permissions needed: admin
Action for change: IIRC, it's immediate, but if not, a reboot will do it
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Change: set PromptOnSecureDesktop to 0.
Caveat: other apps can mess with UAC prompts and fake UAC prompts are not easily detected. If are worried about malware pressing the "Continue" button for you, either leave this setting alone or require a password for UAC prompts (see the next hack). This caveat does not apply to standard accounts since they need an admin password anyway.

RH 2:
Desc.: Change UAC prompt behavior for admins (bypass/consent/credentials)
OS: Vista
Permission needed: admin
Action for change: see RH 1
Key: see RH 1
Change: set ConsentPromptBehaviorAdmin to 0 to bypass (elevates without prompt), 1 to require consent ("Continue"/"Cancel"), 2 to require credentials (password is required to elevate). Setting to 0 does NOT disable UAC.

RH 3:
Desc.: Require Ctrl+Alt+Del for login/unlock
OS: 2K and newer, IIRC
Permission needed: admin
Action for change: none (immediate change)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Change: set DisableCAD to 0.
Caveat: the CAD screen will display the logged on user's username regardless of the name given to the account via the User Accounts CP applet. If you are worried about others finding out the username, keep it disabled.

Tip:
Desc.: Have a background (similar to the default wallpaper) during boot instead of just black.
OS: Vista
Permission needed: admin
Change: open msconfig (with admin privileges), go to the Boot tab and check "No GUI boot".

There's a way to require a username to logon, but I can't remember the key. There's a checkbox in User Accounts for this in the Business and Ultimate editions of Vista, but a registry edit is required for Home editions.

Vintage!

Log in or register to post comments