Registry Win2000 Security Settings-Guide to registry use sixteen

Use Win2000 security settings in the Registry-16th full guide to registry usage

Note: The changed registry project is located in HKEY_CURRENT_USER.
If for a user, change is located at HKEY_USERS \ (S-1-5-21-746137067-507921405-1060284298-500) (UserCode.

1. prevent others from obtaining access information on the Web Page
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ typedurls is used to save the IE history, save the 25 most recently viewed websites, and delete them selectively.

2. Start Menu and taskbar
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer,

(1) do not drag the Start menu up or down: Create a DWORD nochangestartmenu with the value set to 1 (0x1 ).

(2) do not change the settings of the taskbar and Start Menu: Create a DWORD nosettaskbar with a value of 1 (0x1 ).

(3) keep records of recently opened documents: Create a DWORD norecentdocshistory with a value of 1 (0x1 ).

(4) disable the personalized menu: Create a DWORD intellimenus with a value of 1 (0x1 ).

(5) Disable User tracing: Create a DWORD noinstrumentation with a value of 1 (0x1 ).
Note: this function is used by the system to track users.Program, The path of the user navigation and a feature of the document opened by the user. The system uses this information to customize Windows functions, such as personalized menus.

(6) prevent the system from parsing a shortcut key by searching for a comprehensive target drive. (NTFs only): Create a DWORD-type noresolvesearch with a value of 1 (0x1 ).
Note: by default, when the system cannot find the target file for the shortcut key (. lnk), it looks for all paths related to the shortcut key. If the target file is in the NTFS partition, the system uses the ID of the target file to find the path. Setting prevents the system from parsing a shortcut key by searching for a comprehensive target drive.

(7) prevent the system from parsing a shortcut key using the NTFS tracking function. (NTFs only): Create a DWORD noresolvetrack with a value of 1 (0x1 ).

3. desktop settings
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer,

(1) Delete "Network neighbors" on the desktop: Create a DWORD nonethood with a value of 1 (0x1 ).

(2) Delete the IE icon from the desktop and Quick Start: Create a DWORD nointerneticon with a value of 1 (0x1 ).

(3) do not add the latest opened documents to "Network neighbors". Create a DWORD norecentdocsnethood with a value of 1 (0x1 ).

(4) do not change the path of the "My Documents" folder: Create a DWORD disablepersonaldirchange with the value set to 1 (0x1 ).

(5) do not change the desktop toolbar: Create a DWORD noclosedragdropbands with a value of 1 (0x1 ).

(6) do not adjust the length of the desktop toolbar, and do not re-place the project or toolbar on the locked toolbar: Create a DWORD nomovingbands with a value of 1 (0x1 ).

(7) do not save the settings when exiting: Create DWORD for DWORD nosavesettings with the value set to 1 (0x1 ).

(8) Disable Active Desktop: Create a DWORD noactivedesktop with a value of 1 (0x1 ).

(9) Enable Active Desktop: Create a DWORD forceactivedesktopon with a value of 1 (0x1 ).

(10) do not change the Active Desktop configuration: Create a DWORD-type noactivedesktopchanges with a value of 1 (0x1 ).

(11) hide all the icons on the desktop: Create a DWORD for the DWORD-type nodesktop with a value of 1 (0x1 ).

(12) disable the change of Active Desktop configuration: Create DWORD for DWORD noactivetopics topchanges with the value set to 1 (0x1 ).
In HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies, create an nonenum item,

(1) create a DWORD {2017d8fba-ad25-11d0-98a8-0800361b1103} with the value set to 1 (0x1 ).
New activedesktop item,

(1) disable the active desktop project, but you can use the Active Desktop: Create a DWORD nocomponents with the value set to 1 (0x1 ).

(2) Prevent Users From Adding web content to "Active Desktop": Create a DWORD noaddingcomponents with a value of 1 (0x1 ).

(3) only bitmap can be used as Wallpaper: Create a DWORD nohtmlwallpaper with a value of 1 (0x1 ).

(4) Disable desktop wallpaper replacement: Create a DWORD nochangingwallpaper with a value of 1 (0x1 ).

Create a system item,

(1) Hide "appearance": Create a DWORD nodispappearancepage with a value of 1 (0x1 ).

(2) "display" in "forbidden control panel": Create a DWORD nodispcpl with a value of 1 (0x1 ).

(3) Disable "Screen Protection" option: Create a DWORD nodispscrsavpage with a value of 1 (0x1 ).

(4) Hide the "Settings" option: Create a DWORD nodispsettingspage with a value of 1 (0x1 ).

(5) Hide "background": Create a DWORD nodispbackgroundpage with a value of 1 (0x1 ).

In HKEY_CURRENT_USER \ SOFTWARE \ Policies \ Microsoft, create a Windows item, create a control panel item, and create a desktop item under it,

(1) Disable "Screen Protection": Create a new secure ScreenSaveActive with a value of 0.

(2) Add a password to all Screen Protection: create a secure ScreenSaverIsSecure with a value of 1.

(3) set the latency (in seconds, the value should be between 1-) of Screen Protection: Create a new secure screensavetimeout, and set the value to the required time.

(4) only allow users to use specific Screen Protection: Create a New Type SCRNSAVE. EXE with the value set to the desired Screen Protection name (*. scr ).
Note: If the target Screen Saver is not in % SystemRoot % \ system32, enter the complete path.

Create a directory UI item,

(1) specify the maximum number of objects displayed in the Active Directory System for response browsing or search (set to 1000, default to 10000): Create a DWORD querylimit with a value set to 1000 (0x3e8 ).

(2) display the filter bar on the Active Directory Search: Create DWORD-type enablefilter with the value set to: 1.

(3) Hide the active directory folder: Create a DWORD hidedirectoryfolder with a value of 1.

4. Control Panel
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer,

(1)""" controlcontrolcontrolcontrolcontrolcontrol.exe: Create a DWORD nocontrolpanel with the value set to 1.
Note: The running of control.exe is also disabled at the same time.

(2) Disable some Control Panel files: Create a DWORD of the DWORD type disallowcpl with the value set to 1;
Create a new disallowcpl under HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, create string 1, and set the value to disabled Control Panel files.
Note: If you want to disable multiple files at the same time, you need to create a number of strings and name them as Arabic numerals. The key value is the control panel file you want to disable.

(3) only use a specific control panel file: Create a DWORD restrictcpl with a value of 1;
Create restrictcpl under HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer, create string 1, and set the value to the required control panel file.
Note: You can enable multiple files at the same time by using the same method as above.

5. Add/delete programs
In HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ downloads ies, create an uninstall item,

(1) Disable "add or delete programs" (do not use other methods to install or delete programs): Create a DWORD noaddremoveprograms with the value set to: 1.

(2) Hide "change or delete a program": Create a DWORD noremovepage with a value of 1.

(3) Hide "Add new program": Create a DWORD noaddpage with a value of 1.

(4) Hide add program from CD-ROM or floppy disk: Create DWORD noaddfromcorfloppy with the value set to: 1.

(5) Hide "add a program from Microsoft": Create a DWORD noaddfrominternet with a value of 1.

(6) Hide "add a program from network": Create a DWORD noaddfromnetwork with the value set to 1.

(7) Hide "Add/delete component": Create a DWORD nowindowssetuppage with a value of 1.

(8. Disable "support Info": Create DWORD nosupportinfo with the value set to 1.

(9) specifies the program category that appears when you open the "Add new program" page. (This category must be included in the Add/delete definition.) create a new category defaultcategory and set the value to the required category.

6. Disable the selection of windwos2000 menus and dialog language (in Japanese)
In HKEY_CURRENT_USER \ SOFTWARE \ Policies \ Microsoft, create a control panel item, create a desktop item under it, and create a portable multiuilanguageid with a value of 00000411.

7. completely hide the hidden file
In hkey_local_mashine \ Software \ Microsoft \ Windows \ currentversionexplorer \ Advanced \ Folder \ Hidden \ showall, modify (New DWORD type) checkedvalue to 0, objects that are set as hidden properties are truly hidden (the option to disable display of all objects ). To display the checkedvalue, you only need to change the value of checkedvalue to 1.

8. Forget the Windows logon password (use with caution !)
The Sam file in the WINNT \ system32 \ config directory. delete the file and restart it.
Note: SAM (Security Accounts Management Database): Security Account management database. It is the core of the WindowsNT/2000 System and stores the group accounts and user account information of the Local Machine and the domain controlled by the operating system. Sam stores the descriptive information and permission information of each group in the domain, and the subsequent part stores the descriptive information of the domain user and the encrypted password data.
The superuser administrator password is stored after the last "Administrator" string in the SAM file.

9. Disable Windows File Protection
Warning after modification, you can directly delete key Windows files.
By default, users are prohibited from deleting system and program files. You can remove the restriction after modifying the registry.
In HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon, the value of sfcdisable is set to 0xffffff9d.
To use file protection, change the value to 0 again.

Operation tips:

1. Quickly hide the taskbar
It is slow to hide the task bar automatically. If you want to speed up, remove the "show window content when dragging" item in "visual effect" in the display attribute.

2. Quickly view the specific location of the file
Right-click the file and drag it to the "run" dialog box. The file extension and complete path are displayed.

3. Quickly locate the website
You can use a keyboard to locate a website that is relatively long. Press Ctrl + ←. The cursor moves quickly to the left in the unit of words. Press Ctrl + → and the cursor moves quickly to the right in the unit of words.

4. Send email quickly
"New"/"shortcut" command → "Enter the project location" → enter "mailto:" → "Enter the shortcut name" → enter "new mail ". Click this shortcut to create a new email.

5. automatically disable the screensaver before disk sorting
Create a new defrag in HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ applets, and set sett ings to "disablescreensaver" and "yes" in the right window ".

6. added the shutdown function in the logon dialog box.
In HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon, the value of shutdownwithoutlogon is set to 1.

7. One click to shut down
In hkey_classes_root \ directory \ shell, create the "close" primary key, and enter "Close computer" in the "key value" Column (displayed in the right-click menu). You can define the shortcut key. Create a level-1 sub-key "command" under "close", and enter "rundll32.exe user. EXE, exitwindows" in the "key value" column ".

8. Clear the recycle bin anywhere
Create "{645ff040-5081-101b-9f08-00aa002f945e}" in hkey_classes_root \ * \ shellex \ contextmenuhandlers }".

9. Speed up Shutdown
Create a new "string value" fastreboot in HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ shutdown and set it to 1.

10. Dial-Up Acceleration
Modem properties → modem. The "Maximum port speed" indicates the maximum speed at which the program can transmit data to the modem, which is usually faster than the modem.
Set it to 115,200 bps. On the "advanced" Page, add the initialization parameters provided in the modem manual to the "Additional initialization commands. No matter whether there are any initialization commands provided by modem, add the "S11 = 40" command to speed up modem dialing.

11. Dynamic Effect of IE window
HKEY_CURRENT_USER \ controlpanel \ Desktop \ windowmetrics. In the window on the right, create the string values "minanimat" and "maxanimat", and set the values to "0" and "1" respectively ", the change is performed when the IE window is the largest and the switchover is minimized.

12. Change the security password of IE
In HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ ratings ies, delete the ratings subkey.

13. Change the default IE download directory
In HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer, modify download directory.

14. Modify ie Search Engine
In HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ search, change customizesearch and searchassistant to custom search engines.

Default IE engine: http://ie.search.msn.com/?sub_rfc1766#/srchasst/srchasst.htm

15. Customize the Internet Explorer Address
About is a special protocol except HTTP, FTP, mailto, And gopher. It can be used to access specific webpages using aliases.
In hkey_local_machlne \ Software \ Microsoft \ Internet Explorer \ abouturls, create a new string value, rename it as the webpage alias, set the value to the URL, and do not save "http ://".

16. added the IE automatic identification function.
In HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ main \ urltemplate, The urltemplate branch has 6 string values: www. % s.com "," www. % s.org "," www. % s.net "," www. % s.edu, used to specify the auto-matching range of IE. Create two new strings under the urltemplate branch and set the values to "www. % s.com.cn" and "% s.com.cn" to enable IE to automatically identify the suffix ".com.cn.

17. multi-threaded download
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings,
Create a maxconnectionsperserver to determine the maximum number of connections for Synchronous download (5 ~ 8 );
For HTTP 1.0 server, create maxconnectionsperl_oserver and change the value to the maximum number of synchronized downloads.

(Source: Hotspot Network)