Regedit Notes..

8/13/2019 Regedit Notes..

1/22

Regedit Notes System Settings

Notes: The settings here apply to system-wide configurations. These settings are all applied tocomputers, not users.

Registered Owner Key:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion ValueName: RegisteredOwner Value Type: REG_SZSet To: New Owner's NameNotes: This key controls the Owner's name in the system tab of control panel, and in any

programs that reads this data. This has little to no effect in Windows, it's merely a cosmetic change.

Explorer SettingsNotes: All the settings here work with explorer. They should not be used for a sole means of security, as they do not remove the rights to perform actions. They merely remove the ability todo an action via Explorer.

Disable Desktop Right ClickKey:(HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name:NoViewContextMenuValue Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 Default)Notes: Use this to disable right click context menu on the desktop.

Show Windows Version On DesktopKey: HKCU\Control Panel\DesktopValue Name: PaintDesktopVersionValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 Default)Notes: Displays the current Windows version on top of the desktop wallpaper.

Disable ShutdownKey:(HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoCloseValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 Default)Notes: Removes the shutdown option from the start menu. This should be used with removal theshutdown system right. This key does not prevent the user from turning off the computer, it only removes the shutdown button from the start menu.

Disallow These Programs From Running (1)Key:(HKCU|HKLM)\Software\Microsoft\Windows\Current


2/22

Version\Policies\Explorer Value Name: DisallowRunValue Type: REG_DWORDSet To: 1Notes: This enables disallow run. Any programs later added to the DisallowRun subkey will not be ran from explorer.Programs can still be ran by other means, and they can be renamed to bypass this.

Disallow These Programs From Running (2)Key:(HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun Value Name: 1+Value Type: REG_SZSet To: Application's NameNotes: This is the container for the DisallowRun. Each program should be placed in theDisallowRun key. The first program's value should be called 1. And if the program was, for example, cmd.exe, then the string value should be cmd.exe. Renaming files will bypass this.

Allow ONLY These Programs To Run (1)Key:(HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: RestrictRunValue Type: REG_DWORDSet To: 1Notes: This enables RestrictRun. This is like Disallow Run, but explorer will only run programslisted in this key. Make sure you enable regedit for your account, or have some other means toreverse this. This is Opt-In security.

Allow ONLY These Programs To Run (2)Key:(HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun Value Name: 1+Value Type: REG_SZ

Set To: Application's NameNotes: This is the container for the Restrict Run. Each program should be placed in the Restrict Run key. The first program's value should be called 1. And if the program was, for example,cmd.exe, then the string value should be cmd.exe. Renaming files will bypass this.

Shell FoldersKey:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Value Name: VariousValue Type: REG_SZSet To: New PathNotes: This key contains different paths to special folders for the user, such as desktop, CDBurning, Programs, Start Menuand the like. I personally like to use NTFS Junctions rather then change the folder location,since some programs write to the default location without checking for the correct value.

Application SpecificNotes: The settings here are for the listed applications only. These can be used to set optionson all computers on a network remotely, or to lock in settings by disabling the write permission tothe key.

Application: Notepad


3/22

Set Font (Notepad)Key: HKCU\Software\Microsoft\NotepadValue Name: lfFaceNameValue Type: REG_SZSet To: Font name (For example: Lucida Console)Notes: Sets the default font used in notepad.

Italics (Notepad)Key: HKCU\Software\Microsoft\NotepadValue Name: lfItalicValue Type: REG_DWORDSet To: 0 to disable, 1 to enable (default is 0)Notes: Sets the italics for notepad.

Font Size (Notepad)Key: HKCU\Software\Microsoft\NotepadValue Name: iPointSizeValue Type: REG_DWORD

Set To: Desired font size.Notes: This setting controls the font size. The value should be 10x the desired size. For example, toset a font of size 24, thenenter a decimal value of 240.

Window Size (Notepad)Key: HKCU\Software\Microsoft\NotepadValue Name: iWindowPosDX & iWindowPosDYValue Type: REG_DWORDSet To: Desired Window SizeNotes: Change these two values to control the default size of notepad when opened.

Internet Explorer

Disable ability to close browser (Internet Explorer)Key:(HKCU|HKLM)\Software\Policies\Microsoft\Inter net Explorer\Restrictions Value Name:NoBrowserCloseValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)

Notes: When the user presses the close button, or tries to close view the file menu, the action is deniedwith a message stating "The operation has been canceled due to restrictions in effect on this computer.Please contact your system administrator" IE can still be closed by killing the process. If this restrictionis in place on a user account, and IE is ran under the context of a different user, the first user can not kill

the process of the second user. This allows internet explorer to be always active in kiosk computers.

Remove FavoritesKey:(HKCU|HKLM)\Software\Policies\Microsoft\Inter net Explorer\Restrictions Value Name:NoFavoritesValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: Removes the Favorites menu from Internet Explorer.


4/22

Disable Context Menu (Right Click)Key:(HKCU|HKLM)\Software\Policies\Microsoft\Inter net Explorer\Restrictions Value Name:

NoBrowserContextMenuValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: Removes the ability to right click in IE

Remove File -> Open MenuKey:(HKCU|HKLM)Software\Policies\Microsoft\Inter net Explorer\Restrictions Value Name:NoFileOpenValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: Removes the File -> Open that can be used to launch other programs. Helps keep acleaner look in a Kiosk machine, but NTFS permissions should still be used to limit what

programs the end user may run.

Remove File -> Save As MenuKey:(HKCU|HKLM)Software\Policies\Microsoft\Inter net Explorer\Restrictions Value Name:NoBrowserSaveAsValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: Removes the File -> Save As that can be used to launch other programs. Helpskeep a cleaner look in a Kiosk machine, but NTFS permissions should still be used to limit what

programs the end user may run.

Remove Address Bar Key: HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions Value Name:NoAddressBar Value Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)

Notes: By removing the address bar, and disabling Explorer, you can use a single HTML page as thecomputers interface on a kiosk machine

Automatic Update SettingsNotes: These settings allow the user to fine-tune how Automatic Updates run on a system.Most of these settings can be set via Group Policy using default templates shipped in 2K and

2K3.

Automatic UpdatesKey:HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU Value Name:NoAutoUpdateValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: This is the key to DISABLE auto updates. So setting it to 1 enables disable automatic


5/22

updates. In other words, set it to 1 to turn off automatic updates.

Automatic Updates - OptionsKey:HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU Value Name:

AUOptionsValue Type: REG_DWORDSet To: 2, 3, 4, 5

Notes: These options control if it downloads the updates on it's own, or if it just tells the user whendownloads are out. It also controls if the service will install the updates, or prompt the user to installthem later. 2 will tell you when there are updates to download. 3 will download them automatically, andask for an install. 4 will fully automate the process, but may not finish the installs till you reboot. Touse 4, you must have ScheduledInstallDay and ScheduledInstallTime set. 5 forces automaticupdates to be enabled, but allows the end users to configure it.

Automatic Updates - Install OptionsKey:HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU Value Name:ScheduledInstallDayValue Type: REG_DWORDSet To: 0~7Notes: Controls on what day the updates will be installed. 0 is daily, while 1~7 is a set day of theweek, Sunday to Saturday.

Automatic Updates - Install Options 2Key:HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU Value Name:ScheduledInstallTimeValue Type: REG_DWORDSet To: 0~23Notes: Controls at what time Windows will install the updates, in 24 hour format.

Automatic Updates - Auto Reboot When Logged OnKey:HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU Value Name:NoAutoRebootWithLoggedOnUsersValue Type: REG_DWORDSet To: 0 or 1

Notes: Controls if Windows will automatically reboot when a user is logged on. Setting to 1 will promptthe user to reboot, while setting to 0 will cause Automatic Updates to notify the user that thecomputer will reboot. Default time till reboot is five (5) minutes.

Allow Raw Sockets For Users (Windows 2003)Key:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: AllowUserRawAccessValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)


6/22

Notes: By default, only Administrators can access raw sockets on a Windows 2003 system.Setting this value to 1 allows rawsocket usage for all users.

Arp Cache Keep AliveKey:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: ArpCacheLifeValue Type: REG_DWORDSet To: 0 to 0xFFFFFFFF (4,294,967,295 Decimal)Notes: Controls the time, in seconds, that an entry stays within the ARP cache. Without thiskey, defaults are two minutes for unused entries, and ten minutes for used entries.

Data Base PathKey:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: DatabasePathValue Type: REG_EXPAND_SZSet To: Path to files. (Default: %SystemRoot%\system32\drivers\etc)

Notes: This controls the path to TCP\IP's database files, Hosts, Lmhosts, Network, Protocols,Services. Sometimes changed by malware to bypass restrictions on the hosts file.

Default Time To LiveKey:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: DefaultTTLValue Type: REG_DWORDSet To: 0~0xFF (0~255 Decimal, 128 Default)Notes: Adjusts the TTL of outgoing IP packets. Raising TTL can cause larger broadcast stormsif routing loops are formed in network topology.

Disable Offloading to Network CardKey:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value Name:DisableTaskOffloadValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: Allows functions in the TCP\IP stack to be performed by the hardware in the network card. Disabling this will cause greater load onto the CPU as the system must handle all functions. This is used for troubleshooting only.

Enable Detect Dead GatewayKey:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: EnableDeadGWDetectValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (1 by default)Notes: This causes TCP to detect if the main gateway has went down, and will switch to any secondary gateways configured in TCP\IP properties.

Enable Multicast Forwarding


7/22

Key:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: EnableMulticastForwardingValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)

Notes: This controls if the computer will forward Multicasts across other networks. This isonly used when the computer is running as a Routing and Remote Access Server (RRAS).

Enable Path MTU DiscoveryKey:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: EnablePMTUDetectValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (1 by default)

Notes: Controls if windows will try to discover the Maximum Transmission Unit (MTU) over the path toa remote host. If the MTU used is larger then what is supported, then the packet will becomefragmented in transport. Fragmentation can cause network congestion and excess load on networking

devices as they assemble the packets back into whole units of data.Syn Attack Protection

Key:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: SynAttackProtectValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (1 by default on Windows 2K3 with SP1, 0 by default on 2K3with SP0)Notes: Enables the SYN attack protection in SYN-ACK floods. Please see the Windows 2003TCP\IP Implementation in the References section for more information. It is recommended that it is set to 1 on all SP0 configurations, if SP1 can not be installed for some reason.

Backup / Restore the Registry

To Backup/Restore the Windows Registry: Windows 9x For XP 2000 click hereIf you are in MSDOS, at the C:\Windows prompt type

Attrib -s -r -h C:\Windows\System.dat (press Enter)Attrib -s -r -h C:\Windows\User.dat (press Enter)

To make the backup copies type:copy C:\Windows\System.dat C:\Windows\System.000 (press Enter)copy C:\Windows\User.dat C:\Windows\user.000 (press Enter)

To Restore the Registrycopy C:\Windows\System.000 C:\Windows\System.dat (press Enter)copy C:\Windows\User.000 C:\Windows\user.dat (press Enter)

Add Open With to all filesYou can add "Open With..." to the Right click context menu of all files.This is great for when you haveseveral programs you want to open the same file types with. I use three different text editors so I addedit to the ".txt" key.


8/22

1. Open RegEdit2. Go to HKEY_CLASSES_ROOT\*\Shell3. Add a new Key named "OpenWith" by right clicking the "Shell" Key and selecting new4. Set the (Default) to "Op&en With..."5. Add a new Key named "Command" by right clicking the "OpenWith" Key and selecting new6. Set the (Default) to "C:\Windows\rundll32.exe shell32.dll,OpenAs_RunDLL %1", C:\ being yourWindows drive. You must enter the "OpenAs_RunDLL %1" exactly this way.

Customize the System TrayYou can add your name or anything you like that consists of 8 characters or less. This will replace the AMor PM next to the system time. But you can corrupt some trial licenses of software that you may havedownloaded.

1. Open RegEdit2. Go to HKEY_CURRENT_USER\Control Panel\International3. Add two new String values, "s1159" and "s2359"

4. Right click the new value name and modify. Enter anything you like up to 8 characters.

If you enter two different values when modifying, you can have the system tray display the two differentvalues in the AM and PM.

Lock Out Unwanted UsersWant to keep people from accessing Windows, even as the default user? If you do not have a domain donot attempt this.

1. Open RegEdit2. Go to HKEY_LOCAL_MACHINE\Network\Logon

3. Create a dword value "MustBeValidated"4. Set the value to 1This forced logon can be bypassed in Safe Mode on Windows 9x

Disable the Outlook Express Splash ScreenYou can make OutLook Express load quicker by disabling the splash screen:1. Open RegEdit2. Go to HKEY_CURRENT_USER\Software\Microsoft\OutLook Express3. Add a string value "NoSplash"4. Set the value data to 1 as a Dword value

Multiple Columns For the Start MenuTo make Windows use multiple Start Menu Columns instead of a single scrolling column, like Windows9x had, Also if you are using Classic Mode in XP1. Open RegEdit2. Go to the keyHKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced3. Create a string value "StartMenuScrollPrograms"4. Right click the new string value and select modify5. Set the value to "FALSE"


9/22


10/22

@="Dos Prompt in that Directory"

HKEY_CLASSES_ROOT\Directory\shell\opennew\command@="command.com /k cd %1"

Add or Edit the following Registry Keys for a Drive:HKEY_CLASSES_ROOT\Drive\shell\opennew@="Dos Prompt in that Drive"

HKEY_CLASSES_ROOT\Drive\shell\opennew\command@="command.com /k cd %1"

These will allow you to right click on either the drive or the directory and the option of starting the dosprompt will pop up.

Changing Exchange/Outlook Mailbox LocationTo change the location of your mailbox for Exchange:

1. Open RegEdit2. Go toHKEY_CURRENT_USER\Software\ Microsoft\Windows Messaging Subsystem\ Profiles3. Go to the profile you want to change4. Go to the value name that has the file location for your mailbox (*.PST) file5. Make the change to file location or name

To change the location of your mailbox for Outlook1. Open RegEdit2. Go to HKEY_CURRENT_USER\Software\Microsoft\Outlook (or Outlook Express if Outlook Express)3. Go to the section "Store Root"

4. Make the change to file location

Add/Remove Sound Events from Control PanelYou can Add and delete sounds events in the Control Panel. In order to do that:1. Open RegEdit2. Go to HKEY_CURRENT_USER\AppEvents\Schemes\Apps andHKEY_CURRENT_USER\AppEvents\Schemes\Eventlabels. If this key does not exist you can create it andadd events.3. You can add/delete any items you want to or delete the ones you no longer want.

Adding an Application to the Right Click on Every Folder Here is how to add any application to the Context Menu when you right click on any Folder. This way

you do not have to always go to the Start Menu. When you right click on any folder, you can have accessto that application, the same as using Sent To.1. Open RegEdit2. Go to HKEY_CLASSES_ROOT\Folder\shell3. Add a new Key to the "Shell" Key and name it anything you like.4. Give it a default value that will appear when you right click a folder, i.e. NewKey (use an "&" withoutthe quotes, in front of any character and it will allow you to use the keyboard)5. Click on the Key HKEY_CLASSES_ROOT\Folder\shell\NewKey


11/22


12/22

RegEdit /l location of System.dat /R location of User.dat /D Registry key to deleteYou cannot be in Windows at the time you use this switch.

Or you can create a reg file as such:REGEDIT4[-HKEY_LOCAL_MACHINE\the key you want to delete]Note the negative sign just behind the[Then at the Command line type:1. RegEdit C:\Windows\(name of the regfile).

Change/Add Restrictions And FeaturesIf you want to make restrictions to what users can do or use on their computer without having to runPoledit, you can edit the Registry. You can add and delete Windows features in this Key shown below.

Zero is Off and the value 1 is On. Example: to Save Windows settings add or modify the value nameNoSaveSettings to 0, if set to1 Windows will not save settings. And NoDeletePrinter set to 1 will prevent

the user from deleting a printer.The same key shows up at:HKEY_USERS\(yourprofilename)\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer sochange it there also if you are using different profiles.1.Open RegEdit2.Go toHKEY_CURRENT_USER\Software\Microsoft\ CurrentVersion\ Policies3.Go to the Explorer Key (Additional keys that can be created under Policies are System, Explorer,Network and WinOldApp )4.You can then add DWORD or binary values set to 1 in the appropriate keys for ON and 0 for off.NoDeletePrinter - Disables Deletion of Printers

NoAddPrinter - Disables Addition of PrintersNoRun - Disables Run CommandNoSetFolders - Removes Folders from Settings on Start MenuNoSetTaskbar - Removes Taskbar from Settings on Start MenuNoFind - Removes the Find CommandNoDrives - Hides Drives in My ComputersNoNetHood - Hides the Network NeighborhoodNoDesktop - Hides all icons on the DesktopNoClose - Disables ShutdownNoSaveSettings - Don't save settings on exitDisableRegistryTools - Disable Registry Editing ToolsNoRecentDocsMenu - Hides the Documents shortcut at the Start buttonNoRecentDocsHistory- Clears history of DocumentsNoFileMenu _ Hides the Files Menu in ExplorerNoActiveDesktop - No Active DesktopNoActiveDesktopChanges- No changes allowedNoInternetIcon - No Internet Explorer Icon on the DesktopNoFavoritesMenu - Hides the Favorites menuNoChangeStartMenu _ Disables changes to the Start MenuNoFolderOptions _ Hides the Folder Options in the Explorer


13/22

ClearRecentDocsOnExit - Empty the recent Docs folder on rebootNoLogoff - Hides the Log Off .... in the Start Menu

And here are a few more you can play withShowInfoTipNoTrayContextMenuNoStartMenuSubFoldersNoWindowsUpdateNoViewContextMenuEnforceShellExtensionSecurityLinkResolveIgnoreLinkInfoNoDriveTypeAutoRunNoStartBannerNoSetActiveDesktopEditLevelNoNetConnectDisconnectRestrictRun - Disables all exe programs except those listed in the RestrictRun subkey

This key has many other available keys, there is one to even hide the taskbar, one to hide the controlpanel and more. I'm not telling you how, as someone may want to play a trick on you. The policies keyhas a great deal of control over how and what program can run and how one can access what feature.

In the System key you can enter:NoDispCPL - Disable Display Control PanelNoDispBackgroundPage - Hide Background PageNoDispScrSavPage - Hide Screen Saver PageNoDispAppearancePage - Hide Appearance PageNoDispSettingsPage - Hide Settings PageNoSecCPL - Disable Password Control Panel

NoPwdPage - Hide Password Change PageNoAdminPage - Hide Remote Administration PageNoProfilePage - Hide User Profiles PageNoDevMgrPage - Hide Device Manager PageNoConfigPage - Hide Hardware Profiles PageNoFileSysPage - Hide File System ButtonNoVirtMemPage - Hide Virtual Memory Button

In the Network key you can enter:NoNetSetup - Disable the Network Control PanelNoNetSetupIDPage - Hide Identification PageNoNetSetupSecurityPage - Hide Access Control PageNoFileSharingControl - Disable File Sharing ControlsNoPrintSharing - Disable Print Sharing Controls

In the WinOldApp key you can enter:Disabled - Disable MS-DOS PromptNoRealMode - Disables Single-Mode MS-DOS


14/22


15/22

6.Right-click on the key you just created and create another key under it called command7.For the value of this command, enter the full path and program you want to execute8.Now when you right click on the Start Button, your new program will be there.9.For example, if you want Word to be added, you would add that as the first key, the default in theright panel would be &Word so when you right click on the Start Button, the W would be the Hot Key onyour keyboard. The value of the key would be C:\Program Files\Office\Winword\Winword.exe

Remove Open, Explore & Find from Start ButtonWhen you right click on the Start Button, you can select Open, Explore or Find.Open shows your Programs folder. Explore starts the Explorer and allows access to all drives.Find allows you to search and then run programs. In certain situations you might want to disable thisfeature.To remove them:1.Open RegEdit2.Go to HKEY_CLASSES_ROOT\Directory\Shell\Find3.Delete Find4.Scroll down below Directory to Folder

5.Expand this section under shell6.Delete Explore and OpenCaution: - When you remove Open, you cannot open any folders.

Removing Items from NEW Context MenuWhen you right-click on the desktop and select New, or use the File Menu item in the Explore and selectNew a list of default templates you can open up are listed.To remove items from that list:1. Open RegEdit2. Do a Search for the string ShellNew in the HKEY_CLASSES_ROOT Hive3. Delete the ShellNew command key for the items you want to remove.

Changing Telnet WindowYou can view more data if you increase the line count of Telnet. By Default it has a window size of 25lines. To increase this so you can scroll back and look at a larger number on lines:1. Open RegEdit2. Go to HKEY_CURRENT_USER\Software\Microsoft\Telnet3. Modify the value data of "Rows"

Changing the Tips of the DayYou can edit the Tips of the day in the Registry by going to:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\ CurrentVersion\ explorer\ Tips

Disabling Drives in My Computer To turn off the display of local or networked drives when you click on My Computer:1.Open RegEdit2.Go toHKEY_CURRENT_USER\Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer3.Add a New DWORD item and name it NoDrives4.Give it a value of 3FFFFFF5.Now when you click on My Computer, none of your drives will show.


16/22

Changing the caption on the Title Bar Change the Caption on the Title Bar for OutLook Express or the Internet Explorer:For Outlook Express:1. Open RegEdit2. Go toHKEY_CURRENT_USER\Software\Microsoft\OutLook ExpressFor IE5 and up use:HKEY_CURRENT_USER\IDENTITIES \{9DDDACCO-38F2-11D6-93CA-812B1F3493B}\ SOFTWARE\MICROSOFT\ OUTLOOK EXPRESS\5.03. Add a string value "WindowTitle" (no space)4. Modify the value to what ever you like.

For no splash screen , add a dword value "NoSplash" set to 1The Key {9DDDACCO-38F2-11D6-93CA-812B1F3493B} can be any key you find here. Each user has hisown Key number.

The Key 5.0 is whatever version of IE you haveFor Internet Explorer:1. Open RegEdit2. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main3. Add a string value "Window Title" (use a space)4. Modify the value to what ever you like.

Disabling the Right-Click on the Start ButtonNormally, when you right button click on the Start button, it allows you to open your programs folder,the Explorer and run Find.In situations where you don't want to allow users to be able to do this in order to secure your computer.

1.Open RegEdit2.Search for Desktop3.This should bring you to HKEY_CLASSES_ROOT\Directory4.Expand this section5.Under Shell is Find6.Delete Find7.Move down a little in the Registry to Folder8.Expand this section and remove Explore and OpenNow when you right click on the Start button, nothing should happen.You can delete only those items that you need.Note: - On Microsoft keyboards, this also disables the Window-E (for Explorer) and Window-F(for Find) keys.See the section on Installation in the RESKIT to see how to do this automatically during an install.

Disabling My Computer In areas where you are trying to restrict what users can do on the computer, it might be beneficial todisable the ability to click on My Computer and have access to the drives, control panel etc.To disable this:1.Open RegEdit2.Search for 20D04FE0-3AEA-1069-A2D8-08002B30309D


17/22


18/22


19/22

Changing your Modem's Initialization String1.Open RegEdit2.Go toHKEY_LOCAL_MACHINE\System\CurrentControlSet \Services \Class \Modem \0000 \Init3.Change the settings to the new values

Increasing the Modem TimeoutIf your modem it is timing out during file transfers or loading Web Pages, you might try increasing thetimeout period. To change the Time Out::1.Open RegEdit2.Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\ Class\ Modem\ XXXX\ SettingsWhere XXXX is the number of your modem3. In the right panel and double click on Inactivity Timeout4.The number of minutes for a timeout should be entered between the brackets.5.For example, a setting could have S19= to set it to 10 minutes.

Removing Programs from Control Panel's Add/Remove Programs SectionIf you uninstalled a program by deleting the files, it may still show up in the Add/Remove programs listin the Control Panel.In order to remove it from the list.1.Open RegEdit2.Go to HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall3.Delete any programs here.If you have a problem locating the desired program open each key and view the DisplayName value

The Fix for Grayed Out Boxes

The File Types tab in Explorer's View / Options menu lets you edit most of your file types, but certainsettings cannot be changed. The default action for a batch file, for instance, runs the batch file instead of opening it via Notepad or Wordpad. Thus, when you double-click on AUTOEXEC.BAT, a DOS windowopens, and the file executes. If you want to change this default action and edit a batch file when youdouble-click on it, however, the File Types tab does not let you do so; the Set Default button for the filetype called MS-DOS Batch File is always grayed out.

The button is grayed out because HKEY_CLASSES_ROOT's batfile key contains an EditFlag value entry.Such entries are used throughout the Registry to prevent novice users from altering certain systemsettings. The binary data in batfile's EditFlag reads d0 04 00 00. If you change this value to 00 00 00 00,you can then change any of the batch file settings. Do not, however, indiscriminately zero out EditFlag; if

you do so in a system ProgID such as Drive or AudioCD, it completely disappears from the File Types list.For ProgIDs that are linked to extensions, set all EditFlags to 00 00 00 00. For system ProgIDs, replaceEditFlag data with 02 00 00 00.

If you wish to have access to some buttons while leaving others grayed out, you must know the functionof each EditFlag bit. The last two bytes of data are always zero, but most bits within the first two byteshave a specific effect:


20/22

Byte 1, bit 1: Removes the file type from the master list in the File Types tab (select View / Optionsunder Explorer) if it has an associated extension.

Byte 1, bit 2: Adds the file type to the File Types tab if it does not have an associated extension.Byte 1, bit 3: Identifies a type with no associated extension.Byte 1, bit 4: Grays out the Edit button in the File Types tab.Byte 1, bit 5: Grays out the Remove button in the File Types tab.Byte 1, bit 6: Grays out the New button in the Edit File Type dialog (select the Edit button in the File

Types tab).Byte 1, bit 7: Grays out the Edit button in the Edit File Type dialog.Byte 1, bit 8: Grays out the Remove button in the Edit File Type dialog.Byte 2, bit 1: Prevents you from editing a file type's description in the Edit File Type dialog.Byte 2, bit 2: Grays out the Change Icon button in the Edit File Type dialog.Byte 2, bit 3: Grays out the SetDefault button in the Edit File Type dialog.Byte 2, bit 4: Prevents you from editing an action's description in the Edit Action dialog (select the Edit

button in the Edit File Type dialog).Byte 2, bit 5: Prevents you from editing the command line in the Edit Action dialog.Byte 2, bit 6: Prevents you from setting DDE (Dynamic Data Exchange) fields in the Edit Action dialog.

The EditFlags value for Drive, for instance, is d2 01 00 00 in Hex (1101 0010 0000 0001 in binary). Bits 2,5, 7, and 8 are on in byte 1, and bit 1 is on in byte 2. The EditFlag for batfile is d0 04 00 00 in Hex or 11010000 0000 0100 in binary. In this case, bits 5, 7, and 8 are on in byte 1, and bit 3 is on in byte 2.

Bits 4, 5, and 6 of byte 2 apply only to actions that are protected. EditFlags with action keys (such asHKEY_CLASSES_ROOT\batfile\shell\open) determine protection. If byte 1, bit 1 of such an EditFlag is 0(or if there is no EditFlag), then the action is protected. If byte 1, bit 1 is 1, then the action isunprotected.

Protection on system files

To enable protection on system files such as the KnownDLLs list, add the followingvalue;1. Open RegEdit2. HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\ SessionManager3. Create the a Dword value and name it "ProtectionMode "4. Set the Value to1

How to display a legal notice on startupThis is how to make a legal notice appear on startup :Open RegeditNavigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system"legalnoticecaption:"enter your notice caption here"legalnoticetext:"enter your legal notice text here"

Add admin user to welcome screen:Start the Registry Editor Go to:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \SpecialAccounts \ UserList \


21/22

Right-click an empty space in the right pane and select New > DWORD Value Name the new valueAdministrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor andrestart.

Kill Processes immediately:When logging off, you sometimes get an End Task dialog prompt, indicating a program that doesntshut itself down. You can suppress the prompts and have Windows kill these programs automaticallywhen you log off. In regedit, find key HKEY_CURRENT_USER\Control Panel\Desktop Look for the valueAutoEndTasks, and change it from 0 to 1.

No Shutdown:Wanna play with your friends by removing the shutdown option from start menu in their computer.RegeditHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer"NoClose"="DWORD:1"

Show Superhidden Files:Even if you turn on show hidden files in Windows Explorer some files will remain hidden. These files aresuper hidden. Set the registry value below to 1.

Unblock Regedit and CMD prompt:Save this file is a .reg file then execute itREGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldApp]"Disabled"=dword:0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]"DisableRegistryTools"=dword:0

Memory PerformanceImproving memory performance can be done simply by preventing your hard drive from being used forcache. This is only useful with 256Mb or more of RAM.Everything that you'll need to edit here can be found inHKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Session Manager/Memory ManagementSo of course add [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management] to your *.reg file.Disable Paging ExecutiveThis will prevent pages sections from RAM going to the hard drive. If you have a large amount of RAM atleast 256Mb (I suggest 512) you might want to keep the data in your RAM to improve your performanceconsiderably due to reduced amount of hard drive swappage. The entry that you will want to modify is

called DisablePagingExecutive. Changing this from 0 to 1 will keep the data in your RAM."DisablePagingExecutive"=dword:00000001

System Cache BoostThe XP kernel can be loaded into your RAM with a simple registry edit. This can greatly improveperformance since the NT Kernel will always be in your RAM. With this edit you will allocate roughly4Mb of your RAM for the kernel. Sometimes more RAM is used but most of the time it is only 4Mb. The


22/22

entry that you will need to find is called LargeSystemCache and you'll need to change this from 0 to 1 inorder to enable this."LargeSystemCache"=dword:00000001To put both of these RAM tweaks into use you'll add something like this to your reg file[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]"DisablePagingExecutive"=dword:00000001"LargeSystemCache"=dword:00000001

The XP Prefetcher Windows XP has a service called the Prefetcher. It basically monitors the different programs that startduring startup and helps them launch faster.To find this tool browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management\PrefetchParametersThe important key is EnablePrefetcher. Default value for this is 3. You will want to try numbers between1 and 6. 5 seems to work best for me but your mileage may vary.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\MemoryManagement\PrefetchParameters]

"EnablePrefetcher"="5"