Registry DataBase : Startup
Startup programs - Environment variables - Without pasword
Do not display last user - Legal notice - Connection - System - Unlock - Windows 2000
The registry is not the only available tool useful for startup settings :
MsDos.sys contains Windows 95/98/ME startup settings and Boot.ini Windows NT/2K startup settings.
 
Top Startup programs
Programs executed at startup which can not be found in Start Menu\Startup may be registered in the following keys :
System : 95, 95+IE4.x, 98, ME, NT, 2K
1.   HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Run
2.   HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \RunOnce
3.   HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \RunServices
4.   HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \RunServicesOnce
5.   HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \RunOnce\Setup
6.   HKCU \Software \Microsoft \Windows \CurrentVersion \Run
7.   HKCU \Software \Microsoft \Windows \CurrentVersion \RunOnce
Keys 1. 2. 6. 7. are executed at each logon by any user.
Keys 4. 5. are executed in the background during boot time.
Key 5 is executed after installing or removing a program. Its subkeys should be automatically erased afterwards.
Note : In safe mode, those keys are ignored.
See BrowserWebCheck for example.
 
System : 95, 95+IE4.x, 98, ME
Key : HKCU \Software \Microsoft \Windows \CurrentVersion \Windows
System : NT, 2K
Key : HKCU \Software \Microsoft \Windows NT \CurrentVersion \Windows
This key contains the 2 REG_SZ entries run and load which also execute programs at startup. Win.ini and System.ini may contain a run/load section too which can be deleted to prevent some programs from being executed : if Windows finds sections in .ini files which are not present in the registry, those sections will automatically be registered.
 
HKCU \Software \Microsoft \Windows \CurrentVersion \Run
System : 95, 95+IE4.x, 98, ME, NT, 2K
Entry : BrowserWebCheck
Type : REG_SZ
Suggested : Loadwc.exe
Program launching automatic connection when opening Internet Explorer and suggesting user to disconnect when closing it.
 
Top Environment variables
Key : HKLM \SYSTEM \CurrentControlSet \Control \Windows
Entry : Directory
System : NT, 2K
Type : REG_EXPAND_SZ
Default : %SystemRoot%
Windows NT folder.
 
Key : HKLM \SYSTEM \CurrentControlSet \Control \Windows
Entry : SystemDirectory
System : NT, 2K
Type : REG_EXPAND_SZ
Default : %SystemRoot%\System32
Windows NT system folder.
 
Top Without password
System : 95, 95+IE4.x, 98, ME
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Winlogon
System : NT, 2K
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : AutoAdminLogon
Type : REG_SZ
Range : 0 or 1
Default : 0
0 : Requires a password at logon. For secure environments.
1 : Enables automatic logon with specified profile. You need not type Ctrl+Alt+Del, there is no logon dialog box, no password is required.
For AutoAdminLogon to work :
1. DontDisplayLastUserName must be disabled.
2. DefaultPassword must be defined.
3. If you wish to log on using another profile, press Shift while clicking OK in the shutdown dialog box until the logon dialog box appears.
 
System : 95, 95+IE4.x, 98, ME
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Winlogon
System : NT, 2K
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : DefaultDomainName
Type : REG_SZ
Specifies the domain name of the last user who managed to log on, and therefore the domain name of the user who may log on automatically without having to type a password.
 
System : 95, 95+IE4.x, 98, ME
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Winlogon
System : NT, 2K
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : DefaultPassword
Type : REG_SZ
Specifies the password of the last user who managed to log on, and therefore the password of the user who may log on automatically without having to type a password. Warning : the password is in clear readable ASCII. To be used in environments where security is not important.
 
System : 95, 95+IE4.x, 98, ME
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Winlogon
System : NT, 2K
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : DefaultUserName
Type : REG_SZ
Specifies the name of the last user who managed to log on, and therefore the name of the user who may log on automatically without having to type a password.
 
Top Do not display last user
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : DontDisplayLastUserName
System : 95, 95+IE4.x, 98, ME, NT, 2K
Type : REG_SZ
Range : 0 or 1
Default : 0
Key : HKLM \Network \Logon
Entry : DontShowLastUser
System : 98, ME
Type : REG_SZ
Range : 0 or 1
Default : 0
0 : Displays last user name at next logon.
1 : Does not display last user name at next logon. Recommended in secure environments : each user must know his/her login and password.
If this entry is set to 1, AutoAdminLogon is unable to work.
I don't know why there are 2 entries.
 
Top Legal notice
System : 95, 95+IE4.x, 98, ME
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Winlogon
System : NT, 2K
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : LegalNoticeCaption
Type : REG_SZ
Range : 0 to 256 characters
Legal notice dialog box caption. This dialog box is displayed at startup by creating LegalNoticeCaption.
 
System : 95, 95+IE4.x, 98, ME
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Winlogon
System : NT, 2K
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : LegalNoticeText
Type : REG_SZ
Range : 0 to 256 characters, 1024 characters from Service Pack 1 on
Legal notice dialog box text. This dialog box is displayed at startup by creating LegalNoticeText.
 
Top Connection
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : LogonPrompt
System : NT, 2K
Type : REG_SZ
Range : 0 to 256 characters
Enables changing the default message Enter a user name and password valid on that system in the logon dialog box.
 
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : Welcome
System : NT, 2K
Type : REG_SZ
Range : 0 to 256 characters
This text is displayed in the Start connection, Connection information, Workstation locked and Unlock Workstation dialog boxes' title bars.
 
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : PasswordExpiryWarning
System : NT, 2K
Type : REG_DWORD
Entry : 0 to 65536
Default : 14
Number of days until the system displays a message indicating that a password has expired.
 
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : ReportBootOk
System : NT, 2K
Type : REG_SZ
Range : 0 or 1
Default : 1
1 : Registers last known good configuration at startup.
This entry must be set to 0 if you wish to use different values for BootVerification and BootVerificationProgram.
 
Key : HKLM \SYSTEM \CurrentControlSet \Control
Entry : BootVerificationProgram
System : NT, 2K
Type : REG_SZ or REG_EXPAND_SZ
Default : Null
ReportBootOK must be set to 0. Updates last known good configuration during startup. Specifies a program loaded by the service control manager to determine the last known good configuration. You can not use BootVerificationProgram entry and the service specified in the \BootVerification subkey together.
This program can interrogate a server and if it gets no response it will call the NotifyBootConfigStatus() function with FALSE, which forces the system to restart using the last known good configuration. Or the program might start the system without saving the last known good configuration.
If the server does not respond, the program can call the NotifyBootConfigStatus() function with TRUE, which forces the system to save the last known good configuration.
 
Key : HKLM \SYSTEM \CurrentControlSet \Services \BootVerification
System : NT, 2K
You can not use the BootVerificationProgram entry and the service specified in the \BootVerification subkey together. This service may be executed by a remote machine. It indicates to Windows NT service control manager to save current configuration as last known good configuration and then ends. To enable this service, add the following enries in the \BootVerification subkey :
ErrorControl   REG_DWORD   0x1
ImagePath   REG_EXPAND_SZ   Bootvrfy.exe
ObjectName   REG_SZ   LocalSystem
Start   REG_DWORD   0x3
Type   REG_DWORD   0x2
 
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Key : HKCU \Software \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : RunLogonScriptSync (NT)
System : NT
Type : REG_DWORD
Range : 0 or 1
0 : The program manager waits until the logon script has been executed before loading the desktop.
1 : Both processes may be run simultaneously.
The HKLM subkey is for all users. The HKCU is for current user only.
This works in Windows NT. Windows 2000 seems to have its own RunlogonScriptSync (2000) entry.
 
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : ReportDC
System : NT, 2K
Type : REG_DWORD
Range : 0 or 1
Default : 1
0 : Does not display the Impossible to contact your domain controller message usually displayed in Windows NT when the cache is disabled. This message is not displayed in Windows 2000.
 
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : CachedLogonsCount
System : NT, 2K
Type : REG_DWORD
Range : 0 to 50
Default : 10
Suggested : 1
Number of users who have tried to log on and whose passwords are stored in the cache.
0 : Disables profile caching at logon. For secure environments.
1 : Security ? Imagine a standard user asking an administrator for help because he can not log on - he says. The administrator logs on to solve the problem and leaves a precious copy of his profile in the cache. Then the user, suddenly a super hacker, scans the cache and finds the administrator password. So 1 may be a good choice for CachedLogonCounts. Thus, after an administrator has logged on, a user logon will overwrite the administrator profile in the cache.
 
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : IgnoreShiftOveride
System : NT, 2K
Type : REG_DWORD
Range : 0 or 1
Default : 0
1 : Disables Shift key at startup ususally used to prevent execution of programs located in Startup.
 
Key : HKCU \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : ParseAutoexec
System : NT, 2K
Type : REG_SZ
Range : 0 or 1
0 : Ignores Autoexec.bat at logon.
1 : Parses Autoexec.bat at logon.
Autoexec.nt and Config.nt are not affected by this entry. This modification affects current user only since it is in HKCU.
 
Top System
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : Shell
System : NT, 2K
Type : REG_SZ
Default : Explorer.exe
Indicates executable files launched by Userinit and expected at user shell startup. If Winlogon is unable to starts the programs in Userinit, it will launch them directly in the shell.
 
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : System
System : NT, 2K
Type : REG_SZ
Default : Lsass.exe
Indicates which programs have been granted Windows NT approval to be executed in system mode. Changing it may generate a security breech since non-approved programs may be executed with high priviledges.
Default value for Windows NT Service Pack 1 or 2 : Lsass.exe.
Default value for Windows NT Service Pack 3 : Spools.exe. or Lsass.exe, Spools.exe.
These programs are executed during system initialization.
 
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : Taskman
System : NT, 2K
Type : REG_SZ
Default : Taskman.exe
Specifies a Task Manager. You can choose another one. For example, the NT ToolKit VDesk.exe will be registered here. If this entry is absent or empty, Windows NT uses Taskman.exe.
 
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
Entry : Userinit
System : NT, 2K
Type : REG_SZ
Default : Userinit, Nddeagnt.exe
Programs to be automatically executed when a user manages to log on. The 1st entry, Userinit, is responsible for shell execution. Nddeagnt.exe is related to NetDDE.
 
Top Unlock
Key : HKLM \SOFTWARE \Microsoft \Windows NT \CurrentVersion \Winlogon
System : NT, 2K
Entry : DCacheMinInterval
Type : REG_DWORD
When unlocking a workstation, time may seem very long. If the cache is older than 2 minutes, the domain list is updated. This delay may be modified thanks to DcacheMinInterval. Indicate a number of seconds in decimal value.
See KB Q160-8-39 for more information.
 
Top Windows 2000
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Policies \System
System : 2K
Entry : DisableStatusMessages
Type : REG_DWORD
Range : 0 or 1
Default : 0
1 : Disables system status messages. Enabling this policy will prevent system from displaying users reminders about waiting for their computers to start, to shutdown or about someone logging on or off.
 
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Policies \System
System : 2K
Entry : VerboseStatus
Type : REG_DWORD
Range : 0 or 1
Default : 0
1 : Tells the system to display detailed system status messages. Enabling this policy will have the system display a status message for each step of the startup process, shutdown process, logon, logoff. This policy is aimed at experienced users who need this sort of information. It is ignored if the Disable startup / shutdown / logon / logoff status messages policy is enabled. DisableStatusMessage must be set to 0.
 
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Policies \System
System : 2K
Entry : RunLogonScriptSync (2000)
Type : REG_DWORD
Range : 0 or 1
Default : 0
1 : The program manager waits until the logon script has been executed before starting Explorer and loading the Desktop. Seems to have replaced RunlogonScriptSync (NT).
 
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Policies \System
System : 2K
Entry : RunStartupScriptSync
Type : REG_DWORD
Range : 0 or 1
Default : 0
1 : Windows 2000 can execute startup scripts simultaneously.
 
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Policies \System
System : 2K
Entry : HideStartupScripts
Type : REG_DWORD
Range : 0 or 1
Default : 0
1 : Does not display startup script instructions during their execution.
 
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Policies \System
System : 2K
Entry : HideShutdownScripts
Type : REG_DWORD
Range : 0 or 1
Default : 0
1 : Does not display shutdown script instructions during their execution.
 
Key : HKLM \SOFTWARE \Microsoft \Windows \CurrentVersion \Policies \System
System : 2K
Entry : MaxGPOScriptWait
Type : REG_DWORD
Range : 0 to 32000
Default : 600
Maximum delay in seconds for recognizing group policy scripts.
0 : System waits indefinitely.

 

© Franck Kiechel 2000-2001