Windows Vista – Naughty But Nice Settings

Windows Vista – Naughty But Nice Settings

I honed many of these tips when delivering training courses.  Time-saving ideas, such as AutoAdminLogon, are nice for environments where computer security is not important.  However, employing them in a normal work environment maybe naughty.

Windows Vista – Naughty But Nice Topics:

• Turn Off Vista’s Nagging UAC (User Account Control)
• Activate the Hidden Administrator
• Vista Registry Setting – AutoAdminLogon
• Screen Saver
• Windows Vista Remote Desktop
• IE7 Tools, Internet Options
• Funny Vista Error Codes
• Vista BootSkin – Nice, but can be naughty
• 7 Naughty, but Nice Settings for Windows Server 2008

 ♦

Turn Off the Nagging UAC (User Account Control)

The problem: Every time you want Vista to perform an administrative task you get a nagging UAC dialog box.  You have to interrupt your train of thought and click ‘Continue’.  Now it is naughty to turn off this security feature, but nice to have your instructions completed that bit quicker and without a frustrating distraction.

This Local Security Policy method is designed to control the UAC settings for computers that have joined a domain.  For Vista Home Editions, or any Vista’s not joined to the a domain see below.

Stage 1) Preliminary task: Launch the Local Security Policy. 
Method A) Begin by clicking on Vista’s Start button, then in the Start Search dialog box type: secpol.msc.  Note: you must include the .msc extension.

Method B) Display Vista’s Administrative Tools. right-click the Taskbar, select Properties, Start Menu, Customize, Advanced; scroll to the bottom and find System Administration Tools, place the radio button next to ‘Display on the All Programs menu’.

From the Administrative Tools, find the Local Security Policy, then expand the Security Options folder.  You should see the screen shot opposite.

Stage 2)  The situation is that you have now opened the Local Security Policy.  Scroll down and locate the family of settings beginning with ‘User Account Control’.

User Account Control: Behavior of the elevation prompt for administrators…..
Set to: Elevate without prompting.

UAC Method for Non-domain Users

In the case of a Vista Machine that is not joined to a domain, Microsoft provide a menu whereby you can turn off UAC.  What can I say?  You should not use this setting?  That would be hypocritical; as someone who loves AutoAdminLogon for non production machines, then unsurprisingly, Guy will uncheck the box: ‘Use User Account Control…’  If you too would like to turn off UAC, then navigate thus:

Control Panel -> User Accounts -> Turn User Account Control On or Off.  Now decide if you want to untick the box which say: ‘Use User Account Control (UAC) to help protect your computer’.

Activate the Hidden Administrator

Not many people know that Vista has a hidden super user account.  I will show you how to activate this Vista Administrator account via a ‘Net User’ command.  One benefit of logging on as this super account is that you will never be prompted for the nagging UAC dialog box.

The procedure is straightforward, just head for the cmd prompt and type:
Net user administrator /active:yes.  

The only trap is that many systems require a complex password so that you need to add a password to the command string thus
Net user administrator p@ssw0rd /active:yes

N.B. Any problem with this command try Net Help User.

See more on the Vista Hidden Administrator Account

Guy Recommends:  A Free Trial of the Network Performance Monitor (NPM) v11.5

SolarWinds’ Orion performance monitor will help you discover what’s happening on your network.  This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.

What I like best is the way NPM suggests solutions to network problems.  Its also has the ability to monitor the health of individual VMware virtual machines.  If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.

Download a free trial of Solarwinds’ Network Performance Monitor

Vista Registry Setting – AutoAdminLogon

The idea behind AutoAdminLogon is to enable a user to logon to a computer without having to type a password.  A typical scenario would be a test machine on a private network.  With AutoAdminLogon enabled, when you restart the machine it automatically logs on a named user.  The trick, which also its liability, is to set the DefaultPassword in the registry.

Instructions for Setting AutoAdminLogon

1. Type ‘regedit’ in the Start Search dialog box.
2. Next navigate to:
   HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon
   AutoAdminLogon = 1
3. Created a new String Value called DefaultPassword
   DefaultPassword = "P@ssw0rd"
4. Check the existence of a REG_SZ called DefaultUserName.  The value should reflect the user who you wish to logon automatically.  If this value does not exist, then right-click in the right pane, new, REG_SZ, name it, DefaultUserName.
5. Optional Item: If you’re Vista Machine has joined a domain, created a String Value called DefaultDomainName.  Set
   DefaultDomainName = "OnlyYouKnowDomain"

Addendum for Vista Home Editions

I have been using AutoAdminLogon since NT 3.5.  However, in Vista Home editions there is a much easier alternative. 

Navigate to the Control Panel, User Accounts, Users and remove the tick in:
Users must enter a user name and password.  All you need to do next is type the password twice a the, ‘Automatically Log On’ dialog box.  Once Vista restarts it will logon that user automatically.  See screen shot. 

Before you go try this configuration, I did not, repeat, not find this setting in a machine which had joined an Active Directory domain.

See more on AutoAdminLogon

Screen Saver (None)

The security feature of the screen saver is designed to lock the keyboard if you leave your workstation for more than 10 minutes.  In some offices Psycho** jumps on any unattended computer and performs puerile pursuits, such as sending obnoxious emails to your superiors from your email account.

However, if you are based in your own office or home, with no security threat from ‘Psycho’, then it’s tempting to disable the screen saver.  right-click on the Vista desktop, select Personalize from the short cut menu and Screen Saver is the third item on the next menu.

 If you are feeling naughty select (None) from the list of possible screen savers.

Incidentally, while you have the Personalize menu open, take the opportunity to adjust your Display Settings in general and your Refresh rate in particular.  I recommend a value of 90 MHz, provided your monitor supports this nice, flicker-free value. 

** Every organization has at least one Psycho user.  Amongst their characteristics are: a belief that they know more than they really do, they often read computer articles, but invariable get the wrong end of the stick.   Psychos are invariably male and they have the knack of breaking systems that normally work perfectly well, single-handedly they account for 80% of all computer problems in your department.

Recommended: Solarwinds’ Permissions Analyzer – Free Active Directory Tool

I like thePermissions Analyzer because it enables me to see WHO has permissions to do WHAT at a glance.  When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, and takes into account network share access, then displays the results in a nifty desktop dashboard!

Think of all the frustration that this free SolarWinds utility saves when you are troubleshooting authorization problems for user’s access to a resource.  Give this permissions monitor a try – it’s free!

Download SolarWinds’ Free Permissions Analyser – Active Directory Tool

Windows Vista Remote Desktop

What Remote Desktop does is enable one Vista machine to connect to another.  This is useful if you wander from one office to another, Remote Desktop is a great way to borrow (hijack) another Vista or XP machine so that you can check your email.  Another use of Remote desktop is to find an urgent document on your own machine even though you are physically at the other side of the building.

There is one problem, by default Remote Desktop is disabled, once again for security reasons.  The solution requires foresight, you have to enable Remote Desktop before you leave your machine and start wandering around to the remote ‘client’ machine.

To enable Remote Desktop, open the System Properties. My favorite method is to hold down the Windows Key , then press the Pause / Break key.  Alternatively, you could navigate via the Control Panel, Support and Maintenance, System and then Remote Settings.  Naturally, add your own account in the Select Users dialog box, because in this scenario, you will be the person taking advantage of Remote Desktoping to this machine.  If in doubt, select the link ‘Help me choose’

If you can think of scenarios where your friends could benefit from using your machine, then add their accounts in the dialog box.  However be warned, you are asking for trouble if you are not selective as to who can connect to your machine, for example, when you are working Psycho will annoy you by trying to logon to your machine. 

Remote Desktop Connection.

To activate the client side of the connection, i.e. on the remote machine, go to Start, All Programs, Accessories and Remote Desktop Connection.

The golden rule is that only one desktop can be active, either the local Vista desktop, or the remote connection, but not both.  This is obviously for licensing reasons otherwise you could get two Vista sessions for the price of one licence.  One bonus of this knowledge is that if it’s a disciplinary offence to leave your Vista desktop unlocked, you can hop onto someone else’s machine and Remote Desktop to your own Vista computer.  The act of connecting will lock the screen / keyboard on the remote Vista machine.

Trap: Don’t confuse Remote Desktop with Remote Assistance

There you have it, naughty if you set Remote Desktop incorrectly in high security company, nice if you regularly travel around a large office and need access to your Vista desktop remotely.

Try SolarWinds Web Help Desk »

IE7 / IE8 (Internet Explorer) Tools (menu) Internet Options

The general reaction to IE7 is that it is strange, quirky, even ‘funny’ when you first try the new interface.  Then, like so many of Windows Vista features, you don’t want to go back to the old ways of IE6.

One nice setting is having multiple home pages.  I love the idea of IE7 (or IE8) opening 3 or 4 tabs when I launch this browser.  One annoying setting is the Tabs, when I open a new tab, I prefer my topmost home page to open rather than a blank page.  Another annoying setting is ‘Warn me when closing multiple tabs’.  I disable this tab feature. However, it does not matter what I do, my hidden agenda is to persuade you to check out the IE7, Tools, Internet Option, 6 tabs and umpteen Settings menus.

One obvious suggestion, that hardly merits the word tip, is to add a shortcut to your IE7 to your Startup folder.  For this click on Start, All Programs, Startup, Open; now you can copy an IE7 shortcut to the Startup folder.  While you are there, you may as well add a shortcut to your email client (Outlook).

Vista BootSkin – Nice but can be naughty

If you dissect the word BootSkin then you get ‘boot’ and ‘skin’.  Thus a Vista bootskin is special screen that you see at the very beginning when Vista machine starts its boot sequence.  Sometimes manufacturers add these bootskins to customize their machines.  Inevitably, there are 3rd parties who create these nice flashy startup screens.  The naughty bit is that they may crash your machine.  This can be insidious as all works well until Microsoft release a security update, at which point the XP or Vista machine no longer boots.  Here is a case that I had to troubleshoot with XP:

The solution was to disable the bootskin, but I did not find it easy.

In my opinion fiddling with BootSkin’s is a liability, there is not much gain, other than posing for your friends.  The downside is a worry, the next security patch or the first service pack may render your machine unbootable.

Windows Vista – Naughty But Nice Settings

Like the whole of life, you have to know when to be nice and when it’s OK to be naughty.  Turning on settings such as AutoAdminLogon is nice in training rooms, or on test networks, but naughty in medium security environments.  Remote Desktop could be nice for you, but naughty if you add the office Psycho to the ‘Select Users’ list.

Configuring Windows Vista Topics: