Awas File PDF "Beracun"

HELSINKI, SENIN - Virus komputer bisa menjalar melalui media apa saja di komputer. File-file program berekstensi .exe awalnya paling sering digunakan sebagai media untuk "meracuni" komputer. Belakangan file gambar dan dokumen juga digunakan untuk mengelabui calon korban.

Kini giliran file berekstensi .pdf yang dimanfaatkan untuk melunpuhkan komputer. Firma pengembang software keamanan komputer dari Finlandia F-Secure mengingatkan para pengguna komputer mengenai ancaman tersebut.

Dilaporkan bahwa file-dile pdf yang disusupi program berbahaya menyebar melalui email sejak Jumat (26/10). "Email yang dikirim mirip laporan kartu kredit dan mengandung lampiran report.pdf," ujar Mikko Hypponen, kepala peneliti F-Secure.

Jika penerima email tersebut menjalankan file yang dilampirkan tersebut, program jahat yang menyusup akan bekerja dan men-download software dari alamat server tertentu di Malaysia atau Swedia. Kedua alamat server yang dimanfaatkan peyebar "racun" digital itu telah ditutup saat ini.

Namun pihak F-Secure menekankan potensi bahaya yang lebih besar ke depan jika masalah ini tidak ditanggapi serius.

"Kami sangat khawatir dengan kasus ini, sebab lampiran file-file PDF biasanya tidak disaring di gerbang email," ujar Hypponen seperti dilansir Reuters.

Tembalan keamanan baru untuk software Acrobat Reader yang dipakai untuk membaca file PDF sebenarnya sudah dirilis untuk mengatasi celah kelemahan ini. Namun, banyak pengguna yang mungkin belum melakukan update.

Ref : kompas

Menonaktifkan Tombol Windows

PCplus pernah membahas cara untuk mematikan tombol Windows di keyboard. Tombol ini mempermudah penggunaan Windows. Tapi, di sisi lain, fitur ini juga dapat membuat pemilik PC bisa jadi kelabakan karena dengan kombinasi tombol Windows dan tombol lain, semua orang yang menggunakan PC bisa mengkases fitur-fitur yang ada di Windows walaupun fitur tersebut telah disembunyikan.

Nah di edisi ini PCplus akan memberikan cara alternatif untuk menonaktifkan tombol Windows. Inilah caranya.

1. Jalankan Registry Editor.

2. Pada jendela Registry Editor masuklah ke subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout.

3. Klik kanan mouse pada bagian kanan jendela kemudian pilih [New] > [Binary Value].

4. Beri nama Scancode Map kemudian isikan value datanya dengan 00 00 00 00 00 00 00 00 03 00 00 00 00 00 5B E0 00 00 5C E0 00 00 00 00.

5. Tutup Registry Editor kemudian restart PC Anda.

Ref : Kompas

PCMAV-RC 20

NEW PCMAV (PC Media Antivirus) Update for OCTOBER 2007 ready to download here :


1. PCMAV-RC 20
    Engine version : 1248
    Virus signature : 1.121 viruses
2. PCMAV-RC 20 + CLAM-AV
    Engine version : 1248
    Virus signature : 96.901 viruses
    Main CVD : 27 July 2007
    Daily CVD : 04 October 2007, for latest daily.cvd download here

PCMAV (PC Media Antivirus), the powerfull freeware antivirus originally from Indonesia. Easy for use, no need installation, movable, just execute the executable file you can scanning some viruses on your computer. You can scanning wherever you want, just copy PCMAV file into your media storage such as : Flash disk, share into your LAN network, etc you can enjoy to use it. For one time scanning you can execute the PCMAV-CLN.exe and for real time protection please execute the PCMAV-RTP.exe file. If you execute the PCMAV-RTP.exe file for the first time, automaticly on the system startup list will be added it. Then on the next restart you no need to manually execute it.

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library, for detail about CLAM-AV please visit www.clamav.net.

Logon Script

Whenever a Windows client, be it a Windows NT Server, Workstation, or Windows 9x, logs onto a Windows NT domain, the machine will check to see if the user logging on has a login script specified in their profile. As an administrator, you assign the executable file (usually a DOS-style batch file) that the user will use as a login script in the User Manager For Domains - select a user and click the 'profile' button. If a login script is specified, it will be run immediately after the user has been authenticated.

By default, the login script should exist in the \\PDC\netlogon share, which shares the c:\winnt\system32\repl\import\scripts directory. All of your scripts and their supporting files should exist in this directory. Dos-style batch files are usually chosen as the type of script to run because they are so easy to write and edit. In addition, as the login script runs, you can see any error messages that are produced as the script runs in a DOS-style window.

Please Note: Advanced users may be dismayed at the first few tricks, as they are somewhat elementary - please move on to the later tricks as they are much more advanced.

Trick #1 - Determining the OS the user is logging into

Certain commands and procedures that can run in a login script are not applicable in certain operating systems (more on these procedures later). Therefore, you will want the very first action of your login script to be determining whether the user is logging onto a Windows NT machine, or a Windows 9x machine. This is actually somewhat easy, because Windows NT has a definition for the system variable %os% by default, but Windows 9x does not.

This line in your batch file will query the system variable %OS% on a windows nt system:

if '%OS%' == 'Windows_NT' goto nt4

(put all your commands for win95 in this section)

:nt4

(commands for NT)

:end

In this manner, the user logging in only executes commands that are appropriate for their operating system.

Just because Windows 9x does not have an %os% variable by default, does not mean it cannot have one. Add this line:

set os=Windows 95

to set the variable. In addition to setting that variable, you can set a number of other useful variables by adding this line to the Windows 9x portion of your script.

\\MY_PDC\netlogon\putinenv L /L

For this to work, you need to place the putinenv utility in the scripts directory. putinenv can be found at www.ms-computer.de/bin/prog/putenv.zip. (Wayne - Do a search and you will find it many places.) We will use these newly added variables (or already existing variables, in the case of WIndows NT) in trick #2.

Trick #2 - Display some information

echo Hello %USERNAME%, welcome to the network!
echo You are accessing the network from %COMPUTERNAME%
echo And you are running the %OS% os.
echo Please wait, authenticating %USERNAME% with the %LANGROUP% domain

By using the echo command we can output some nice messages to the user, as some are startled, having never seen a login script before.

These nice messages, however, will not be useful if they scroll off of the screen too quickly, so after your message, add this line:

\\PDC\netlogon\sleep 2

sleep is another free utility that you can find on the web - search for sleep.exe - it takes one argument - an integer for seconds. Again, it has to be in the scripts directory for your login script to see it in the netlogon share...

TRICK #3 - Mapping drives

Most Windows NT shops have some directories on the server that are shared out. Windows 9x and NT allow you to assign a drive letter in windows explorer to these shared resources so you can see them over the network just as if you were using that drive on your own computer. Usually you use windows explorer and the tools menu to map a drive and map it permanently, but users always accidently disconnect them, and in addition, you may want to force users to use a specific drive letter for a specific share (for instance, you may want to force them to use the U: drive for a 'users' share ona server, etc.

In your login script, map drives using these commands:

net use U: \\MY_SERVER\users
net use P: \\MY_other_server\public

echo U: drive mapped to the users share
echo P: drive mapped to the public share on My_other_server

You get the point. Here is some info though, when you run the net use command in win 9x, the default behavior is to create a non-persistant share, meaning that if you reboot the machine, the shares will disappear and will not come back until you run the login script again. No problem there. The problem is that in win NT, the default behavior is to create persistant shares, so you run the login script and make the shares, and then you run it next time you log in and you get errors telling you that it is already mapped. The solution is to leave the win95 portion of the script as I show above, but in the win nt portion of the script do this:

net use U: /del
net use P: /del
net use U: \\MY_SERVER\users
net use P: \\MY_other_server\public

So as you can see we get around the problem by deleting the share first and then mapping it - we are still left with the problem that the very first time the user logs in they won't have the shares to delete, but I am not that picky....

Another note, if you want your net use statements not to show up, precede them with a '@', example:

@net use M: \\server\mp3

Trick #4 - Synchronize the time

If you want the system time of all the workstations to match the primary domain controller (yes, you do...) add this line:

net time \\MY_PDC /set /yes

Now all the machines in the office will match the time of the PDC, and you only need to install an atomic clock synchronizer on the PDC.

(check out www.atomtime.com for a good atomic clock syncer)

Trick #5 - Fix Windows 9x security flaws

Windows 9x does some bad things in terms of security - anyone attending def con 6 learned about password caching and how the domain passwords are stored in a weak format on the win9x hard drive.

Let's do something about it:

First, the easy part:

del c:\windows\*.pwl

the above line added to the win9x portion of your script will delete the password lists for all the profiles on he win9x computer. This may not win you a lot of friends because the saved passwords on dial-up networking will no longer be functional, etc. but they were security risks anyway. Now, the tricky part - we want to disable the internal caching of passwords in windows 95 - this requires changing the registry:

REGEDIT /s \\MY_PDC\netlogon\nocache.reg

The above line will run regedit on the command line with no program output with a registry input file named nocache.reg - here is the reg file:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\Network]
"DisablePwdCaching"=dword:00000001

Just save it as plain text and name it nocache.reg

You have now disabled some of the more gaping holes in win9x - smile!

Trick #6 - Customization

Ok, as a sysadmin, as much as I hate it, I have to go to users machines sometimes to fix stuff, and it really irks me when the simple amenities that I take for granted on my own machine are not available. Let's fix that:

1. put notepad in the 'send to' menu.

If you are in windows explorer and right click on a file and choose 'send to' you are given the option of sending the file to a specific application. It is very useful to add notepad to the send to menu because if you double-click an html file, you will not edit it, you will bring up the browser and view it. Kind of annoying if you just wanted to edit it...here is how you do it:

copy \\MY_PDC\netlogon\notepad.exe.lnk
c:\windows\sendto

that line is all you need, plus adding a file called notepad.exe.lnk to the scripts directory - you can make the .lnk file on your own windows 95 machine and copy it up there just fine. Now all machines you play with will have notepad available in send to.

2. doskey

If you admin win 9x machines, you need doskey to be available. If you don't know what doskey is, then you should probably learn some basic stuff before graduating to the level of login script hacker.

type c:\autoexec.bat | find "doskey" /i | if not errorlevel 1 goto doskeyend
echo >> c:\autoexec.bat c:\windows\command\doskey.com
:doskeyend

What this does is adds the line c:\windows\command\doskey.com to the autoexec file - but we need to do a loop to make sure it is not already there because otherwise you will add that line to autoexec every time they log on, eventually they will run so many doskeys at boot that their machine will crash. This is also a great example of using a lopp in the login script.

3. add a hosts file

If you have your own dns server, you can add and subtract host/name mappings all day, but maybe you don't have your own dns, or maybe you want some internal host/name mappings - windows has its own host file simply named 'hosts' in the c:\windows dir, so make a hosts file and add it to the scripts dir, then add this line to the script:

copy \\MY_PDC\netlogon\hosts c:\windows

for the win nt section of your login script, change it to this:

copy \\fletch\netlogon\hosts %systemroot%\system32\drivers\etc\hosts

I personally set up a internal web server to display the usage statistics of our main web site, and had a hosts entry for 'stats' - you can add all sorts of personalized dns style entries this way...

4. give everyone winpopup

copy \\fletch\netlogon\winpopup.lnk c:\windows\startm~1\programs\startup

5. detect back orifice

Honestly this is not that great of a detection for back orifice, but it is a neat little hack - if someone does an off the shelf installation of BO on you, the file size will be in a certain range, and you can detect that file size and mail an alert to the sysadmin...

::Back Orifice Detection Measures....

dir c:\windows\system | find "124,8" /i | if not errorlevel 1 goto BO1
goto step2
:BO1
dir c:\windows\system > c:\tempbode.txt
echo computer:%COMPUTERNAME% >> c:\tempbode.txt
echo user:%USERNAME% >> c:\tempbode.txt
\\MY_PDC\netlogon\mailto.exe -u sysadmin@mydomain.com -d sysadmin@mydomain.com -h mail.mydomain.com -s "BO ALERT" -mf c:\tempbode.txt
del c:\tempbode.txt

:step2

dir c:\windows\system | find "124,9" /i | if not errorlevel 1 goto BO2
goto orificeend
:BO2
dir c:\windows\system > c:\tempbode.txt
echo computer:%COMPUTERNAME% >> c:\tempbode.txt
echo user:%USERNAME% >> c:\tempbode.txt
\\MY_PDC\netlogon\mailto.exe -u sysadmin@mydomain.com -d sysadmin@mydomain.com -h mail.mydomain.com -s "BO ALERT" -mf c:\tempbode.txt
del c:\tempbode.txt

:orificeend

So basically what happens is we look in windows\system for any files of the size: 124,9xx or 124,8xx, and if we find them we email the sysadmin alerting them of it. This is actually really silly bcase any number of programs could put a file there of that size, and you can wrap BO to be any size you want - but it is a neat little hack and shows some advanced grepping and looping that you can do in a batch file.

You will note that we call mailto.exe which can be found on winfiles.com and is a great little command line utility for mailing off things quickly, and is great for login scripts because you can email from them.

Just make sure mailto.exe is in the scripts dir...

Trick #7 - Windows NT Specific Tricks

Ok here are some good registry hacks to put in the login script for use in the nt section of the script only....

1. mandatory screen saver

regedit /s \\MY_PDC\netlogon\scrn.reg

and scrn.reg looks likt this:

REGEDIT4
[HKEY_CURRENT_USER\Control Panel\Desktop]
"ScreenSaveTimeOut"="1800"
"ScreenSaveActive"="1"
"SCRNSAVE.EXE"="c:\winnt\system32\logon.scr"
"ScreenSaverIsSecure"="1"

Ok, this adds a password protected screen saver that starts in 30 minutes (1800 seconds) of inactivity and is just the simple logon.scr screen saver (no openGL SS's please, as they will kill your server) This is really a great security measure for NT machines as people can get up and go home without logging out and you will still be secure (to a degree, of course) (this is one of my favorite hacks)

2. legal notice

regedit /s \\MY_PDC\netlogon\legal.reg

and legal.reg looks like this:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DontDisplayLastUserName"="1"
"LegalNoticeCaption"="Important Notice!"
"LegalNoticeText"="This is a private computer system"

So now when you hit ctrl-alt-del to login, you will get a nice little message that you have to say ok to first. This is good because you can inform people of things like 'all usage is monitored' blah blah...,etc.

Ref : windowsnetworking.com

Tips and Trik Windows Registry

Before modify your windows registry, please backup it first.

1. Backup / Restore the Registry (win 9x)

To Backup/Restore the Windows Registry:

1. If you are in MSDOS, at the C:\Windows prompt type
2. Attrib -s -r -h C:\Windows\System.dat (press Enter)
3. Attrib -s -r -h C:\Windows\User.dat (press Enter)

To make the backup copies type:

1. copy C:\Windows\System.dat C:\Windows\System.000 (press Enter)
2. copy C:\Windows\User.dat C:\Windows\user.000 (press Enter)

To Restore the Registry

1. copy C:\Windows\System.000 C:\Windows\System.dat (press Enter)
2. copy C:\Windows\User.000 C:\Windows\user.dat (press Enter)

2. Add Open With to all files

You can add "Open With..." to the Right click context menu of all files.This is great for when you have several programs you want to open the same file types with. I use three different text editors so I added it to the ".txt" key.

1. Open RegEdit
2. Go to HKEY_CLASSES_ROOT\*\Shell
3. Add a new Key named "OpenWith" by right clicking the "Shell" Key and selecting new
4. Set the (Default) to "Op&en With..."
5. Add a new Key named "Command" by right clicking the "OpenWith" Key and selecting new
6. Set the (Default) to "C:\Windows\rundll32.exe shell32.dll,OpenAs_RunDLL %1", C:\ being your Windows drive. You must enter the "OpenAs_RunDLL %1" exactly this way.

3. Lock Out Unwanted Users

Want to keep people from accessing Windows, even as the default user? If you do not have a domain do not attempt this.

1. Open RegEdit
2. Go to HKEY_LOCAL_MACHINE\Network\Logon
3. Create a dword value "MustBeValidated"
4. Set the value to 1
This forced logon can be bypassed in Safe Mode on Windows 9x

4. Changing Windows' Icons

You can change the Icons Windows uses for folders, the Start Menu, opened and closed folder in the Explorer, and many more.

1. Open RegEdit
2. Go to
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Shell Icons
3. Add a string value for each Icon you wish to change.
Example: "3" ="C:\Windows\Icons\MyIcon.ico,0" This will change the closed folders in the Explorer to "MyIcon.ico". Here is a complete list for each value.

0= Unknown file type 1= MSN file types 2= Applications Generic 3= Closed Folder 4= Open Folder 5= 5.25" Drive 6= 3.25" Drive 7= Removable Drive 8= Hard Drive 9= NetWork Drive 10= Network Drive Offline 11= CD-ROM Drive 12= RAM Drive 13= Entire Network

14= Network Hub 15= My Computer 16= Printer 17= Network Neighborhood 18= Network Workgroup 19= Start Menu's Program Folders 20= Start Menu's Documents 21= Start Menu's Setting 22= Start Menu's Find 23= Start Menu's Help 24= Start Menu's Run 25= Start Menu's Suspend 26= Start Menu's PC Undock 27= Start Menu's Shutdown

28= Shared 29= Shortcut Arrow 30= (Unknown Overlay) 31= Recycle Bin Empty 32= Recycle Bin Full 33= Dial-up Network 34= DeskTop 35= Control Panel 36= Start Menu's Programs 37= Printer Folder 38= Fonts Folder 39= Taskbar Icon 40= Audio CD

You need to reboot after making changes. You may need to delete the hidden file ShellIconCache if after rebooting the desired Icons are not displayed.

5. Change Default Folder Locations

You can change or delete the Windows mandatory locations of folder like My Documents:

1. Open RegEdit
2. Go to HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Shell Folders
3. Change the desired folder location, My Documents is normally list as "Personal"
4. Open the Explorer and rename or create the folder you wish.

To change the desired location of the Program Files folder
1. Go to
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
2. Change the value of "ProgramFiles", or "ProgramFilesDir"
Now when you install a new program it will default to the new location you have selected.

6. Change the Registered Change the User Information

You can change the Registered Owner or Registered Organization to anything you want even after Windows is installed.

1) Open RegEdit
2) Got to
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion.
3) Change the value of "RegisteredOrganization" or "RegisteredOwner", to what ever you want

7. Opening a DOS Window to either the Drive or Directory in Explorer

Add the following Registry Keys for a Directory:
HKEY_CLASSES_ROOT\Directory\shell\opennew
@="Dos Prompt in that Directory"

HKEY_CLASSES_ROOT\Directory\shell\opennew\command
@="command.com /k cd %1"

Add or Edit the following Registry Keys for a Drive:
HKEY_CLASSES_ROOT\Drive\shell\opennew
@="Dos Prompt in that Drive"

HKEY_CLASSES_ROOT\Drive\shell\opennew\command
@="command.com /k cd %1"

These will allow you to right click on either the drive or the directory and the option of starting the dos prompt will pop up.

8. Changing Exchange/Outlook Mailbox Location

To change the location of your mailbox for Exchange:
1. Open RegEdit
2. Go to
HKEY_CURRENT_USER\Software\ Microsoft\Windows Messaging Subsystem\ Profiles
3. Go to the profile you want to change
4. Go to the value name that has the file location for your mailbox (*.PST) file
5. Make the change to file location or name

To change the location of your mailbox for Outlook
1. Open RegEdit
2. Go to HKEY_CURRENT_USER\Software\Microsoft\Outlook (or Outlook Express if Outlook Express)
3. Go to the section "Store Root"
4. Make the change to file location

9. Add/Remove Sound Events from Control Panel

You can Add and delete sounds events in the Control Panel. In order to do that:

1. Open RegEdit
2. Go to HKEY_CURRENT_USER\AppEvents\Schemes\Apps and HKEY_CURRENT_USER\AppEvents\Schemes\Eventlabels. If this key does not exist you can create it and add events.
3. You can add/delete any items you want to or delete the ones you no longer want.

10. Adding an Application to the Right Click on Every Folder

Here is how to add any application to the Context Menu when you right click on any Folder. This way you do not have to always go to the Start Menu. When you right click on any folder, you can have access to that application, the same as using Sent To.

1. Open RegEdit
2. Go to HKEY_CLASSES_ROOT\Folder\shell
3. Add a new Key to the "Shell" Key and name it anything you like.
4. Give it a default value that will appear when you right click a folder, i.e. NewKey (use an "&" without the quotes, in front of any character and it will allow you to use the keyboard)
5. Click on the Key HKEY_CLASSES_ROOT\Folder\shell\NewKey
6. Add a New Key named Command
7. Set the (Default) value of the application you want to run
8. For example: c:\program files\internet explorer\iexplore.exe (Include the full path and parameters if you need them)

11. Adding Explore From Here to Every Folder

When you want to right click on any folder and want to open up an Explorer window of that folder.

1. Open RegEdit
2. Go to HKEY_CLASSES_ROOT\Folder\shell
3. Add a new Key "RootExplore " under the "Shell" Key
4. Set the (Default) value to "E&xplore From Here "
5. Right Click the "RootExplore " Key and add a new Key "Command"to the RootExplore
6. Set the (Default) value of Explorer.exe /e,/root,/idlist,%i

12. Changing the Location of Windows' Installation Files

If you need to change the drive and or path where Windows looks for its installation files:
1.Open RegEdit
2.Go to
HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Setup
3.Edit the value next to SourcePath

13. Creating a Logon Banner

If you want to create a Logon Banner: A message box to appear below your logon on.

1.Open RegEdit
2.Go To
For Windows 9x and ME -
HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Winlogon

For Windows 2000 XP 2003 Vista -
HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Winlogon

3.Create a new String value"LegalNoticeCaption "
4. Enter the Title of the window. What is displayed in the Title Bar.
5. Create a new string value "LegalNoticeText"
6. Enter the text for your message box that will appear even before the Logon window.

14. Creating a Default File Opener

If you have a un-registered file type and want to view it instead of having to select Open With. Use Explorer's Right-click and add your program to the right-click options by:
1. Open RegEdit
2. Go to HKEY_CLASSES_ROOT\Unknown\Shell
3. Right click on "Shell" and create a New Key and name it "Open "
4. Create a New Key under the "Open" key you just created and name it "Command"
5. Set the (Default) value to the path and filename of the program you want to use to open the file type
6. For example: C:\Windows\NOTEPAD.EXE %1
You must use the "%1" for this to work.and a space between the exe and the %1

15. Deleting Registry Keys from the Command Line

There are two ways to delete a key from the Registry from the Command line. At the Windows Command line:

RegEdit /l location of System.dat /R location of User.dat /D Registry key to delete
You cannot be in Windows at the time you use this switch.

Or you can create a reg file as such:
REGEDIT4

[-HKEY_LOCAL_MACHINE\the key you want to delete]
Note the negative sign just behind the[
Then at the Command line type:
1. RegEdit C:\Windows\(name of the regfile).

16. Change/Add Restrictions And Features

If you want to make restrictions to what users can do or use on their computer without having to run Poledit, you can edit the Registry. You can add and delete Windows features in this Key shown below.

Zero is Off and the value 1 is On. Example: to Save Windows settings add or modify the value name NoSaveSettings to 0, if set to1 Windows will not save settings. And NoDeletePrinter set to 1 will prevent the user from deleting a printer.

The same key shows up at:
HKEY_USERS\(yourprofilename)\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer so change it there also if you are using different profiles.

1.Open RegEdit
2.Go to
HKEY_CURRENT_USER\Software\Microsoft\ CurrentVersion\ Policies
3.Go to the Explorer Key (Additional keys that can be created under Policies are System, Explorer, Network and WinOldApp )
4.You can then add DWORD or binary values set to 1 in the appropriate keys for ON and 0 for off.
NoDeletePrinter - Disables Deletion of Printers
NoAddPrinter - Disables Addition of Printers
NoRun - Disables Run Command
NoSetFolders - Removes Folders from Settings on Start Menu
NoSetTaskbar - Removes Taskbar from Settings on Start Menu
NoFind - Removes the Find Command
NoDrives - Hides Drives in My Computers
NoNetHood - Hides the Network Neighborhood
NoDesktop - Hides all icons on the Desktop
NoClose - Disables Shutdown
NoSaveSettings - Don't save settings on exit
DisableRegistryTools - Disable Registry Editing Tools
NoRecentDocsMenu - Hides the Documents shortcut at the Start button
NoRecentDocsHistory- Clears history of Documents
NoFileMenu _ Hides the Files Menu in Explorer
NoActiveDesktop - No Active Desktop
NoActiveDesktopChanges- No changes allowed
NoInternetIcon - No Internet Explorer Icon on the Desktop
NoFavoritesMenu - Hides the Favorites menu
NoChangeStartMenu _ Disables changes to the Start Menu
NoFolderOptions _ Hides the Folder Options in the Explorer
ClearRecentDocsOnExit - Empty the recent Docs folder on reboot
NoLogoff - Hides the Log Off .... in the Start Menu

And here are a few more you can play with
ShowInfoTip
NoTrayContextMenu
NoStartMenuSubFolders
NoWindowsUpdate
NoViewContextMenu
EnforceShellExtensionSecurity
LinkResolveIgnoreLinkInfo
NoDriveTypeAutoRun
NoStartBanner
NoSetActiveDesktop
EditLevel
NoNetConnectDisconnect
RestrictRun - Disables all exe programs except those listed in the RestrictRun subkey
This key has many other available keys, there is one to even hide the taskbar, one to hide the control panel and more. I'm not telling you how, as someone may want to play a trick on you. The policies key has a great deal of control over how and what program can run and how one can access what feature.

In the System key you can enter:
NoDispCPL - Disable Display Control Panel
NoDispBackgroundPage - Hide Background Page
NoDispScrSavPage - Hide Screen Saver Page
NoDispAppearancePage - Hide Appearance Page
NoDispSettingsPage - Hide Settings Page
NoSecCPL - Disable Password Control Panel
NoPwdPage - Hide Password Change Page
NoAdminPage - Hide Remote Administration Page
NoProfilePage - Hide User Profiles Page
NoDevMgrPage - Hide Device Manager Page
NoConfigPage - Hide Hardware Profiles Page
NoFileSysPage - Hide File System Button
NoVirtMemPage - Hide Virtual Memory Button

In the Network key you can enter:
NoNetSetup - Disable the Network Control Panel
NoNetSetupIDPage - Hide Identification Page
NoNetSetupSecurityPage - Hide Access Control Page
NoFileSharingControl - Disable File Sharing Controls
NoPrintSharing - Disable Print Sharing Controls

In the WinOldApp key you can enter:
Disabled - Disable MS-DOS Prompt
NoRealMode - Disables Single-Mode MS-DOS

17. Automatic Screen Refresh

When you make changes to your file system and use Explorer, the changes are not usually displayed until you press the F5 key
To refresh automatically:
1. Open RegEdit
2. Go to
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Update
3. Set the value name "UpdateMode" to 1

18. Disable Password Caching

To disable password caching, which allows for the single Network login and eliminates the secondary Windows logon screen. Either use the same password or:

1. Open RegEdit
2. Go to the key
HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\ Windows\ CurrentVersion\ Policies\ Network
3. Add a Dword value "DisablePwdCaching" and set the value to 1

19. Changing the MaxMTU for faster Downloads

There are four Internet settings that can be configured, you can get greater throughput (faster Internet downloads) by modifying a few settings.
They are the MaxMTU, MaxMSS and DefaultRcvWindow, and DefaultTTL

1.Open RegEdit
2.Go to
HKEY_LOCAL_MACHINE\System\CurrentControlset\ Services\ Class\ net\ 000x
(where x is your particular network adapter binding.)
3.Right click on the right panel
4.Select New\String Value and create the value name IPMTU
5.Double click on it and enter then the number you want. The usual change is to 576
6.Similarly, you can add IPMSS and give it a value of 536

(Windows 9X)You can set DefaultRcvWindow, and DefaultTTL by adding these string values to HKEY_LOCAL_MACHINE\ System\ CurrentControlset\ Services\ VXD\ MSTCP
Set the DefaultRcvWindow to"5840"and the DefaultTTL to "128"

Note: These settings will slow down your network access speed slightly, but you will probably not even see the difference if you are using a network card. If you are using Direct Cable you should see a sight difference.

20. Adding Items to the Start Button

To add items when you right-click on the Start Button:
1.Open RegEdit
2.Go to HKEY_CLASSES_ROOT\Directory\Shell
3.Right-click on Shell and select New Key
4.Type in the name of the key and press the Enter key
5.In the Default name that shows in the right hand panel, you can add a title with a "&" character in front of the letter for a shortcut
6.Right-click on the key you just created and create another key under it called command
7.For the value of this command, enter the full path and program you want to execute
8.Now when you right click on the Start Button, your new program will be there.
9.For example, if you want Word to be added, you would add that as the first key, the default in the right panel would be &Word so when you right click on the Start Button, the W would be the Hot Key on your keyboard. The value of the key would be C:\Program Files\Office\Winword\Winword.exe

21. Remove Open, Explore & Find from Start Button

When you right click on the Start Button, you can select Open, Explore or Find.
Open shows your Programs folder. Explore starts the Explorer and allows access to all drives.
Find allows you to search and then run programs. In certain situations you might want to disable this feature.
To remove them:
1.Open RegEdit
2.Go to HKEY_CLASSES_ROOT\Directory\Shell\Find
3.Delete Find
4.Scroll down below Directory to Folder
5.Expand this section under shell
6.Delete Explore and Open
Caution: - When you remove Open, you cannot open any folders.

22. Removing Items from NEW Context Menu

When you right-click on the desktop and select New, or use the File Menu item in the Explore and select New a list of default templates you can open up are listed.
To remove items from that list:
1. Open RegEdit
2. Do a Search for the string ShellNew in the HKEY_CLASSES_ROOT Hive
3. Delete the ShellNew command key for the items you want to remove.

23. Changing Telnet Window

You can view more data if you increase the line count of Telnet. By Default it has a window size of 25 lines. To increase this so you can scroll back and look at a larger number on lines:
1. Open RegEdit
2. Go to HKEY_CURRENT_USER\Software\Microsoft\Telnet
3. Modify the value data of "Rows"

24. Changing the Tips of the Day

You can edit the Tips of the day in the Registry by going to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\ CurrentVersion\ explorer\ Tips

25. Disabling Drives in My Computer

To turn off the display of local or networked drives when you click on My Computer:
1.Open RegEdit
2.Go to
HKEY_CURRENT_USER\Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer
3.Add a New DWORD item and name it NoDrives
4.Give it a value of 3FFFFFF
5.Now when you click on My Computer, none of your drives will show.

26. Disabling the Right-Click on the Start Button

Normally, when you right button click on the Start button, it allows you to open your programs folder, the Explorer and run Find.
In situations where you don't want to allow users to be able to do this in order to secure your computer.
1.Open RegEdit
2.Search for Desktop
3.This should bring you to HKEY_CLASSES_ROOT\Directory
4.Expand this section
5.Under Shell is Find
6.Delete Find
7.Move down a little in the Registry to Folder
8.Expand this section and remove Explore and Open
Now when you right click on the Start button, nothing should happen.
You can delete only those items that you need.
Note: - On Microsoft keyboards, this also disables the Window-E (for Explorer) and Window-F
(for Find) keys.
See the section on Installation in the RESKIT to see how to do this automatically during an install.

27. Disabling My Computer

In areas where you are trying to restrict what users can do on the computer, it might be beneficial to disable the ability to click on My Computer and have access to the drives, control panel etc.
To disable this:
1.Open RegEdit
2.Search for 20D04FE0-3AEA-1069-A2D8-08002B30309D
3.This should bring you to the HKEY_CLASSES_ROOT\CLSID section
4.Delete the entire section.
Now when you click on My Computer, nothing will happen.
You might want to export this section to a Registry file before deleting it just in case you want to enable it again. Or you can rename it to 20D0HideMyComputer4FE0-3AEA-1069-A2D8-08002B30309D. You can also hide all the Desktop Icons, see Change/Add restrictions.

28. Opening Explorer from My Computer

By default, when you click on the My Computer icon, you get a display of all your drives, the Control Panel etc. If you would like to have this open the Explorer:
1. Open RegEdit
2. Go to
HKEY_CLASSES_ROOT\CLSID\ {20D04FE0-3AEA-1069-A2D8-08002B30309D}\ Shell
3 . Add a new Key named "Open" if it does not exists by right clicking "Shell" and selecting new.
4. . Add a new Key named "Command" by right clicking "Open" and selecting new
5. Set the (Default) value for the Command Key to "Explorer.exe" or "C:\Windows\Explorer.exe"

29. Recycle Bin Edits

Fooling with the recycle bin. Why not make the icon context menu act like other icon context menus.
Add rename to the menu:
HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}\ ShellFolder
"Attributes"=hex:50,01,00,20
Add delete to the menu:
HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}\ ShellFolder
"Attributes"=hex:60,01,00,20
Add rename and delete to the menu:
HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E} \ShellFolder
"Attributes"=hex:70,01,00,20
Restore the recycle bin to Windows defaults including un-deleting the icon after deletion:
Restore the icon.
HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\ Windows \CurrentVersion\ explorer\
Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}
@="Recycle Bin"
Reset Windows defaults.
HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E} \ShellFolder
"Attributes"=hex:40,01,00,20
Other edits to the recycle bin icon:
HKEY_CLASSES_ROOT\CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}\ ShellFolder
"Attributes"=hex:40,01,01,20 ... standard shortcut arrow
"Attributes"=hex:40,01,02,20 ... a different shortcut arrow
"Attributes"=hex:40,01,04,20 ... and still another shortcut arrow
"Attributes"=hex:40,01,08,20 ... make it look disabled (like it's been cut)

For Windows XP and 2000 also edit HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}
For Windows ME also edit HKEY_CURRENT_USER \Software\ Classes\ CLSID\ {645FF040-5081-101B-9F08-00AA002F954E}

30. Setting the Minimum Password Length

1.Open RegEdit
2.Go to
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Policies\ Network
3. Now, choose the Edit/New/Binary value command and call the new value MinPwdLen. Press Enter twice and Assign it a value equal to your minimum password length.

31. Add\delete programs to run every time Windows starts

You can start or stop programs from executing at boot up by adding or deleting them to/from the run Keys in the Registry. Windows loads programs to start in the following order; Program listed in the Local Machine hive, then the Current User hive, then theWin.ini Run= and Load = lines. then finally programs in your Start Up folder.

To add or remove programs in the Registry
1.Open RegEdit
2.Go to the desired Key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion \RunServices
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion \Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows \CurrentVersion \RunServices
3. Add a new String Value and name it anything you like
4. For the value data, enter the path and executable for the program you want to run.

By adding the value to the HKEY_CURRENT_USER hive instead allows the program to start only when that user is logged on.

If you add the value to the RunOnce key the program will run once and be removed from the key by Windows.

32. Removing the Shortcut Icon Arrows

1.Open RegEdit
2.Open the Key HKEY_CLASSES_ROOT
3.Open the Key LNKFILE
4.Delete the value IsShortcut
5.Open the next Key PIFFILE
6.Delete the value IsShortcut
7.Restart the Windows

33. Turn Off Window Animation

You can shut off the animation displayed when you minimize and maximize Windows.
1. Open RegEdit
2. Go to HKEY_CURRENT_USER\Control panel \Desktop\ WindowMetrics
3. Create a new string value "MinAnimate".
4. Set the value data of 0 for Off or 1 for On

34. Changing your Modem's Initialization String

1.Open RegEdit
2.Go to
HKEY_LOCAL_MACHINE\System\CurrentControlSet \Services \Class \Modem \0000 \Init
3.Change the settings to the new values

35. Increasing the Modem Timeout

If your modem it is timing out during file transfers or loading Web Pages, you might try increasing the timeout period. To change the Time Out::
1.Open RegEdit
2.Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\ Class\ Modem\ XXXX\ Settings Where XXXX is the number of your modem
3. In the right panel and double click on Inactivity Timeout
4.The number of minutes for a timeout should be entered between the brackets.
5.For example, a setting could have S19=<10> to set it to 10 minutes.

36. Removing Programs from Control Panel's Add/Remove Programs Section

If you uninstalled a program by deleting the files, it may still show up in the Add/Remove programs list in the Control Panel.
In order to remove it from the list.
1.Open RegEdit
2.Go to HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall
3.Delete any programs here.
If you have a problem locating the desired program open each key and view the DisplayName value.

37. Customize the System Tray

You can add your name or anything you like that consists of 8 characters or less. This will replace the AM or PM next to the system time. But you can corrupt some trial licenses of software that you may have downloaded.

1. Open RegEdit
2. Go to HKEY_CURRENT_USER\Control Panel\International
3. Add two new String values, "s1159" and "s2359"
4. Right click the new value name and modify. Enter anything you like up to 8 characters.

If you enter two different values when modifying, you can have the system tray display the two different values in the AM and PM.

38. Disable the Outlook Express Splash Screen

You can make OutLook Express load quicker by disabling the splash screen:

1. Open RegEdit
2. Go to HKEY_CURRENT_USER\Software\Microsoft\OutLook Express
3. Add a string value "NoSplash"
4. Set the value data to 1 as a Dword value

39. Multiple Columns For the Start Menu

To make Windows use multiple Start Menu Columns instead of a single scrolling column, like Windows 9x had, Also if you are using Classic Mode in XP

1. Open RegEdit
2. Go to the key
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced
3. Create a string value "StartMenuScrollPrograms"
4. Right click the new string value and select modify
5. Set the value to "FALSE"

40. Changing the caption on the Title Bar

Change the Caption on the Title Bar for OutLook Express or the Internet Explorer:
For Outlook Express:
1. Open RegEdit
2. Go to
HKEY_CURRENT_USER\Software\Microsoft\OutLook Express
For IE5 and up use:
HKEY_CURRENT_USER\IDENTITIES \{9DDDACCO-38F2-11D6-93CA-812B1F3493B}\ SOFTWARE\ MICROSOFT\ OUTLOOK EXPRESS\5.0
3. Add a string value "WindowTitle" (no space)
4. Modify the value to what ever you like.

For no splash screen, add a dword value "NoSplash" set to 1
The Key {9DDDACCO-38F2-11D6-93CA-812B1F3493B} can be any key you find here. Each user has his own Key number.
The Key 5.0 is whatever version of IE you have

For Internet Explorer:
1. Open RegEdit
2. Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
3. Add a string value "Window Title" (use a space)
4. Modify the value to what ever you like.

Be continued...

Ref : easydesksoftware.com