Regedit Notes

22
Regedit Notes System Settings Notes: The settings here apply to system-wide configurations. These settings are all applied to computers, not users. Registered Owner Key: HKLM\SOFTWARE\Microsoft\Win dows NT\CurrentVersion Value Name: RegisteredOwner Value Type: REG_SZ Set To: New Owner's Name Notes: This key controls the Owner's name in the system tab of control panel, and in any programs that reads this data. This has little to no effect in Windows, it's merely a cosmetic change. Explorer Settings Notes: All the settings here work with explorer. They should not be used for a sole means of security, as they do not remove the rights to perform actions. They merely remove the ability to do an action via Explorer. Disable Desktop Right Click Key: (HKCU|HKLM)\Software\Microsoft\Windows\Current Version\Policies\Explorer Value Name: NoViewContextMenu Value Type: REG_DWORD Set To: 1 to enable, 0 to disable (0 Default) Notes: Use this to disable right click context menu on the desktop. Show Windows Version On Desktop Key: HKCU\Control Panel\Desktop Value Name: PaintDesktopVersion Value Type: REG_DWORD Set To: 1 to enable, 0 to disable (0 Default) Notes: Displays the current Windows version on top of the desktop wallpaper. Disable Shutdown Key: (HKCU|HKLM)\Software\Microsoft\Windows\Current Version\Policies\Explorer Value Name: NoClose Value Type: REG_DWORD Set To: 1 to enable, 0 to disable (0 Default) Notes: Removes the shutdown option from the start menu. This should be used with removal the shutdown system right. This key does not prevent the user from turning off the computer, it only removes the shutdown button from the start menu. Disallow These Programs From Running (1) Key: (HKCU|HKLM)\Software\Microsoft\Windows\Current

Transcript of Regedit Notes

Regedit Notes

System SettingsNotes: The settings here apply to system-wide configurations. These settings are all applied tocomputers, not users.

Registered OwnerKey:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion ValueName: RegisteredOwnerValue Type: REG_SZSet To: New Owner's NameNotes: This key controls the Owner's name in the system tab of control panel, and in anyprograms that reads this data. This has little to no effect in Windows, it's merely a cosmeticchange.

Explorer SettingsNotes: All the settings here work with explorer. They should not be used for a sole means ofsecurity, as they do not remove the rights to perform actions. They merely remove the ability todo an action via Explorer.

Disable Desktop Right ClickKey:(HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name:NoViewContextMenuValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 Default)Notes: Use this to disable right click context menu on the desktop.

Show Windows Version On DesktopKey: HKCU\Control Panel\DesktopValue Name: PaintDesktopVersionValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 Default)Notes: Displays the current Windows version on top of the desktop wallpaper.

Disable ShutdownKey:(HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoCloseValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 Default)Notes: Removes the shutdown option from the start menu. This should be used with removal theshutdown system right. This key does not prevent the user from turning off the computer, it onlyremoves the shutdown button from the start menu.

Disallow These Programs From Running (1)Key:(HKCU|HKLM)\Software\Microsoft\Windows\Current

Version\Policies\Explorer Value Name: DisallowRunValue Type: REG_DWORDSet To: 1Notes: This enables disallow run. Any programs later added to the DisallowRun subkey willnot be ran from explorer.Programs can still be ran by other means, and they can be renamed to bypass this.

Disallow These Programs From Running (2)Key:(HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun Value Name: 1+Value Type: REG_SZSet To: Application's NameNotes: This is the container for the DisallowRun. Each program should be placed in theDisallowRun key. The first program's value should be called 1. And if the program was, forexample, cmd.exe, then the string value should be cmd.exe. Renaming files will bypass this.

Allow ONLY These Programs To Run (1)Key:(HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: RestrictRunValue Type: REG_DWORDSet To: 1Notes: This enables RestrictRun. This is like Disallow Run, but explorer will only run programslisted in this key. Make sure you enable regedit for your account, or have some other means toreverse this. This is Opt-In security.

Allow ONLY These Programs To Run (2)Key:(HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun Value Name: 1+Value Type: REG_SZSet To: Application's NameNotes: This is the container for the Restrict Run. Each program should be placed in the RestrictRun key. The first program's value should be called 1. And if the program was, for example,cmd.exe, then the string value should be cmd.exe. Renaming files will bypass this.

Shell FoldersKey:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders Value Name: VariousValue Type: REG_SZSet To: New PathNotes: This key contains different paths to special folders for the user, such as desktop, CDBurning, Programs, Start Menuand the like. I personally like to use NTFS Junctions rather then change the folder location,since some programs write to the default location without checking for the correct value.

Application SpecificNotes: The settings here are for the listed applications only. These can be used to set optionson all computers on a network remotely, or to lock in settings by disabling the write permission tothe key.

Application: Notepad

Set Font (Notepad)Key: HKCU\Software\Microsoft\NotepadValue Name: lfFaceNameValue Type: REG_SZSet To: Font name (For example: Lucida Console)Notes: Sets the default font used in notepad.

Italics (Notepad)Key: HKCU\Software\Microsoft\NotepadValue Name: lfItalicValue Type: REG_DWORDSet To: 0 to disable, 1 to enable (default is 0)Notes: Sets the italics for notepad.

Font Size (Notepad)Key: HKCU\Software\Microsoft\NotepadValue Name: iPointSizeValue Type: REG_DWORDSet To: Desired font size.Notes: This setting controls the font size. The value should be 10x the desired size. For example, toset a font of size 24, thenenter a decimal value of 240.

Window Size (Notepad)Key: HKCU\Software\Microsoft\NotepadValue Name: iWindowPosDX & iWindowPosDYValue Type: REG_DWORDSet To: Desired Window SizeNotes: Change these two values to control the default size of notepad when opened.

Internet Explorer

Disable ability to close browser (Internet Explorer)Key:(HKCU|HKLM)\Software\Policies\Microsoft\Internet Explorer\Restrictions Value Name:NoBrowserCloseValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)

Notes: When the user presses the close button, or tries to close view the file menu, the action is deniedwith a message stating "The operation has been canceled due to restrictions in effect on this computer.Please contact your system administrator" IE can still be closed by killing the process. If this restrictionis in place on a user account, and IE is ran under the context of a different user, the first user can not killthe process of the second user. This allows internet explorer to be always active in kiosk computers.

Remove FavoritesKey:(HKCU|HKLM)\Software\Policies\Microsoft\Internet Explorer\Restrictions Value Name:NoFavoritesValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: Removes the Favorites menu from Internet Explorer.

Disable Context Menu (Right Click)Key:(HKCU|HKLM)\Software\Policies\Microsoft\Internet Explorer\Restrictions Value Name:NoBrowserContextMenuValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: Removes the ability to right click in IE

Remove File -> Open MenuKey:(HKCU|HKLM)Software\Policies\Microsoft\Internet Explorer\Restrictions Value Name:NoFileOpenValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: Removes the File -> Open that can be used to launch other programs. Helps keep acleaner look in a Kiosk machine, but NTFS permissions should still be used to limit whatprograms the end user may run.

Remove File -> Save As MenuKey:(HKCU|HKLM)Software\Policies\Microsoft\Internet Explorer\Restrictions Value Name:NoBrowserSaveAsValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: Removes the File -> Save As that can be used to launch other programs. Helpskeep a cleaner look in a Kiosk machine, but NTFS permissions should still be used to limit whatprograms the end user may run.

Remove Address BarKey: HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions Value Name:NoAddressBarValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)

Notes: By removing the address bar, and disabling Explorer, you can use a single HTML page as thecomputers interface on a kiosk machine

Automatic Update SettingsNotes: These settings allow the user to fine-tune how Automatic Updates run on a system.Most of these settings can be set via Group Policy using default templates shipped in 2K and2K3.

Automatic UpdatesKey:HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU Value Name:NoAutoUpdateValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: This is the key to DISABLE auto updates. So setting it to 1 enables disable automatic

updates. In other words, set it to 1 to turn off automatic updates.

Automatic Updates - OptionsKey:HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU Value Name:AUOptionsValue Type: REG_DWORDSet To: 2, 3, 4, 5

Notes: These options control if it downloads the updates on it's own, or if it just tells the user whendownloads are out. It also controls if the service will install the updates, or prompt the user to installthem later. 2 will tell you when there are updates to download. 3 will download them automatically, andask for an install. 4 will fully automate the process, but may not finish the installs till you reboot. Touse 4, you must have ScheduledInstallDay and ScheduledInstallTime set. 5 forces automaticupdates to be enabled, but allows the end users to configure it.

Automatic Updates - Install OptionsKey:HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU Value Name:ScheduledInstallDayValue Type: REG_DWORDSet To: 0~7Notes: Controls on what day the updates will be installed. 0 is daily, while 1~7 is a set day of theweek, Sunday to Saturday.

Automatic Updates - Install Options 2Key:HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU Value Name:ScheduledInstallTimeValue Type: REG_DWORDSet To: 0~23Notes: Controls at what time Windows will install the updates, in 24 hour format.

Automatic Updates - Auto Reboot When Logged OnKey:HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU Value Name:NoAutoRebootWithLoggedOnUsersValue Type: REG_DWORDSet To: 0 or 1

Notes: Controls if Windows will automatically reboot when a user is logged on. Setting to 1 will promptthe user to reboot, while setting to 0 will cause Automatic Updates to notify the user that thecomputer will reboot. Default time till reboot is five (5) minutes.

Allow Raw Sockets For Users (Windows 2003)Key:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: AllowUserRawAccessValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)

Notes: By default, only Administrators can access raw sockets on a Windows 2003 system.Setting this value to 1 allows rawsocket usage for all users.

Arp Cache Keep AliveKey:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: ArpCacheLifeValue Type: REG_DWORDSet To: 0 to 0xFFFFFFFF (4,294,967,295 Decimal)Notes: Controls the time, in seconds, that an entry stays within the ARP cache. Without thiskey, defaults are two minutes for unused entries, and ten minutes for used entries.

Data Base PathKey:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: DatabasePathValue Type: REG_EXPAND_SZSet To: Path to files. (Default: %SystemRoot%\system32\drivers\etc)Notes: This controls the path to TCP\IP's database files, Hosts, Lmhosts, Network, Protocols,Services. Sometimes changed by malware to bypass restrictions on the hosts file.

Default Time To LiveKey:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: DefaultTTLValue Type: REG_DWORDSet To: 0~0xFF (0~255 Decimal, 128 Default)Notes: Adjusts the TTL of outgoing IP packets. Raising TTL can cause larger broadcast stormsif routing loops are formed in network topology.

Disable Offloading to Network CardKey:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value Name:DisableTaskOffloadValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: Allows functions in the TCP\IP stack to be performed by the hardware in the networkcard. Disabling this will cause greater load onto the CPU as the system must handle allfunctions. This is used for troubleshooting only.

Enable Detect Dead GatewayKey:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: EnableDeadGWDetectValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (1 by default)Notes: This causes TCP to detect if the main gateway has went down, and will switch to anysecondary gateways configured in TCP\IP properties.

Enable Multicast Forwarding

Key:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: EnableMulticastForwardingValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (0 by default)Notes: This controls if the computer will forward Multicasts across other networks. This isonly used when the computer is running as a Routing and Remote Access Server (RRAS).

Enable Path MTU DiscoveryKey:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: EnablePMTUDetectValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (1 by default)

Notes: Controls if windows will try to discover the Maximum Transmission Unit (MTU) over the path toa remote host. If the MTU used is larger then what is supported, then the packet will becomefragmented in transport. Fragmentation can cause network congestion and excess load on networkingdevices as they assemble the packets back into whole units of data.Syn Attack Protection

Key:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters ValueName: SynAttackProtectValue Type: REG_DWORDSet To: 1 to enable, 0 to disable (1 by default on Windows 2K3 with SP1, 0 by default on 2K3with SP0)Notes: Enables the SYN attack protection in SYN-ACK floods. Please see the Windows 2003TCP\IP Implementation in the References section for more information. It is recommendedthat it is set to 1 on all SP0 configurations, if SP1 can not be installed for some reason.

Backup / Restore the Registry

To Backup/Restore the Windows Registry: Windows 9x For XP 2000 click hereIf you are in MSDOS, at the C:\Windows prompt typeAttrib -s -r -h C:\Windows\System.dat (press Enter)Attrib -s -r -h C:\Windows\User.dat (press Enter)

To make the backup copies type:copy C:\Windows\System.dat C:\Windows\System.000 (press Enter)copy C:\Windows\User.dat C:\Windows\user.000 (press Enter)

To Restore the Registrycopy C:\Windows\System.000 C:\Windows\System.dat (press Enter)copy C:\Windows\User.000 C:\Windows\user.dat (press Enter)

Add Open With to all filesYou can add "Open With..." to the Right click context menu of all files.This is great for when you haveseveral programs you want to open the same file types with. I use three different text editors so I addedit to the ".txt" key.

1. Open RegEdit2. Go to HKEY_CLASSES_ROOT\*\Shell3. Add a new Key named "OpenWith" by right clicking the "Shell" Key and selecting new4. Set the (Default) to "Op&en With..."5. Add a new Key named "Command" by right clicking the "OpenWith" Key and selecting new6. Set the (Default) to "C:\Windows\rundll32.exe shell32.dll,OpenAs_RunDLL %1", C:\ being yourWindows drive. You must enter the "OpenAs_RunDLL %1" exactly this way.

Customize the System TrayYou can add your name or anything you like that consists of 8 characters or less. This will replace the AMor PM next to the system time. But you can corrupt some trial licenses of software that you may havedownloaded.

1. Open RegEdit2. Go to HKEY_CURRENT_USER\Control Panel\International3. Add two new String values, "s1159" and "s2359"4. Right click the new value name and modify. Enter anything you like up to 8 characters.

If you enter two different values when modifying, you can have the system tray display the two differentvalues in the AM and PM.

Lock Out Unwanted UsersWant to keep people from accessing Windows, even as the default user? If you do not have a domain donot attempt this.

1. Open RegEdit2. Go to HKEY_LOCAL_MACHINE\Network\Logon3. Create a dword value "MustBeValidated"4. Set the value to 1This forced logon can be bypassed in Safe Mode on Windows 9x

Disable the Outlook Express Splash ScreenYou can make OutLook Express load quicker by disabling the splash screen:1. Open RegEdit2. Go to HKEY_CURRENT_USER\Software\Microsoft\OutLook Express3. Add a string value "NoSplash"4. Set the value data to 1 as a Dword value

Multiple Columns For the Start MenuTo make Windows use multiple Start Menu Columns instead of a single scrolling column, like Windows9x had, Also if you are using Classic Mode in XP1. Open RegEdit2. Go to the keyHKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced3. Create a string value "StartMenuScrollPrograms"4. Right click the new string value and select modify5. Set the value to "FALSE"

Changing Windows' IconsYou can change the Icons Windows uses for folders, the Start Menu, opened and closed folder in theExplorer, and many more.1. Open RegEdit2. Go toHKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Shell Icons3. Add a string value for each Icon you wish to change.Example: "3" ="C:\Windows\Icons\MyIcon.ico,0" This will change the closed folders in the Explorer to"MyIcon.ico". Here is a complete list for each value.0= Unknown file type 1= MSN file types2= Applications Generic 3= Closed Folder 4= Open Folder5= 5.25" Drive6= 3.25" Drive7= Removable Drive8= Hard Drive9= NetWork Drive10= Network DriveOffline11= CD-ROM Drive12= RAM Drive13= Entire Network 14= Network Hub15= My Computer16=Printer17= Network Neighborhood18= Network Workgroup19= Start Menu's Program Folders20= StartMenu's Documents21= Start Menu's Setting22= Start Menu's Find23= Start Menu's Help24= StartMenu's Run25= Start Menu's Suspend26= Start Menu's PC Undock27= Start Menu's Shutdown28=Shared29= Shortcut Arrow30= (Unknown Overlay)31= Recycle Bin Empty32= Recycle Bin Full33= Dial-upNetwork34= DeskTop35= Control Panel36= Start Menu's Programs37= Printer Folder38= Fonts Folder39= Taskbar Icon 40= Audio CD

You need to reboot after making changes. You may need to delete the hidden file ShellIconCache if afterrebooting the desired Icons are not displayed.

Change Default Folder LocationsYou can change or delete the Windows mandatory locations of folder like My Documents:1. Open RegEdit2. Go to HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Shell Folders3. Change the desired folder location, My Documents is normally list as "Personal"4. Open the Explorer and rename or create the folder you wish.

To change the desired location of the Program Files folder1. Go toHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion2. Change the value of "ProgramFiles", or "ProgramFilesDir"Now when you install a new program it will default to the new location you have selected.

Change the Registered Change the User InformationYou can change the Registered Owner or Registered Organization to anything you want even afterWindows is installed.1) Open RegEdit2) Got toHKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion.3) Change the value of "RegisteredOrganization" or "RegisteredOwner", to what ever you want

Opening a DOS Window to either the Drive or Directory in ExplorerAdd the following Registry Keys for a Directory:HKEY_CLASSES_ROOT\Directory\shell\opennew

@="Dos Prompt in that Directory"

HKEY_CLASSES_ROOT\Directory\shell\opennew\command@="command.com /k cd %1"

Add or Edit the following Registry Keys for a Drive:HKEY_CLASSES_ROOT\Drive\shell\opennew@="Dos Prompt in that Drive"

HKEY_CLASSES_ROOT\Drive\shell\opennew\command@="command.com /k cd %1"

These will allow you to right click on either the drive or the directory and the option of starting the dosprompt will pop up.

Changing Exchange/Outlook Mailbox LocationTo change the location of your mailbox for Exchange:1. Open RegEdit2. Go toHKEY_CURRENT_USER\Software\ Microsoft\Windows Messaging Subsystem\ Profiles3. Go to the profile you want to change4. Go to the value name that has the file location for your mailbox (*.PST) file5. Make the change to file location or name

To change the location of your mailbox for Outlook1. Open RegEdit2. Go to HKEY_CURRENT_USER\Software\Microsoft\Outlook (or Outlook Express if Outlook Express)3. Go to the section "Store Root"4. Make the change to file location

Add/Remove Sound Events from Control PanelYou can Add and delete sounds events in the Control Panel. In order to do that:1. Open RegEdit2. Go to HKEY_CURRENT_USER\AppEvents\Schemes\Apps andHKEY_CURRENT_USER\AppEvents\Schemes\Eventlabels. If this key does not exist you can create it andadd events.3. You can add/delete any items you want to or delete the ones you no longer want.

Adding an Application to the Right Click on Every FolderHere is how to add any application to the Context Menu when you right click on any Folder. This wayyou do not have to always go to the Start Menu. When you right click on any folder, you can have accessto that application, the same as using Sent To.1. Open RegEdit2. Go to HKEY_CLASSES_ROOT\Folder\shell3. Add a new Key to the "Shell" Key and name it anything you like.4. Give it a default value that will appear when you right click a folder, i.e. NewKey (use an "&" withoutthe quotes, in front of any character and it will allow you to use the keyboard)5. Click on the Key HKEY_CLASSES_ROOT\Folder\shell\NewKey

6. Add a New Key named Command7. Set the (Default) value of the application you want to run8. For example: c:\program files\internet explorer\iexplore.exe (Include the full path and parameters ifyou need them)

Adding Explore From Here to Every FolderWhen you want to right click on any folder and want to open up an Explorer window of that folder.1. Open RegEdit2. Go to HKEY_CLASSES_ROOT\Folder\shell3. Add a new Key "RootExplore " under the "Shell" Key4. Set the (Default) value to "E&xplore From Here "5. Right Click the "RootExplore " Key and add a new Key "Command"to the RootExplore6. Set the (Default) value of Explorer.exe /e,/root,/idlist,%i

Changing the Location of Windows' Installation FilesIf you need to change the drive and or path where Windows looks for its installation files:1.Open RegEdit2.Go toHKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Setup3.Edit the value next to SourcePath

Creating a Logon BannerIf you want to create a Logon Banner: A message box to appear below your logon on.1.Open RegEdit2.Go ToFor Windows 9x and ME -HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ WinlogonFor Windows 2000 XP 2003 Vista -HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Winlogon3.Create a new String value"LegalNoticeCaption "4. Enter the Title of the window. What is displayed in the Title Bar.5. Create a new string value "LegalNoticeText"6. Enter the text for your message box that will appear even before the Logon window.

Creating a Default File OpenerIf you have a un-registered file type and want to view it instead of having to select Open With. UseExplorer's Right-click and add your program to the right-click options by:1. Open RegEdit2. Go to HKEY_CLASSES_ROOT\Unknown\Shell3. Right click on "Shell" and create a New Key and name it "Open "4. Create a New Key under the "Open" key you just created and name it "Command"5. Set the (Default) value to the path and filename of the program you want to use to open the file type6. For example: C:\Windows\NOTEPAD.EXE %1You must use the "%1" for this to work.and a space between the exe and the %1

Deleting Registry Keys from the Command LineThere are two ways to delete a key from the Registry from the Command line. At the WindowsCommand line:

RegEdit /l location of System.dat /R location of User.dat /D Registry key to deleteYou cannot be in Windows at the time you use this switch.

Or you can create a reg file as such:REGEDIT4[-HKEY_LOCAL_MACHINE\the key you want to delete]Note the negative sign just behind the[Then at the Command line type:1. RegEdit C:\Windows\(name of the regfile).

Change/Add Restrictions And FeaturesIf you want to make restrictions to what users can do or use on their computer without having to runPoledit, you can edit the Registry. You can add and delete Windows features in this Key shown below.

Zero is Off and the value 1 is On. Example: to Save Windows settings add or modify the value nameNoSaveSettings to 0, if set to1 Windows will not save settings. And NoDeletePrinter set to 1 will preventthe user from deleting a printer.The same key shows up at:HKEY_USERS\(yourprofilename)\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer sochange it there also if you are using different profiles.1.Open RegEdit2.Go toHKEY_CURRENT_USER\Software\Microsoft\ CurrentVersion\ Policies3.Go to the Explorer Key (Additional keys that can be created under Policies are System, Explorer,Network and WinOldApp )4.You can then add DWORD or binary values set to 1 in the appropriate keys for ON and 0 for off.NoDeletePrinter - Disables Deletion of PrintersNoAddPrinter - Disables Addition of PrintersNoRun - Disables Run CommandNoSetFolders - Removes Folders from Settings on Start MenuNoSetTaskbar - Removes Taskbar from Settings on Start MenuNoFind - Removes the Find CommandNoDrives - Hides Drives in My ComputersNoNetHood - Hides the Network NeighborhoodNoDesktop - Hides all icons on the DesktopNoClose - Disables ShutdownNoSaveSettings - Don't save settings on exitDisableRegistryTools - Disable Registry Editing ToolsNoRecentDocsMenu - Hides the Documents shortcut at the Start buttonNoRecentDocsHistory- Clears history of DocumentsNoFileMenu _ Hides the Files Menu in ExplorerNoActiveDesktop - No Active DesktopNoActiveDesktopChanges- No changes allowedNoInternetIcon - No Internet Explorer Icon on the DesktopNoFavoritesMenu - Hides the Favorites menuNoChangeStartMenu _ Disables changes to the Start MenuNoFolderOptions _ Hides the Folder Options in the Explorer

ClearRecentDocsOnExit - Empty the recent Docs folder on rebootNoLogoff - Hides the Log Off .... in the Start Menu

And here are a few more you can play withShowInfoTipNoTrayContextMenuNoStartMenuSubFoldersNoWindowsUpdateNoViewContextMenuEnforceShellExtensionSecurityLinkResolveIgnoreLinkInfoNoDriveTypeAutoRunNoStartBannerNoSetActiveDesktopEditLevelNoNetConnectDisconnectRestrictRun - Disables all exe programs except those listed in the RestrictRun subkeyThis key has many other available keys, there is one to even hide the taskbar, one to hide the controlpanel and more. I'm not telling you how, as someone may want to play a trick on you. The policies keyhas a great deal of control over how and what program can run and how one can access what feature.

In the System key you can enter:NoDispCPL - Disable Display Control PanelNoDispBackgroundPage - Hide Background PageNoDispScrSavPage - Hide Screen Saver PageNoDispAppearancePage - Hide Appearance PageNoDispSettingsPage - Hide Settings PageNoSecCPL - Disable Password Control PanelNoPwdPage - Hide Password Change PageNoAdminPage - Hide Remote Administration PageNoProfilePage - Hide User Profiles PageNoDevMgrPage - Hide Device Manager PageNoConfigPage - Hide Hardware Profiles PageNoFileSysPage - Hide File System ButtonNoVirtMemPage - Hide Virtual Memory Button

In the Network key you can enter:NoNetSetup - Disable the Network Control PanelNoNetSetupIDPage - Hide Identification PageNoNetSetupSecurityPage - Hide Access Control PageNoFileSharingControl - Disable File Sharing ControlsNoPrintSharing - Disable Print Sharing Controls

In the WinOldApp key you can enter:Disabled - Disable MS-DOS PromptNoRealMode - Disables Single-Mode MS-DOS

Automatic Screen RefreshWhen you make changes to your file system and use Explorer, the changes are not usually displayeduntil you press the F5 keyTo refresh automatically:1. Open RegEdit2. Go toHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Update3. Set the value name "UpdateMode" to 1

Disable Password CachingTo disable password caching, which allows for the single Network login and eliminates the secondaryWindows logon screen. Either use the same password or:1. Open RegEdit2. Go to the keyHKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\ Windows\ CurrentVersion\ Policies\ Network3. Add a Dword value "DisablePwdCaching" and set the value to 1

Changing the MaxMTU for faster DownloadsThere are four Internet settings that can be configured, you can get greater throughput (faster Internetdownloads) by modifying a few settings.They are the MaxMTU, MaxMSS and DefaultRcvWindow, and DefaultTTL1.Open RegEdit2.Go toHKEY_LOCAL_MACHINE\System\CurrentControlset\ Services\ Class\ net\ 000x(where x is your particular network adapter binding.)3.Right click on the right panel4.Select New\String Value and create the value name IPMTU5.Double click on it and enter then the number you want. The usual change is to 5766.Similarly, you can add IPMSS and give it a value of 536

(Windows 9X)You can set DefaultRcvWindow, and DefaultTTL by adding these string values toHKEY_LOCAL_MACHINE\ System\ CurrentControlset\ Services\ VXD\ MSTCPSet the DefaultRcvWindow to"5840"and the DefaultTTL to "128"

Note: These settings will slow down your network access speed slightly, but you will probably not evensee the difference if you are using a network card. If you are using Direct Cable you should see a sightdifference.

Adding Items to the Start ButtonTo add items when you right-click on the Start Button:1.Open RegEdit2.Go to HKEY_CLASSES_ROOT\Directory\Shell3.Right-click on Shell and select New Key4.Type in the name of the key and press the Enter key5.In the Default name that shows in the right hand panel, you can add a title with a "&" character infront of the letter for a shortcut

6.Right-click on the key you just created and create another key under it called command7.For the value of this command, enter the full path and program you want to execute8.Now when you right click on the Start Button, your new program will be there.9.For example, if you want Word to be added, you would add that as the first key, the default in theright panel would be &Word so when you right click on the Start Button, the W would be the Hot Key onyour keyboard. The value of the key would be C:\Program Files\Office\Winword\Winword.exe

Remove Open, Explore & Find from Start ButtonWhen you right click on the Start Button, you can select Open, Explore or Find.Open shows your Programs folder. Explore starts the Explorer and allows access to all drives.Find allows you to search and then run programs. In certain situations you might want to disable thisfeature.To remove them:1.Open RegEdit2.Go to HKEY_CLASSES_ROOT\Directory\Shell\Find3.Delete Find4.Scroll down below Directory to Folder5.Expand this section under shell6.Delete Explore and OpenCaution: - When you remove Open, you cannot open any folders.

Removing Items from NEW Context MenuWhen you right-click on the desktop and select New, or use the File Menu item in the Explore and selectNew a list of default templates you can open up are listed.To remove items from that list:1. Open RegEdit2. Do a Search for the string ShellNew in the HKEY_CLASSES_ROOT Hive3. Delete the ShellNew command key for the items you want to remove.

Changing Telnet WindowYou can view more data if you increase the line count of Telnet. By Default it has a window size of 25lines. To increase this so you can scroll back and look at a larger number on lines:1. Open RegEdit2. Go to HKEY_CURRENT_USER\Software\Microsoft\Telnet3. Modify the value data of "Rows"

Changing the Tips of the DayYou can edit the Tips of the day in the Registry by going to:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\ CurrentVersion\ explorer\ Tips

Disabling Drives in My ComputerTo turn off the display of local or networked drives when you click on My Computer:1.Open RegEdit2.Go toHKEY_CURRENT_USER\Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer3.Add a New DWORD item and name it NoDrives4.Give it a value of 3FFFFFF5.Now when you click on My Computer, none of your drives will show.

Changing the caption on the Title BarChange the Caption on the Title Bar for OutLook Express or the Internet Explorer:For Outlook Express:1. Open RegEdit2. Go toHKEY_CURRENT_USER\Software\Microsoft\OutLook ExpressFor IE5 and up use:HKEY_CURRENT_USER\IDENTITIES \{9DDDACCO-38F2-11D6-93CA-812B1F3493B}\ SOFTWARE\MICROSOFT\ OUTLOOK EXPRESS\5.03. Add a string value "WindowTitle" (no space)4. Modify the value to what ever you like.

For no splash screen, add a dword value "NoSplash" set to 1The Key {9DDDACCO-38F2-11D6-93CA-812B1F3493B} can be any key you find here. Each user has hisown Key number.The Key 5.0 is whatever version of IE you haveFor Internet Explorer:1. Open RegEdit2. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main3. Add a string value "Window Title" (use a space)4. Modify the value to what ever you like.

Disabling the Right-Click on the Start ButtonNormally, when you right button click on the Start button, it allows you to open your programs folder,the Explorer and run Find.In situations where you don't want to allow users to be able to do this in order to secure your computer.1.Open RegEdit2.Search for Desktop3.This should bring you to HKEY_CLASSES_ROOT\Directory4.Expand this section5.Under Shell is Find6.Delete Find7.Move down a little in the Registry to Folder8.Expand this section and remove Explore and OpenNow when you right click on the Start button, nothing should happen.You can delete only those items that you need.Note: - On Microsoft keyboards, this also disables the Window-E (for Explorer) and Window-F(for Find) keys.See the section on Installation in the RESKIT to see how to do this automatically during an install.

Disabling My ComputerIn areas where you are trying to restrict what users can do on the computer, it might be beneficial todisable the ability to click on My Computer and have access to the drives, control panel etc.To disable this:1.Open RegEdit2.Search for 20D04FE0-3AEA-1069-A2D8-08002B30309D

3.This should bring you to the HKEY_CLASSES_ROOT\CLSID section4.Delete the entire section.Now when you click on My Computer, nothing will happen.You might want to export this section to a Registry file before deleting it just in case you want to enableit again. Or you can rename it to 20D0HideMyComputer4FE0-3AEA-1069-A2D8-08002B30309D. You canalso hide all the Desktop Icons, see Change/Add restrictions.

Opening Explorer from My ComputerBy default, when you click on the My Computer icon, you get a display of all your drives, the ControlPanel etc. If you would like to have this open the Explorer:1. Open RegEdit2. Go toHKEY_CLASSES_ROOT\CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}\ Shell3 . Add a new Key named "Open" if it does not exists by right clicking "Shell" and selecting new.4. . Add a new Key named "Command" by right clicking "Open" and selecting new5. Set the (Default) value for the Command Key to "Explorer.exe" or "C:\Windows\Explorer.exe"

Recycle Bin EditsFooling with the recycle bin. Why not make the icon context menu act like other icon context menus.Add rename to the menu:HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}\ ShellFolder"Attributes"=hex:50,01,00,20Add delete to the menu:HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}\ ShellFolder"Attributes"=hex:60,01,00,20Add rename and delete to the menu:HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E} \ShellFolder"Attributes"=hex:70,01,00,20Restore the recycle bin to Windows defaults including un-deleting the icon after deletion:Restore the icon.HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows \CurrentVersion\ explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}@="Recycle Bin"Reset Windows defaults.HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E} \ShellFolder"Attributes"=hex:40,01,00,20Other edits to the recycle bin icon:HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}\ ShellFolder"Attributes"=hex:40,01,01,20 ... standard shortcut arrow"Attributes"=hex:40,01,02,20 ... a different shortcut arrow"Attributes"=hex:40,01,04,20 ... and still another shortcut arrow"Attributes"=hex:40,01,08,20 ... make it look disabled (like it's been cut)

For Windows XP and 2000 also edit HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\CurrentVersion\ Explorer\ CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}For Windows ME also edit HKEY_CURRENT_USER \Software\ Classes\ CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}

Setting the Minimum Password Length1.Open RegEdit2.Go toHKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Policies\ Network3. Now, choose the Edit/New/Binary value command and call the new value MinPwdLen. Press Entertwice and Assign it a value equal to your minimum password length.

Add\delete programs to run every time Windows startsYou can start or stop programs from executing at boot up by adding or deleting them to/from the runKeys in the Registry. Windows loads programs to start in the following order; Program listed in the LocalMachine hive, then the Current User hive, then theWin.ini Run= and Load = lines. then finally programsin your Start Up folder.

To add or remove programs in the Registry1.Open RegEdit2.Go to the desired KeyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \RunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \RunServicesHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion \RunHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion \RunServices3. Add a new String Value and name it anything you like4. For the value data, enter the path and executable for the program you want to run.

By adding the value to the HKEY_CURRENT_USER hive instead allows the program to start only whenthat user is logged on.

If you add the value to the RunOnce key the program will run once and be removed from the key byWindows.

Removing the Shortcut Icon Arrows1.Open RegEdit2.Open the Key HKEY_CLASSES_ROOT3.Open the Key LNKFILE4.Delete the value IsShortcut5.Open the next Key PIFFILE6.Delete the value IsShortcut7.Restart the Windows

Turn Off Window AnimationYou can shut off the animation displayed when you minimize and maximize Windows.1. Open RegEdit2. Go to HKEY_CURRENT_USER\Control panel \Desktop\ WindowMetrics3. Create a new string value "MinAnimate".4. Set the value data of 0 for Off or 1 for On

Changing your Modem's Initialization String1.Open RegEdit2.Go toHKEY_LOCAL_MACHINE\System\CurrentControlSet \Services \Class \Modem \0000 \Init3.Change the settings to the new values

Increasing the Modem TimeoutIf your modem it is timing out during file transfers or loading Web Pages, you might try increasing thetimeout period. To change the Time Out::1.Open RegEdit2.Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\ Class\ Modem\ XXXX\ SettingsWhere XXXX is the number of your modem3. In the right panel and double click on Inactivity Timeout4.The number of minutes for a timeout should be entered between the brackets.5.For example, a setting could have S19=<10> to set it to 10 minutes.

Removing Programs from Control Panel's Add/Remove Programs SectionIf you uninstalled a program by deleting the files, it may still show up in the Add/Remove programs listin the Control Panel.In order to remove it from the list.1.Open RegEdit2.Go to HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall3.Delete any programs here.If you have a problem locating the desired program open each key and view the DisplayName value

The Fix for Grayed Out Boxes

The File Types tab in Explorer's View / Options menu lets you edit most of your file types, but certainsettings cannot be changed. The default action for a batch file, for instance, runs the batch file instead ofopening it via Notepad or Wordpad. Thus, when you double-click on AUTOEXEC.BAT, a DOS windowopens, and the file executes. If you want to change this default action and edit a batch file when youdouble-click on it, however, the File Types tab does not let you do so; the Set Default button for the filetype called MS-DOS Batch File is always grayed out.

The button is grayed out because HKEY_CLASSES_ROOT's batfile key contains an EditFlag value entry.Such entries are used throughout the Registry to prevent novice users from altering certain systemsettings. The binary data in batfile's EditFlag reads d0 04 00 00. If you change this value to 00 00 00 00,you can then change any of the batch file settings. Do not, however, indiscriminately zero out EditFlag; ifyou do so in a system ProgID such as Drive or AudioCD, it completely disappears from the File Types list.For ProgIDs that are linked to extensions, set all EditFlags to 00 00 00 00. For system ProgIDs, replaceEditFlag data with 02 00 00 00.

If you wish to have access to some buttons while leaving others grayed out, you must know the functionof each EditFlag bit. The last two bytes of data are always zero, but most bits within the first two byteshave a specific effect:

Byte 1, bit 1: Removes the file type from the master list in the File Types tab (select View / Optionsunder Explorer) if it has an associated extension.

Byte 1, bit 2: Adds the file type to the File Types tab if it does not have an associated extension.Byte 1, bit 3: Identifies a type with no associated extension.Byte 1, bit 4: Grays out the Edit button in the File Types tab.Byte 1, bit 5: Grays out the Remove button in the File Types tab.Byte 1, bit 6: Grays out the New button in the Edit File Type dialog (select the Edit button in the File

Types tab).Byte 1, bit 7: Grays out the Edit button in the Edit File Type dialog.Byte 1, bit 8: Grays out the Remove button in the Edit File Type dialog.Byte 2, bit 1: Prevents you from editing a file type's description in the Edit File Type dialog.Byte 2, bit 2: Grays out the Change Icon button in the Edit File Type dialog.Byte 2, bit 3: Grays out the SetDefault button in the Edit File Type dialog.Byte 2, bit 4: Prevents you from editing an action's description in the Edit Action dialog (select the Edit

button in the Edit File Type dialog).Byte 2, bit 5: Prevents you from editing the command line in the Edit Action dialog.Byte 2, bit 6: Prevents you from setting DDE (Dynamic Data Exchange) fields in the Edit Action dialog.

The EditFlags value for Drive, for instance, is d2 01 00 00 in Hex (1101 0010 0000 0001 in binary). Bits 2,5, 7, and 8 are on in byte 1, and bit 1 is on in byte 2. The EditFlag for batfile is d0 04 00 00 in Hex or 11010000 0000 0100 in binary. In this case, bits 5, 7, and 8 are on in byte 1, and bit 3 is on in byte 2.

Bits 4, 5, and 6 of byte 2 apply only to actions that are protected. EditFlags with action keys (such asHKEY_CLASSES_ROOT\batfile\shell\open) determine protection. If byte 1, bit 1 of such an EditFlag is 0(or if there is no EditFlag), then the action is protected. If byte 1, bit 1 is 1, then the action isunprotected.

Protection on system files

To enable protection on system files such as the KnownDLLs list, add the followingvalue;1. Open RegEdit2. HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Control\ SessionManager3. Create the a Dword value and name it "ProtectionMode "4. Set the Value to1

How to display a legal notice on startupThis is how to make a legal notice appear on startup:Open RegeditNavigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system"legalnoticecaption:"enter your notice caption here"legalnoticetext:"enter your legal notice text here"

Add admin user to welcome screen:Start the Registry Editor Go to:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \SpecialAccounts \ UserList \

Right-click an empty space in the right pane and select New > DWORD Value Name the new valueAdministrator. Double-click this new value, and enter 1 as it's Value data. Close the registry editor andrestart.

Kill Processes immediately:When logging off, you sometimes get an “End Task” dialog prompt, indicating a program that doesn’tshut itself down. You can suppress the prompts and have Windows kill these programs automaticallywhen you log off. In regedit, find key HKEY_CURRENT_USER\Control Panel\Desktop Look for the valueAutoEndTasks, and change it from 0 to 1.

No Shutdown:Wanna play with your friends by removing the shutdown option from start menu in their computer.RegeditHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer"NoClose"="DWORD:1"

Show Superhidden Files:Even if you turn on show hidden files in Windows Explorer some files will remain hidden. These files aresuper hidden. Set the registry value below to 1.

Unblock Regedit and CMD prompt:Save this file is a .reg file then execute itREGEDIT4[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldApp]"Disabled"=dword:0[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]"DisableRegistryTools"=dword:0

Memory PerformanceImproving memory performance can be done simply by preventing your hard drive from being used forcache. This is only useful with 256Mb or more of RAM.Everything that you'll need to edit here can be found inHKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Session Manager/Memory ManagementSo of course add [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management] to your *.reg file.Disable Paging ExecutiveThis will prevent pages sections from RAM going to the hard drive. If you have a large amount of RAM atleast 256Mb (I suggest 512) you might want to keep the data in your RAM to improve your performanceconsiderably due to reduced amount of hard drive swappage. The entry that you will want to modify iscalled DisablePagingExecutive. Changing this from 0 to 1 will keep the data in your RAM."DisablePagingExecutive"=dword:00000001

System Cache BoostThe XP kernel can be loaded into your RAM with a simple registry edit. This can greatly improveperformance since the NT Kernel will always be in your RAM. With this edit you will allocate roughly4Mb of your RAM for the kernel. Sometimes more RAM is used but most of the time it is only 4Mb. The

entry that you will need to find is called LargeSystemCache and you'll need to change this from 0 to 1 inorder to enable this."LargeSystemCache"=dword:00000001To put both of these RAM tweaks into use you'll add something like this to your reg file[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]"DisablePagingExecutive"=dword:00000001"LargeSystemCache"=dword:00000001

The XP PrefetcherWindows XP has a service called the Prefetcher. It basically monitors the different programs that startduring startup and helps them launch faster.To find this tool browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management\PrefetchParametersThe important key is EnablePrefetcher. Default value for this is 3. You will want to try numbers between1 and 6. 5 seems to work best for me but your mileage may vary.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\MemoryManagement\PrefetchParameters]"EnablePrefetcher"="5"