| Registry DataBase : Policies | |
| Password - System properties - Editing the registry - Program Manager Enabling policies - Event Watcher - User folders - Windows 2000 |
|
| Top | Password |
| Key :
HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion
\Policies \Network Entry : MinPwdLength System : 95, 95+IE4.x, 98, ME Type : REG_BINARY For example : 06 00 00 00 |
|
| Minimum Windows 95/98/ME password length. | |
| Key :
HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion
\Policies \Network Entry : AlphanumPwds System : 95, 95+IE4.x, 98, ME, NT, 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 0 : The system will even accept
"empty" password if you click Enter. 1 : Tells the sytem to require a password made of alphabetical and numeric characters. Alphabetical only passwords and numeric only passwords will be refused. |
|
| Key :
HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion
\Policies \Network Entry : HideSharePwds System : 95, 95+IE4.x, 98, ME, NT, 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| On a network : 0 : Shared folder passwords will be readable. 0 : Shared folder passwords will be unreadable. |
|
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Policies \System Entry : NoSecCPL System : 95, 95+IE4.x, 98, ME Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Disables Control Panel Passwords icon and its corresponding file Password.cpl. Here is a list of .cpl files. In Windows 95/98/ME, passwords are not stored in the registry but in .pwl files. | |
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Policies \System Entry : NoPwdPage System : 95, 95+IE4.x, 98, ME Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Disables the Password change tab in the Password Properties dialog box. | |
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Policies \System Entry : NoAdminPage System : 95, 95+IE4.x, 98, ME Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Disables the Remote administration tab in the Password Properties dialog box. | |
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Policies \System Entry : NoProfilePage System : 95, 95+IE4.x, 98, ME Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Disables the User profiles tab in the Password Properties dialog box. | |
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Internet Settings Entry : DisablePasswordCaching System : 95, 95+IE4.x, 98, ME Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Disables system remembering passwords when connecting with Internet Explorer. | |
| If a machine logs
on a Windows NT domain, a password is
created for identification in the domain. This password
and this type of communicatrion are called a secure
channel. The password is changed every 7 days in Windows
NT and every 30 days in Windows 2K.
If you forget your password, the PDC
will disable the secure channel after the machine has
missed the password change twice. If a trust relation is etablished between several Windows NT domains, a trust password is set with the trust domains which will store that password in their SAM. A difference between the trust passwords and the secure channel passwords may appear. Users will not be able to log on trust domains. On member servers the logon service is disabled and it is only possible to log on a local account. It is impossible to use remote resources. If those problems occur too often, you may want to make passwords static with RefusePasswordChange and increase the delay between password changes set in MaximumPasswordAge : |
|
| Key : HKLM
\SYSTEM \CurrentControlSet \Services \Netlogon
\Parameters System : NT, 2K Entry : RefusePasswordChange Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Disables password change on trust domains. See above paragraph. | |
| Key : HKLM
\SYSTEM \CurrentControlSet \Services \Netlogon
\Parameters System : NT, 2K Entry : MaximumPasswordAge Type : REG_DWORD Range : 0 to 1.000.000 Default : 7 days in Windows NT 4.0, 30 days in Windows NT 2000 |
|
| Delay in days before the password must be changed. See above paragraph. | |
| Top | System Properties |
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Policies \System Entry : NoDevMgrPage System : 95, 95+IE4.x, 98, ME Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Disables the Devices tab in System Properties. | |
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Policies \System Entry : NoConfigPage System : 95, 95+IE4.x, 98, ME Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Disables the Hardware profiles tab in System Properties. | |
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Policies \System Entry : NoFileSysPage System : 95, 95+IE4.x, 98, ME Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Removes the File system button in the Performance tab in System Properties. | |
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Policies \System Entry : NoVirtMemPage System : 95, 95+IE4.x, 98, ME Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Removes the Virtual memory button in the Performance tab in System Properties. | |
| Top | Editing the registry |
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Policies \System Entry : DisableRegistryTools System : 95, 95+IE4.x, 98, ME, NT, 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Disables registry editing tools. | |
| Top | Program Manager |
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Program Manager \Restrictions Entry : NoClose (Program Manager) System : 95, 95+IE4.x, 98, ME, NT, 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Prevents closing the Program
Manager. Different from NoClose (Explorer). |
|
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Program Manager \Restrictions Entry : NoFileMenu (Program Manager) System : 95, 95+IE4.x, 98, ME, NT, 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Disables File
menu in Program Manager. Different from NoFileMenu (Explorer). |
|
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Program Manager \Restrictions Entry : NoRun (Program Manager) System : 95, 95+IE4.x, 98, ME, NT, 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Disables Run
option in Program Manager. Different from NoRun (Explorer). |
|
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Program Manager \Restrictions Entry : NoSaveSettings (Program Manager) System : 95, 95+IE4.x, 98, ME, NT, 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Disables Save settings
on exit option in Program Manager. Different from NoSaveSettings (Explorer). |
|
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Program Manager \Restrictions Entry : Restrictions System : 95, 95+IE4.x, 98, ME, NT, 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Enables du Program Manager restrictions. | |
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Program Manager \Restrictions Entry : ShowCommonGroups System : 95, 95+IE4.x, 98, ME, NT, 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Displays common groups in Program Manager. | |
| Key :
HKCU \Software \Microsoft \Windows \CurrentVersion
\Program Manager \Restrictions Entry : EditLevel System : 95, 95+IE4.x, 98, ME, NT, 2K Type : REG_DWORD Range : 0, 1, 2, 3 ou 4 Default : 0 |
|
| 0 : No restrictions. 1 : Prevents creating, deleting or renaming program groups in Program Manager and disables New, Move, Copy and Delete options in File menu when a group is selected. 2 : Same restrictions as EditLevel=1. Also prevents creating or deleting programs. 3 : Same restrictions as EditLevel=2. Also prevents changing the programs' command line parameters. 4 : Same restrictions as EditLevel=3. No program property can be changed. |
|
| Top | Enabling policies |
| Key
: HKLM \SYSTEM \CurrentControlSet \Control \Update Entry : UpdateMode System : NT, 2K Type : REG_DWORD Range : 0, 1 or 2 Default : 1 |
|
| 0 : Disables system policies. 1 : Loads system policies from the Netlogon share of the authenticating server. 2 : Enables NetworkPath which contains the system policy file location. |
|
| Key
: HKLM \SYSTEM \CurrentControlSet \Control \Update Entry : NetworkPath System : NT, 2K Type : REG_SZ Default : None |
|
| Path and file name of the system policy file for Poledit. This entry is used only when UpdateMode is set to 2. | |
| Top | Event Watcher |
| Key :
HKLM \SYSTEM
\CurrentControlSet \Services \EventLog\Application Entry : RestrictGuestAccess (Apps) System : NT, 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Prevents users logged as guests
from viewing the Applications section in
the Event Watcher. The Security section can nrver be viewed by guests. |
|
| Key :
HKLM \SYSTEM
\CurrentControlSet \Services \EventLog \System Entry : RestrictGuestAccess (Sys) System : NT, 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Prevents users logged as guests
from viewing the System section in the Event
Watcher. The Security sedtion can never be viewed by guests. |
|
| Top | User folders |
| Key :
HKCU \Software \Microsoft \Windows NT\CurrentVersion
\Winlogon Entry : ExcludeProfileDirs System : NT, 2K Type : REG_SZ Possible value : Local Settings\Application Data\Microsoft\Outlook;Temporary Internet Files;Personal |
|
| Does not create those folders when you create a new profile. Use semi-colons between values. | |
| Top | Windows 2000 |
| Key :
HKLM \SOFTWARE
\Microsoft \Windows \CurrentVersion \Policies \Explorer Entry : NoNTSecurity System : 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : In Windows 2000, Removes the Windows Security item from the Start Menu \Parameters menu in Terminal Server clients. Users must use Ctrl+Alt+End to open the Windows Security dialog box. Prevents rookies opening Terminal Server services. | |
| Key :
HKLM \SOFTWARE
\Microsoft \Windows \CurrentVersion \Policies \Explorer Entry : NoDisconnect System : 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Removes the Disconnected item from the combo list the Close dialog box on Terminal Server clients. This method does not prevent users from logging off using another method. | |
| Key :
HKLM \SOFTWARE
\Microsoft \Windows \CurrentVersion \Policies \Explorer Entry : NoWelcomeScreen System : 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Does not display the Start with Windows 2000 welcome screen. | |
| Key :
HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion
\Policies \Explorer Entry : DisableLocalMachineRunOnce System : 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Ignores HKLM \Software \Microsoft \Windows \CurrentVersion \RunOnce entries in Windows 2000. | |
| Key :
HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion
\Policies \Explorer Entry : DisableLocalMachineRun System : 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Ignores HKLM \Software \Microsoft \Windows \CurrentVersion \Run entries in Windows 2000. | |
| Key :
HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion
\Policies \Explorer Entry : NoEncryptOnMove System : 2K Type : REG_DWORD Range : 0 or 1 Default : 0 |
|
| 1 : Does not automatically encrypt the files moved to encrypted folders in Windows 2000. | |
| © Franck Kiechel 2000-2001 |