Using the Registry Win2000 Security Settings—All Guide to Use Registry
Note: The changed registry item is located in HKEY_CURRENT_USER.
If for a user, change the corresponding key value located under HKEY_USERS\(S-1-5-21-746137067-507921405-1060284298-500) (user code).
1. Prevent others from obtaining access information to web pages
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs are used to save IE history, save the last 25 websites viewed, and selectively deleted.
2. Start Menu and Taskbar
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,
(1) Disable up and down drag on the Start menu: Create a new DWORD type NoChangeStartMenu, set the value to: 1 (0x1).
(2) Disable changes to the taskbar and start menu settings: Create a new DWORD type NoSetTaskbar, set to: 1 (0x1).
(3) Do not keep the record of the recently opened document: Create a new DWORD type NoRecentDocsHistory, set the value to: 1 (0x1).
(4) Disable personalized menu: Create a new DWORD type Intellimenus, set the value to: 1 (0x1).
(5) Disable user tracking function: Create a new DWORD type NoInstrumentation, set the value to: 1 (0x1).
Note: This function is a function of the system to track the programs used by the user, the paths used by the user, and the documents opened by the user. The system uses this information to customize Windows functions, such as personalized menus, etc.
(6) Prevent the system from parsing a shortcut key by searching for a comprehensive target drive. (NTFS format only): Create a new DWORD type NoResolveSearch, set to: 1 (0x1).
Note: By default, when the system cannot find the target file for the shortcut key (.lnk), it looks for all paths related to the shortcut key. If the target file is located in the NTFS partition, the system will use the target file ID to find the path. Settings prevent the system from parsing a shortcut key by performing a comprehensive target drive search.
(7) Prevent the system from using the NTFS tracking function to parse a shortcut key. (NTFS format only): Create a new DWORD type NoResolveTrack, set to: 1 (0x1).
3. Desktop settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,
(1) Delete "Online Neighbor" on the desktop: Create a new DWORD type NoNetHood, set the value to: 1 (0x1).
(2) Delete the IE icon from the desktop and Quick Start: Create a new DWORD NoInternetIcon, set the value to: 1 (0x1).
(3) It is prohibited to add the latest open document share to "Online Neighbors": Create a new DWORD type NoRecentDocsNetHood, set the value to: 1 (0x1).
(4) Disable change of the path of the "My Documents" folder: Create a new DWORD type DisablePersonalDirChange, set the value to: 1 (0x1).
(5) No changes to the desktop toolbar are prohibited: Create a new DWORD type NoCloseDragDropBands, and the value is set to: 1 (0x1).
(6) It is prohibited to adjust the length of the desktop toolbar, and the item or toolbar cannot be replaced on the locked toolbar: Create a new DWORD type NoMovingBands, the value is set to: 1 (0x1).
(7) Do not save settings when exiting: Create a new DWORD of NoSaveSettings DWORD, the value is set to: 1 (0x1).
(8) Disable the active desktop: Create a new DWORD type NoActiveDesktop, set to: 1 (0x1).
(9) Enable the active desktop: Create a new DWORD type ForceActiveDesktopOn, set the value to: 1 (0x1).
(10) Disable changes to active desktop configuration: Create a new DWORD type NoActiveDesktopChanges, set the value to: 1 (0x1).
(11) Hide all icons of the desktop: Create a DWORD of the new DWORD type NoDesktop, set to: 1 (0x1).
(12) Disable changes to active desktop configuration: Create a new DWORD of NoActiveDesktopChanges, and the value is set to: 1 (0x1).
In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies, create a new NonEnum item.
(1) Create a new DWORD type {450D8FBA-AD25-11D0-98A8-0800361B1103}, and the value is set to: 1 (0x1).
Create a new ActiveDesktop item,
(1) Disable the project of the active desktop, but you can use the active desktop: Create a new DWORD type NoComponents, and the value is set to: 1 (0x1).
(2) Prevent users from adding web content to the "Active Desktop": Create a new DWORD-type NoAddingComponents, set the value to: 1 (0x1).
(3) Only bitmaps are allowed as wallpaper: Create a new DWORD type NoHTMLWallPaper, set the value to: 1 (0x1).
(4) Replacement of desktop wallpaper is prohibited: Create a new DWORD type NoChangingWallPaper, set to: 1 (0x1).
Create a new System item,
(1) Hide "appearance": Create a new DWORD type NoDispAppearancePage, set the value to: 1 (0x1).
(2) Disable "display" in the control panel: Create a new DWORD type NoDispCPL, set the value to: 1 (0x1).
(3) Disable "Screen Saving" option: Create a new DWORD type NoDispScrSavPage, set the value to: 1 (0x1).
(4) Hide the "Settings" option: Create a new DWORD type NoDispSettingsPage, set the value to: 1 (0x1).
(5) Hide "background": Create a new DWORD type NoDispBackgroundPage, set the value to: 1 (0x1).
In HKEY_CURRENT_USER\Software\Policies\Microsoft, create a new Windows item, a new Control Panel item, and a new Desktop item under it.
(1) Disable "Screen Save": Create a new character type ScreenSaveActive, set to: 0.
(2) Add password to all screen savers: Create a new character type ScreenSaverIsSecure, set to: 1.
(3) Set the delay time of screen protection (units are seconds, the value should be between 1-86400): Create a new character type ScreenSaveTimeOut, and set the value to the required time.
(4) Only allow users to use specific screen savers: create a new character type, and set the value to the required screen saver name (*.scr).
Note: If the target screen saver is not in %systemroot%\System32, you need to enter the full path.
Create a new Directory UI item,
(1) Specify the maximum number of objects displayed in the Active Directory system in response to browsing or searching (set 1000, default 10000): Create a new DWORD type QueryLimit, set the value to 1000 (0x3e8).
(2) Display the filter bar on Active Directory search: Create a new DWORD type EnableFilter, set the value to: 1.
(3) Hide Active Directory folder: Create a new DWORD HideDirectoryFolder, set the value to: 1.
4. Control Panel
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,
(1) Disabling the "Control Panel" includes: Create a new DWORD type NoControlPanel, with the value set to: 1.
Note: It is also prohibited to run.
(2) Disable some control panel files: Create a new DWORD DisallowCpl DWORD, the value is set to: 1;
Create a new DisallowCpl item under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, create a new string 1, and set the value to the disabled control panel file.
Note: If you want to disable multiple files at the same time, you need to create a string of corresponding numbers. The naming method extends downward in the form of Arabic numerals, and the key value is the control panel file you want to disable.
(3) Only use specific control panel files: Create a new DWORD type RestrictCpl, set the value to: 1;
Create a new RestrictCpl item under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, create a new string 1, and set the value to the required control panel file.
Note: Multiple files can be enabled at the same time, the method is the same as above.
5. Add/remove programs
In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies, create a new Uninstall item.
(1) Disable "Add and delete programs" (do not prevent other methods from installing and deleting programs): Create a new DWORD type NoAddRemovePrograms, and the value is set to: 1.
(2) Hide "Change or delete program": Create a new DWORD type NoRemovePage, set the value to: 1.
(3) Hide "Add New Program": Create a new DWORD type NoAddPage, set the value to: 1.
(4) Hide "Add Programs from CD-ROM or Floppy": Create a new DWORD type NoAddFromCDorFloppy, set the value to: 1.
(5) Hide "Add Programs from Microsoft": Create a new DWORD type NoAddFromInternet, set the value to: 1.
(6) Hide "Add Programs from the Network": Create a new DWORD type NoAddFromNetwork, set the value to: 1.
(7) Hide "Add/Remove Components": Create a new DWORD-type NoWindowsSetupPage, set the value to: 1.
(8 Disable "SupportInfo": Create a new DWORD type NoSupportInfo, set to: 1.
(9) Specify the program classification that appears when the user opens the "Add New Program" page. (This category must be included in the Add/Remove Definition): Create a new character type DefaultCategory, set the value to the required category.
6. Forbid users to select menus and dialogue languages of Windwos2000 (taking the prohibition of "Japanese" as an example)
In HKEY_CURRENT_USER\Software\Policies\Microsoft, create a new Control Panel item, and create a new Desktop item under it, and create a new character MultiUILanguageID, and set the value to 00000411.
7. Make hidden files completely hidden
HKEY_LOCAL_MASHINE\Software\Microsoft\Windows\CurrentVersionExplorer\Advanced\Folder\Hidden\ShowAll, modify (create a new DWORD type) Checkedvalue value to 0, and files set to hidden attributes will be truly hidden (the option to prohibit displaying all files). If you want to display it, just change the Checkedvalue value to 1.
8. Forgot Windows 2000 login password (use with caution!)
The SAM file in the WINNT\System32\Config directory is deleted and restarted.
Note: SAM (Security Accounts Management Database): Security Account Management Database, Windows NT/2000 system core, storing group account and user account information of the domain controlled by the local machine and operating system. The description information and permission information of each group in the domain are stored in the SAM, and the following part stores the description information of the domain user and encrypted password data, etc.
The password of the superuser Administrator is stored after the last "Administrator" string in the SAM file.
9. Turn off Windows file protection
Warning: After modification, you can directly delete key Windows files.
By default, the system prohibits users from deleting system and program files, and the restrictions can be lifted after modifying the registry.
In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, the value of SFCDisable is set to 0xFFFFF9D.
To use file protection, change the value to 0 again.
Operation skills:
1. Quickly hide the taskbar
The taskbar automatically hides slowly. If you want to speed up, eliminate the "Show window content when dragging" item in the "Visual Effects" display property.
2. Quickly view the specific location of the file
Right-click the file and drag the file directly into the "Run" dialog box, and the extension and full path of the file will be displayed.
3. Implement fast positioning in the URL
When achieving accurate positioning in a relatively long URL, you can use keyboard operations in addition to using a mouse. Press Ctrl+←, and the cursor quickly moves to the left in units of words; press Ctrl+→, and the cursor quickly moves to the right in units of words.
4. Send emails quickly
"New"/"Shortcut" command → "Please type the location of the project" → enter "mailto:" → "Type the name of the shortcut" → enter "New Mail". Click this shortcut to create a new email.
5. Automatically close the screensaver before disk consolidation
Create a new Defrag in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets, create a new Sett ings under it, and create a new string value "disableScreenSaver" in the right window, and set the value to "YES".
6. Add shutdown function in the login dialog box
In HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon, ShutdownWithoutLogon value is set to 1.
7. Turn off the machine with one click
Create a new primary key of "Close" in HKEY_CLASSES_ROOT\Directory\shell, enter "Close Computer" in the "Key Value" column (displayed in the right-click menu), and define shortcut keys after &. Create a first-level subkey "Command" under "Close", and enter ",EXITWINDOWS" in the "Key Value" column.
8. Clear the recycling station anywhere
Create "{645FF040-5081-101B-9F08-00AA002F945E}" in HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers.
9. Speed up shutdown
Create a new "string value" FastReboot in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Shutdown, set to 1.
10. Dial-up acceleration
MODEM properties → Modem. Where "maximum port speed" represents the maximum speed that allows a program to transfer data to the modem, usually faster than the modem.
Confirm to set it to 115,200bps. Select the Advanced page and add the initialization parameters provided in the MODEM manual to the "Extra Initialization Command". Regardless of whether there is an initialization command provided by MODEM, add the "s11=40" command to speed up the dialing speed of MODEM.
11. IE window dynamic effect
HKEY_CURRENT_USER\ControlPanel\desktop\WindowMetrics, create new string values "Minanimat" and "Maxanimat" in the window on the right, and set the values to "0" and "1" respectively, and there will be a diversion effect when switching between the maximum and minimized IE windows.
12. Change the IE browser security password
In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies, delete the Ratings subkey.
13. Change the IE default download directory
In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer, modify the DownloadLoad Directory.
14. Modify IE search engine
In HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\Search, change CustomizeSearch and SearchAssistant to custom search engines.
IE default engine: /{SUB_RFC1766}/srchasst/
15. Customize the IE browser address
About is a special protocol other than http, ftp, mailto, and gopher. It can be used to use alias to access specific web pages.
In HKEY_LOCAL_MACHLNE\Software\Microsoft\Internet Explorer\AboutURLs, create a new string value, change it to the web alias, and set the value to the URL pointed to, and cannot save "http://".
16. Add IE automatic recognition function
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate: UrlTemplate branch 6 string values, the key values are "www.%", "www.%", "www.%", etc., which are used to specify the IE automatic matching range. Create two new strings under the UrlTemplate branch, and set the values to "www.%" and "%" to allow IE to automatically recognize the "." suffix.
17. Use multi-threaded downloads
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Internet Settings,
Create a new MaxConnectionsPerserver to determine the maximum number of connections (5~8);
For HTTP 1.0 Server, create a new MaxConnectionsPerl_OServer and change the value to the maximum number of synchronous downloads
(Source: Hot Network)