Here’s the dilemma: you’ve set up multiple user accounts on a machine, and you’ve gone the extra mile to ensure that your data is properly protected by configuring permissions and employing encryption. Now you find Windows so locked down that you can’t do anything without having to enter a password first. Fortunately, you can customize the logon process to suit your needs and tolerance for cumbersome logon procedures.
The new, friendly Welcome screen is the default interface used when logging on to Windows XP.
The traditional Log On dialog forces you to type both the username and password of a user account to log in. Since a list of active users is not shown, it’s more secure than the default Welcome screen. Here’s how to switch:
Open the User Accounts window in Control Panel.
Click Change the way users log on or off.
Turn off the Use the Welcome screen option, and click Apply Options.
This change will take effect the next time you log off or restart your computer.
When you switch from the Welcome screen to the Log On screen, several other aspects of the Windows interface will be affected. Table 8-2 shows the differences between these two options of this deceptively simple setting.
Table 8-2. How disabling the Welcome screen affects other features in Windows
Welcome screen | Log On screen | |
---|---|---|
Look and feel of Shut Down dialog: | Large, friendly, colorful buttons for Stand By,[2] Turn Off, and Restart | A simple drop-down list, like the Shut Down dialog found in earlier versions of Windows |
Start Menu command to shut down: | Turn Off Computer | Shut Down |
What happens when you press Ctrl-Alt-Del: | Opens Task Manager; security features shown in Shut Down menu (except for Change Password) | Opens the Windows Security dialog, from where you can log off, shut down, start Task Manager, change your password, or lock the computer |
Access to hidden user accounts: | No access to hidden users | Log in to any user account by typing user name |
[2] Hold the Shift key to display a Hibernate button instead of Stand By on the Welcome screen. |
Although you can easily customize the look and feel of your own account, it’s not so easy to customize the Welcome screen. The following solutions allow you change a few things about the Welcome screen. Note that these solutions have no affect on the Log On screen (discussed in the next section).
When a new account is created in Windows XP, a picture is chosen at random from a collection including a Monopoly racecar, a soccer ball, a butterfly, and others. Here’s how to change the picture for any account:
Open the User Accounts window in Control Panel, and then choose an account to modify in the list below.
Click Change my picture.
Choose a picture from the collection, or click Browse for more pictures to choose your own image. Windows supports .bmp, .jpg, .gif, and .png image files.
Note that the image you choose here will also be the one that appears at the top of the Start Menu (not applicable if you’re using the Classic Start Menu).
Click Change picture when you’re done. The new picture(s) will show up the next time you log off or restart Windows.
Although changing the little picture for each user (as described earlier) is quite easy, it’s an entirely different matter to customize the actual Welcome screen. The screen is embedded in a Windows .exe files, which means you’ll need to extract the components of the screen to customize them.
Open Explorer, and navigate to your WindowsSystem32 folder.
Place a copy of the file logonui.exe somewhere convenient, such as on your Desktop or in your My Documents folder. Then, make another copy of the file, to be used as a backup in case something goes wrong.
Download and install the free Resource Hacker utility (available at http://www.annoyances.org/). Resource Hacker allows you to modify the bitmaps embedded in certain types of files, including .exe and .dll files, and is also used in a few solutions in Chapter 2.
Start Resource Hacker, and drag-drop the newly created copy of logonui.exe onto the Resource Hacker window to open it (or use File → Open).
Expand the Bitmap branch to show the various images used
on the Welcome page. For example, bitmap 100
is the blue gradient background,
bitmap 125
is the horizontal
line that appears above and below, and bitmaps 123
and 127
both contain the Windows
logo.
Optional: you can export any of these bitmaps to .bmp files by selecting them in the tree, and then going to Action → Save [Bitmap : ### : ###]. Do this if you wish to modify the existing images rather than (or in addition to) creating your own.
Create new images — or modify images you’ve extracted — to your heart’s content. Save your images as .bmp files.
Try to make your replacement images the same size (width height) as the default images in this file. If you need to change the size of an image, you’ll need a working knowledge of XML. See Step 10, below, for the additional modifications you’ll need to make if your images have different sizes than the ones they’re replacing.
When you’re ready, go to Action → Replace Bitmap. Highlight an entry in the Select bitmap to replace list, then click Open file with new bitmap, and then locate the .bmp file you’ve created or modified.
Repeat this for all the images you wish to replace.
Next, to customize any of the text shown in the Welcome
screen, such as “To begin, click your user name,” open the
String Table
branch, and
choose one of the five categories shown. When you’ve found the
text you want to change, just click in the right pane and start
typing.
It’s important that you keep the formatting of the text intact. For example, quotation marks, commas, and curly braces are used to separate and organize strings. Make sure you don’t mess them up.
Here are some tips for modifying the text strings here:
To include a line break, type
.
To include a double-quotation mark, type " (necessary, since a quotation
mark without the slash will be interpreted as the closing
quotes that mark the end of the string).
To insert the username of the selected user, type
%s
.
Some of the strings have names of fonts; as you might expect, you can modify these to change the fonts used in the Welcome screen.
When you’re done typing, click the Compile Script button.
The last component that can be modified is the actual
layout of the Welcome page. This can be found in the UIFILE1000
branch. The beginning of
the text in this branch is blank, but if you scroll down (in the
right-hand pane), you’ll see the content. This, essentially, is
an XML file, and unless you are familiar with XML (similar to
HTML), you won’t want to touch it.
However, you may need to modify one or more of the entries
here if any of your new bitmaps have different dimensions than
the ones they’re replacing. Start by locating the <element
. . . > tag that
corresponds to the image you wish to resize; for image 100, for
example, it will be the one that has this attribute:
content=rcbmp(100,0,0,219rp,207rp,1,0)
Here, the first number is the image number, and the numbers ending in “rp” are the dimensions.
When you’re done editing, go to File → Save to save your changes.
The last step is to replace the in-use version of logonui.exe with the one you’ve just modified. You should be able to just drag the modified version right into your WindowsSystem32 folder, replacing the one that’s there.
If Windows complains that the file is in use and can’t be replaced, you’ll have to follow the steps outlined in Section 2.2.6.
The new logo should appear the next time you start Windows. If, for some reason, the Welcome screen is corrupted or won’t load at all, the problem is most likely caused by a corrupt logonui.exe file. This can be repaired by using the instructions in the previous step to replace The modified version with the original version you backed up — you did back it up, didn’t you?
See Section 2.3.5 for a related solution.
By default, Windows will display the number of unread messages underneath each name on the Welcome screen, but only if you’re using Outlook or Outlook Express to retrieve your email. To turn off this notification, follow this procedure:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionUnreadMail
.
Double-click the MessageExpiryDays
value in this
key.
If it’s not there, go to Edit → New
→ DWORD Value, and type MessageExpiryDays
for the name of the
new value.
Type 0
for its value
data, click OK, and then close
the Registry Editor when you’re done. You’ll have to log off and
then log back on for the change to take effect.
Instead of disabling the feature, you can merely adjust how
far back Windows will “look” for unread messages, if you like. For
example, change the MessageExpiryDays
value to 5
to ignore any unread messages more than
five days old. The default is 3
.
This feature has been known to stop working if two or more email accounts have been configured in Outlook for a single user account.
Although you can easily customize the look and feel of your own account, it’s not so easy to customize the Log On screen. The following solutions allow you to customize various aspects of this window and the desktop that appears in the background. Note that these solutions have no affect on the Welcome screen (discussed in the previous section).
Follow these steps to customize the colors used by the Log On dialog, as well as the colors and (optionally) the wallpaper of the desktop that appears behind it:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_USERS.DEFAULTControl
PanelColors
.
Each of the values in this key represents the color of a different screen element. Each value has three numbers—the red, green, and blue values, respectively—that indicate the color of the corresponding object.
For example, double-click the Background
value and type 255 0 128
(note the spaces between the
numbers) to have a hot-pink background behind the Log On
dialog.
To determine the RGB values for your favorite colors, open a Color dialog by going to Control Panel → Display → Appearance tab → Advanced → Color 1 → Other.
While you’re here, you can also turn on the ClearType
feature for the Log On screen. ClearType helps make text more
readable on laptop and flat-panel displays. Double-click the
FontSmoothingType
value and
change its value data to 2
to
enable ClearType. A setting of one (1
) will enable standard font
smoothing, and a setting of zero (0
) will turn it off entirely.
If you wish to use wallpaper on the Log On desktop instead
of a solid color, expand the branches to HKEY_USERS.DEFAULTControl
PanelDesktop
. Double-click the Wallpaper
value, and type the full
path and filename of a .bmp
or .jpg file to use as the
wallpaper. To tile the wallpaper, set the TileWallpaper
value to 1
, or to stretch the wallpaper, set
the WallpaperStyle
value to
2
.
Close the Registry Editor when you’re done. The change will take effect the next time you log off or restart Windows.
By default, the username of the previously logged-in user is shown in the Log On screen. To disable this, follow these steps:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
NTCurrentVersionWinlogon
. (Note the Windows NT
branch here, as opposed to
the more common Windows
branch).
Create a new string value here by going to Edit → New
→ String Value, and type DontDisplayLastUserName
for the name
of the new value. If the value exists, it may be a DWORD
value. Either value type is
supported here.
Double-click the new value, type 1
for its value data, and click
OK.
Note that hiding the last-typed username will disable the automatic login, described in the next section, “Logging on Automatically.”
The following solution allows you to place your own message above the User name and Password fields in the Log On dialog:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
NTCurrentVersionWinlogon
. (Note the Windows NT
branch here, as opposed to
the more common Windows
branch).
Create a new string value here by going to Edit → New
→ String Value, and type LogonPrompt
for the name of the new
value.
Double-click the new value, type the message you’d like to appear, and click OK.
Depending on your settings, you may or may not see the Welcome screen or the Log On to Windows dialog when Windows first starts. For example, if your computer only has one user account (in addition to the Administrator account, discussed in previous solution), and you haven’t specified a password for that account, Windows will log you in automatically.
But it’s never a good idea to have any accounts on your system set up without passwords, not so much because someone could break into your computer while sitting at your desk, but because if you’re connected to a network or the Internet, an account — any account — without a password is a big security hole. See Section 7.6.1 for more information.
The problem with setting up a password, however, is that Windows will then prompt you for the password every time you turn on your computer, which can be a pain if you’re the only person who uses the machine. Fortunately, there is a rather easy way to password-protect your computer and not be bothered with the Log On screen.
Open the alternate User Accounts window (described at the
beginning of this chapter) by going to Start → Run,
typing control userpasswords2
,
and clicking OK.
Select the username from the list that you’d like to be your primary login, and then turn off the Users must enter a username and password to use this computer option.
The Automatically Log On dialog will appear, prompting you to enter (and confirm) the password for the selected user.
Click OK when you’re done. The change will take effect the next time you restart your computer.
Note that this solution will not disable your ability to log out and then log into another user account (see below). Furthermore, logging out and then logging back in will not disable the automatic login; the next time you restart Windows, you’ll be logged in automatically to the user account you specified.
Automatic logins are also good for machines you wish to use in public environments (typically called “kiosks”), but you’ll want to take steps to ensure that visitors can’t log in as more privileged users. There are two ways for a user to skip the automatic login and log into another user account:
Hold the Shift key while Windows is logging in.
Once Windows has logged in, log out by selecting Log Off from the Start Menu or pressing Ctrl-Alt-Del and selecting Log Off.
This next solution eliminates both of these back doors:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
NTCurrentVersionWinlogon
. (Note the Windows NT
branch here, as opposed to
the more common Windows
branch).
Create a new string value here by going to Edit → New
→ String Value, and name the new value
IgnoreShiftOverride
.
Double-click the new value, type 1
for its value data, and click
OK. (This disables the
Shift key during the automatic
login.)
Create a new DWORD value here by going to Edit → New
→ DWORD Value, and name the new value
ForceAutoLogon
. Double-click
the new value, type 1
for its
value data, and click OK. (This
automatically logs back in if the user tries to log out.)
Close the Registry Editor when you’re done. The change will take effect immediately.
To remove either or both of these restrictions, just delete the corresponding registry values.
It’s possible to limit the automatic login feature, so that the Log On dialog (or Welcome screen) reappears after a specified number of boots:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
NTCurrentVersionWinlogon
. (Note the Windows NT
branch here, as opposed to
the more common Windows
branch).
Create a new DWORD value here by going to Edit → New → DWORD Value.
Type AutoLogonCount
for
the name of the new value.
Double-click the new AutoLogonCount
value, and type the
number of system boots for which you’d like the automatic login
to remain active.
Every successive time Windows starts, it will decrease this
value by one. When the value is zero, the username and password
entered at the beginning of this topic are forgotten, and the
AutoLogonCount
value is
removed.
When you first install Windows XP, Setup walks you through the process of setting up two separate user accounts. First, you’re asked to choose an Administrator password, which is used for an actual account called “Administrator.” Setup then requires you to enter the name of at least one user that will be using the computer; that second username is what is used to subsequently log you into Windows XP.
Although the second user has administrator privileges, it’s not the true Administrator account, which is occasionally required for advanced solutions. What makes things more difficult is that the Administrator account is hidden from the Welcome screen and the User Accounts window. If you wish to log into the Administrator account, either to complete some solution or just to use it as your primary login, you should follow these instructions:
Get to the traditional Log On dialog, which requires you to type a username rather than simply clicking it. Not only is this window more secure than the Welcome screen, it’s the only way to get to the Administrator account. There are two ways to open the Log On dialog:
If you’re currently logged in, select Log Off from the Start Menu. When the Welcome screen appears, press Ctrl-Alt-Del twice.
To make the traditional Log On dialog your default, see Section 8.3.2, earlier in this chapter.
When the old-style Log On to Windows dialog appears, type
Administrator
into the
User name field, and your
administrator password into the Password field.
If, after logging in as the Administrator, you wish to
delete the secondary account created during Setup, use the
alternate User Accounts window by launching control userpasswords2
, as described at
the beginning of this chapter.
Despite the fact that the Administrator account is hidden by default, it’s perfectly acceptable to use it as your primary login. You may wish to do this simply if you’ve gotten tired of seeing your name in huge, blazing letters in the Start Menu.
If you wish to use the Administrator account as your primary login, but don’t wish to enter the password every time you turn on your computer, see the previous solution, “Logging on Automatically.”
After you log in to the Administrator account a few times, it will start showing up on the Welcome screen, at which point you can re-enable the Use the Welcome screen option if you so desire.
By default, several user accounts are hidden from the User Accounts window and the Welcome screen. Although you can access these accounts using the alternate User Accounts dialog as well as the Local Users and Groups window (both described at the beginning of this chapter), you can also simply unhide these accounts. Naturally, you can also hide additional accounts with this procedure.
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
NTCurrentVersionWinlogonSpecialAccountsUserList
.
(Note the Windows NT
branch
here, as opposed to the more common Windows
branch).
In this key, there’s a DWORD value named for each hidden user. To unhide a user account, simply delete a corresponding value here.
To hide a user, start by creating a new DWORD value by going to Edit → New → DWORD Value. Name the new value after the user you wish to hide.
Setting any of these values to zero (0
) will hide the corresponding accounts
from both the standard User Accounts window and the alternate User
Accounts window, enabling access only through the Local Users and
Groups window.
However, if a value is set to 65536
(hex 10000
), it will only be hidden from the
User Accounts window, allowing access through either the alternate
User Accounts dialog or Local Users and Groups.
Close the Registry Editor when you’re done. The change should take effect the next time any of the user-account dialogs are opened.
Among the restrictions you may want to impose on others who use your computer is one on shutting down Windows. For instance, if you’re logging in remotely, as described in “Controlling Another Computer Remotely (Just Like in the Movies)” in Chapter 7, you’ll want to make sure that your PC is always on. Or, if you’re setting up a system to be used by the public, you won’t want to allow anyone to shut down or reboot the system in an effort to compromise it. Here’s how to do it:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
.
Create a new DWORD value (Edit → New
→ DWORD value), and name it NoClose
.
Double-click the new value and type 1
for its data.
Close the Registry Editor when you’re done. You’ll need to restart Windows for this change to take effect.
Keep in mind that this isn’t a bulletproof solution. For instance, anyone will be able to shut down windows by pressing Ctrl-Alt-Del and clicking Shut Down there. Also, someone with ready access to your computer’s on/off switch, reset button, or power cord will be able to circumvent this restriction. At the very least, though, it’ll provide some reasonable assurance that your PC will remain powered on.
Every user account on your system has its own profile (home) folder, stored, by default, in the Documents and Settings folder. In this folder are such special user folders as Desktop, Send To, Start Menu, My Documents, and Application Data, among others. Files placed in the Desktop folder appear as icons on the user’s desktop, shortcuts placed in the Start Menu folder appear as Start menu items, and so on. This arrangement lets each user have her own Desktop, Start Menu, etc.
There’s also an All Users folder, used, for example, to store icons that appear on all users’ Desktops. Likewise, the Default User folder is a template of sorts, containing files and settings copied for each newly created user. All in all, the use of these folders is pretty self-explanatory.
See “Backing Up the Registry” in Chapter 3 for more information on the NTUSER.DAT file found in each user folder.
You can change the default locations for any user’s special folders, but the process is different for different folder types:
To change the location of any user’s home folder, start the Local Users and Groups window (lusrmgr.msc, described at the beginning of this chapter). Open the Users category, double-click a user, and choose the Profile tab.
To change the location of any system folder in a user’s home folder, such as the My Documents folder or the Send To folder, you must be logged in as that user. Start TweakUI (see Appendix A), open the My Computer category branch, select Special Folders, and choose the folder to relocate from the Folder list. Note that this only changes the place that Windows looks for the associated files; you’ll have to create the folder and place the appropriate files in it yourself.
For folders not listed in TweakUI, you’ll need to edit the Registry. Most user folders are specified in these two Registry keys:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion ExplorerShell Folders HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion ExplorerUser Shell Folders
One of the exceptions is the Application Data folder, which is defined by the DefaultDir
value in:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion ProfileReconciliationAppData.
You’ll need to log out and then log back in for any these changes to take effect.
The Program Files and Common Files folders (shared by all users) are both defined in:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
For Program Files,
you’ll need to change both the ProgramFilesDir
and ProgramFilesPath
values; for
Common Files, just change
the CommonFilesDir
value.
When relocating system folders, keep in mind that there can be hundreds of references to them throughout the Registry, especially Program Files and Common Files. You’ll probably need to use a program like Registry Search and Replace (available at http://www.annoyances.org ) to easily get them all.
To effectively remove a user’s system folder, the best thing to do is simply to consolidate it with another system folder. After specifying the new location, as described earlier, just drag-drop the contents of one into the other, and then restart Windows.
The benefits of doing this are substantial. For example, Windows XP comes with the My Documents folder, which helps to enforce a valuable strategy for keeping track of personal documents by providing a single root for all documents, regardless of the application that created them (see Section 2.2.8 for details). The problem is that this design is seriously undermined by the existence of other system folders with similar uses, such as My Pictures, Favorites, Personal, Received Files, and My Files. [3] Consolidating all of these system folders so that they all point to the same place, such as c:Documents or c:Projects, causes several positive things to happen. Not only does it provide a common root for all personal documents, making your stuff much easier to find and keep track of, it also allows you to open any document quickly by using the Favorites menu in the Start Menu.
[3] My Files is the counterpart to My Documents that is used by some older versions of WordPerfect and other non-Microsoft application suites. The Personal folder was used by Microsoft Office 95, but not so much in subsequent releases. Depending on which programs you’ve installed or have used in the past, these folders may or may not appear on your system.
3.139.83.7