|
8.3. Logon OptionsHere's the dilemma: you've set up multiple user accounts on a machine, and you've gone the extra mile to ensure that your data is properly protected by configuring permissions and employing encryption. Now you find Windows so locked down that you can't do anything without having to enter a password first. Fortunately, you can customize the logon process to suit your needs and tolerance for cumbersome logon procedures. 8.3.1. Use the Traditional Log On DialogInstead of the Welcome ScreenThe new, friendly Welcome screen is the default interface used when logging on to Windows XP. The traditional Log On dialog forces you to type both the username and password of a user account to log in. Since a list of active users is not shown, it's more secure than the default Welcome screen. Here's how to switch:
When you switch from the Welcome screen to the Log On screen, several other aspects of the Windows interface will be affected. Table 8-2 shows the differences between these two options of this deceptively simple setting.
8.3.2. Customize the Welcome ScreenAlthough you can easily customize the look and feel of your own account, it's not so easy to customize the Welcome screen. The following solutions allow you change a few things about the Welcome screen. Note that these solutions have no affect on the Log On screen (discussed in the next section). 8.3.2.1 Choose new pictures for usersWhen a new account is created in Windows XP, a picture is chosen at random from a collection including a Monopoly racecar, a soccer ball, a butterfly, and others. Here's how to change the picture for any account:
8.3.2.2 Create a new Welcome screenAlthough changing the little picture for each user (as described earlier) is quite easy, it's an entirely different matter to customize the actual Welcome screen. The screen is embedded in a Windows .exe files, which means you'll need to extract the components of the screen to customize them.
|
The last step is to replace the in-use version of logonui.exe with the one you've just modified. You should be able to just drag the modified version right into your \Windows\System32 folder, replacing the one that's there.
If Windows complains that the file is in use and can't be replaced, you'll have to follow the steps outlined in Section 2.2.6.
The new logo should appear the next time you start Windows. If, for some reason, the Welcome screen is corrupted or won't load at all, the problem is most likely caused by a corrupt logonui.exe file. This can be repaired by using the instructions in the previous step to replace The modified version with the original version you backed up you did back it up, didn't you?
See Section 2.3.5 for a related solution.
By default, Windows will display the number of unread messages underneath each name on the Welcome screen, but only if you're using Outlook or Outlook Express to retrieve your email. To turn off this notification, follow this procedure:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\UnreadMail.
Double-click the MessageExpiryDays value in this key.
If it's not there, go to Edit Type 0 for its value data, click OK, and then close the Registry Editor when you're done. You'll have to log off and then log back on for the change to take effect.
Instead of disabling the feature, you can merely adjust how far back Windows will "look" for unread messages, if you like. For example, change the MessageExpiryDays value to 5 to ignore any unread messages more than five days old. The default is 3.
This feature has been known to stop working if two or more email accounts have been configured in Outlook for a single user account.
Although you can easily customize the look and feel of your own account, it's not so easy to customize the Log On screen. The following solutions allow you to customize various aspects of this window and the desktop that appears in the background. Note that these solutions have no affect on the Welcome screen (discussed in the previous section).
Follow these steps to customize the colors used by the Log On dialog, as well as the colors and (optionally) the wallpaper of the desktop that appears behind it:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_USERS\.DEFAULT\Control Panel\Colors.
Each of the values in this key represents the color of a different screen element. Each value has three numbersthe red, green, and blue values, respectivelythat indicate the color of the corresponding object.
For example, double-click the Background value and type 255 0 128 (note the spaces between the numbers) to have a hot-pink background behind the Log On dialog.
To determine the RGB values for your favorite colors, open a Color dialog by going to Control Panel While you're here, you can also turn on the ClearType feature for the Log On screen. ClearType helps make text more readable on laptop and flat-panel displays. Double-click the FontSmoothingType value and change its value data to 2 to enable ClearType. A setting of one (1) will enable standard font smoothing, and a setting of zero (0) will turn it off entirely.
If you wish to use wallpaper on the Log On desktop instead of a solid color, expand the branches to HKEY_USERS\.DEFAULT\Control Panel\Desktop. Double-click the Wallpaper value, and type the full path and filename of a .bmp or .jpg file to use as the wallpaper. To tile the wallpaper, set the TileWallpaper value to 1, or to stretch the wallpaper, set the WallpaperStyle value to 2.
Close the Registry Editor when you're done. The change will take effect the next time you log off or restart Windows.
By default, the username of the previously logged-in user is shown in the Log On screen. To disable this, follow these steps:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. (Note the Windows NT branch here, as opposed to the more common Windows branch).
Create a new string value here by going to Edit Double-click the new value, type 1 for its value data, and click OK.
Note that hiding the last-typed username will disable the automatic login, described in the next section, "Logging on Automatically."
The following solution allows you to place your own message above the User name and Password fields in the Log On dialog:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. (Note the Windows NT branch here, as opposed to the more common Windows branch).
Create a new string value here by going to Edit Double-click the new value, type the message you'd like to appear, and click OK.
Depending on your settings, you may or may not see the Welcome screen or the Log On to Windows dialog when Windows first starts. For example, if your computer only has one user account (in addition to the Administrator account, discussed in previous solution), and you haven't specified a password for that account, Windows will log you in automatically.
But it's never a good idea to have any accounts on your system set up without passwords, not so much because someone could break into your computer while sitting at your desk, but because if you're connected to a network or the Internet, an account any account without a password is a big security hole. See Section 7.6.1 for more information.
The problem with setting up a password, however, is that Windows will then prompt you for the password every time you turn on your computer, which can be a pain if you're the only person who uses the machine. Fortunately, there is a rather easy way to password-protect your computer and not be bothered with the Log On screen.
Open the alternate User Accounts window (described at the beginning of this chapter) by going to Start OK.
Select the username from the list that you'd like to be your primary login, and then turn off the Users must enter a username and password to use this computer option.
The Automatically Log On dialog will appear, prompting you to enter (and confirm) the password for the selected user.
Click OK when you're done. The change will take effect the next time you restart your computer.
Note that this solution will not disable your ability to log out and then log into another user account (see below). Furthermore, logging out and then logging back in will not disable the automatic login; the next time you restart Windows, you'll be logged in automatically to the user account you specified.
Automatic logins are also good for machines you wish to use in public environments (typically called "kiosks"), but you'll want to take steps to ensure that visitors can't log in as more privileged users. There are two ways for a user to skip the automatic login and log into another user account:
Hold the Shift key while Windows is logging in.
Once Windows has logged in, log out by selecting Log Off from the Start Menu or pressing Ctrl-Alt-Del and selecting Log Off.
This next solution eliminates both of these back doors:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. (Note the Windows NT branch here, as opposed to the more common Windows branch).
Create a new string value here by going to Edit OK. (This disables the Shift key during the automatic login.)
Create a new DWORD value here by going to Edit OK. (This automatically logs back in if the user tries to log out.)
Close the Registry Editor when you're done. The change will take effect immediately.
To remove either or both of these restrictions, just delete the corresponding registry values.
It's possible to limit the automatic login feature, so that the Log On dialog (or Welcome screen) reappears after a specified number of boots:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. (Note the Windows NT branch here, as opposed to the more common Windows branch).
Create a new DWORD value here by going to Edit Type AutoLogonCount for the name of the new value.
Double-click the new AutoLogonCount value, and type the number of system boots for which you'd like the automatic login to remain active.
Every successive time Windows starts, it will decrease this value by one. When the value is zero, the username and password entered at the beginning of this topic are forgotten, and the AutoLogonCount value is removed.
When you first install Windows XP, Setup walks you through the process of setting up two separate user accounts. First, you're asked to choose an Administrator password, which is used for an actual account called "Administrator." Setup then requires you to enter the name of at least one user that will be using the computer; that second username is what is used to subsequently log you into Windows XP.
Although the second user has administrator privileges, it's not the true Administrator account, which is occasionally required for advanced solutions. What makes things more difficult is that the Administrator account is hidden from the Welcome screen and the User Accounts window. If you wish to log into the Administrator account, either to complete some solution or just to use it as your primary login, you should follow these instructions:
Get to the traditional Log On dialog, which requires you to type a username rather than simply clicking it. Not only is this window more secure than the Welcome screen, it's the only way to get to the Administrator account. There are two ways to open the Log On dialog:
If you're currently logged in, select Log Off from the Start Menu. When the Welcome screen appears, press Ctrl-Alt-Del twice.
To make the traditional Log On dialog your default, see Section 8.3.2, earlier in this chapter.
When the old-style Log On to Windows dialog appears, type Administrator into the User name field, and your administrator password into the Password field.
If, after logging in as the Administrator, you wish to delete the secondary account created during Setup, use the alternate User Accounts window by launching control userpasswords2, as described at the beginning of this chapter.
Despite the fact that the Administrator account is hidden by default, it's perfectly acceptable to use it as your primary login. You may wish to do this simply if you've gotten tired of seeing your name in huge, blazing letters in the Start Menu.
If you wish to use the Administrator account as your primary login, but don't wish to enter the password every time you turn on your computer, see the previous solution, "Logging on Automatically."
After you log in to the Administrator account a few times, it will start showing up on the Welcome screen, at which point you can re-enable the Use the Welcome screen option if you so desire.
By default, several user accounts are hidden from the User Accounts window and the Welcome screen. Although you can access these accounts using the alternate User Accounts dialog as well as the Local Users and Groups window (both described at the beginning of this chapter), you can also simply unhide these accounts. Naturally, you can also hide additional accounts with this procedure.
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList. (Note the Windows NT branch here, as opposed to the more common Windows branch).
In this key, there's a DWORD value named for each hidden user. To unhide a user account, simply delete a corresponding value here.
To hide a user, start by creating a new DWORD value by going to Edit Setting any of these values to zero (0) will hide the corresponding accounts from both the standard User Accounts window and the alternate User Accounts window, enabling access only through the Local Users and Groups window. However, if a value is set to 65536 (hex 10000), it will only be hidden from the User Accounts window, allowing access through either the alternate User Accounts dialog or Local Users and Groups.
Close the Registry Editor when you're done. The change should take effect the next time any of the user-account dialogs are opened.
Among the restrictions you may want to impose on others who use your computer is one on shutting down Windows. For instance, if you're logging in remotely, as described in "Controlling Another Computer Remotely (Just Like in the Movies)" in Chapter 7, you'll want to make sure that your PC is always on. Or, if you're setting up a system to be used by the public, you won't want to allow anyone to shut down or reboot the system in an effort to compromise it. Here's how to do it:
Open the Registry Editor (discussed in Chapter 3).
Expand the branches to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.
Create a new DWORD value (Edit Double-click the new value and type 1 for its data.
Close the Registry Editor when you're done. You'll need to restart Windows for this change to take effect.
Keep in mind that this isn't a bulletproof solution. For instance, anyone will be able to shut down windows by pressing Ctrl-Alt-Del and clicking Shut Down there. Also, someone with ready access to your computer's on/off switch, reset button, or power cord will be able to circumvent this restriction. At the very least, though, it'll provide some reasonable assurance that your PC will remain powered on.
Every user account on your system has its own profile (home) folder, stored, by default, in the \Documents and Settings folder. In this folder are such special user folders as Desktop, Send To, Start Menu, My Documents, and Application Data, among others. Files placed in the Desktop folder appear as icons on the user's desktop, shortcuts placed in the Start Menu folder appear as Start menu items, and so on. This arrangement lets each user have her own Desktop, Start Menu, etc.
There's also an All Users folder, used, for example, to store icons that appear on all users' Desktops. Likewise, the Default User folder is a template of sorts, containing files and settings copied for each newly created user. All in all, the use of these folders is pretty self-explanatory.
|
You can change the default locations for any user's special folders, but the process is different for different folder types:
To change the location of any user's home folder, start the Local Users and Groups window (lusrmgr.msc, described at the beginning of this chapter). Open the Users category, double-click a user, and choose the Profile tab.
To change the location of any system folder in a user's home folder, such as the My Documents folder or the Send To folder, you must be logged in as that user. Start TweakUI (see Appendix A), open the My Computer category branch, select Special Folders, and choose the folder to relocate from the Folder list. Note that this only changes the place that Windows looks for the associated files; you'll have to create the folder and place the appropriate files in it yourself.
For folders not listed in TweakUI, you'll need to edit the Registry. Most user folders are specified in these two Registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Explorer\Shell Folders HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Explorer\User Shell Folders
One of the exceptions is the Application Data folder, which is defined by the DefaultDir value in:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ ProfileReconciliation\AppData.
You'll need to log out and then log back in for any these changes to take effect.
The Program Files and Common Files folders (shared by all users) are both defined in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
For Program Files, you'll need to change both the ProgramFilesDir and ProgramFilesPath values; for Common Files, just change the CommonFilesDir value.
|
To effectively remove a user's system folder, the best thing to do is simply to consolidate it with another system folder. After specifying the new location, as described earlier, just drag-drop the contents of one into the other, and then restart Windows.
The benefits of doing this are substantial. For example, Windows XP comes with the My Documents folder, which helps to enforce a valuable strategy for keeping track of personal documents by providing a single root for all documents, regardless of the application that created them (see Section 2.2.8 for details). The problem is that this design is seriously undermined by the existence of other system folders with similar uses, such as My Pictures, Favorites, Personal, Received Files, and My Files.[3] Consolidating all of these system folders so that they all point to the same place, such as c:\Documents or c:\Projects, causes several positive things to happen. Not only does it provide a common root for all personal documents, making your stuff much easier to find and keep track of, it also allows you to open any document quickly by using the Favorites menu in the Start Menu.
[3] My Files is the counterpart to My Documents that is used by some older versions of WordPerfect and other non-Microsoft application suites. The Personal folder was used by Microsoft Office 95, but not so much in subsequent releases. Depending on which programs you've installed or have used in the past, these folders may or may not appear on your system.
|