Removing Components

Whereas the previous section showed you how to prevent Windows XP from configuring components when it creates a user profile, this section shows you how to prevent Windows XP from installing certain components altogether. Be careful when you prevent the operating system from installing components, though, because doing so could cripple some features and applications. For example, Office XP requires Internet Explorer, Outlook Express, and NetMeeting for a lot of its features, particularly its collaboration features. The moral is to test your configurations in a lab before deploying them to unsuspecting users.

The Windows XP setup program doesn't provide a user interface for removing components during installation. You can use an answer file to remove components, however; Chapter 12, "Deploying with Answer Files," shows you what the [Components] section looks like in an answer file, and I summarize that information in this chapter. The operating system does allow users to add or remove components using Windows Components Wizard, though: click Start, Control Panel, Add Or Remove Programs, Add/Remove Windows Components. Still, the wizard and answer files do not allow you to remove and disable some of the features that enterprises would rather not install. There's no option to remove Movie Maker, for example, nor is there an option to remove Windows Messenger.

This section shows you some alternative ways to get rid of components, if possible, or to hide them. The most common requests that I get are to get rid of Tour Windows XP, Movie Maker, Outlook Express, and Files And Settings Transfer Wizard. Strangely, I'm not often asked about removing the games, but you can do that easily enough through your Windows XP answer file.

Answer File [Components] Section

Chapter 12, "Deploying with Answer Files," describes how to build an answer file. If you're an IT professional deploying Windows XP, you're probably already familiar with answer files. The [Components] section of answer files enables you to prevent the operating system from installing certain components. Listing 15-2 on the next page shows what this section looks like, and the listing contains all the components that Windows XP answer files support (I omitted server-specific components). The names of each component are self-explanatory. To install a component, set it to On. To prevent its installation, set it to Off. In the listing, I've set each component to its default installation value.

Listing 15-2: Unattend.txt

start example

 [Components] accessopt=On; Accessibility wizard calc=On; Calculator charmap=On; Character Map chat=Off; Chat deskpaper=On; Desktop backgrounds dialer=On; Phone Dialer fax=Off; Fax fp_extensions=Off; FrontPage server extensions fp_vdir_deploy=Off; Visual InterDev RAD Remote Deployment Support freecell=On; Freecell hearts=On; Hearts hypertrm=On; HyperTerminal IEAccess=On; Visible entry points to Internet Explorer iis_common=Off; Internet Information Services (IIS) common iis_ftp=Off; FTP service iis_htmla=Off; HTML-based administration for IIS iis_inetmgr=Off; MMC-based administration for IIS iis_pwmgr=Off; Personal Web Manager iis_smtp=Off; SMTP service for IIS iis_smtp_docs=Off; SMTP service documentation iis_www=Off; WWW service for IIS iis_www_vdir_printers=Off; Web printing components for IIS iisdbg=Off; Microsoft Script Debugger indexsrv_system=Off; Indexing Service media_clips=On; Sample sound clips media_utopia=Off; Utopia Sound Scheme minesweeper=On; Minesweeper mousepoint=On; Mouse pointers mplay=On; Windows Media Player msmq_ADIntegrated=Off; Integrates Message Queuing (MSMQ) with AD msmq_Core=Off; MSMQ core files msmq_HTTPSupport=Off; MSMQ support for HTTP msmq_LocalStorage=Off; MSMQ support for local storage msmq_MQDSService=Off; MSMQ support for down-level clients msmq_RoutingSupport=Off; MSMQ support for efficient routing msmq_TriggersService=Off; MSMQ support for Component Object Model msmsgs=On; Windows Messenger msnexplr=On; MSN Explorer mswordpad=On; WordPad Netcis=Off; COM Internet Services netoc=On; Optional networking components objectpkg=On; Object Packager paint=On; Paint pinball=On; Pinball rec=On; Sound Recorder solitaire=On; Solitaire spider=On; Spider templates=On; Document templates Vol=On; Volume Control zonegames=On; Gaming Zone Internet games 

end example

Microsoft doesn't document a way to prevent the setup program from installing Windows Messenger—a common request. I've added the component msmsgs to Listing 15-2, however, which prevents the setup program from installing it. The file Sysoc.inf, which you learn about in the next section, hides this component in Windows Components Wizard. You can edit that file to show Windows Messenger in the wizard, but doing so relies on users to remove Windows Messenger. Instead, you can add the component to the [Components] section of your answer file to prevent the setup program from installing it.

This is a great technique for preventing the operating system from installing things such as the games, but it doesn't prevent the installation of components such as Movie Maker, because the [Components] section doesn't include settings for those components. You can use it to prevent the installation of Windows Media Player and Windows Messenger, though, which strikes two components off of my checklist.

Extending Windows Components Wizard

Just because you don't see a component in Windows Components Wizard doesn't mean that Windows XP isn't prepared to remove it. The file Sysoc.inf controls which components appear in the wizard. This file is in %SYSTEMROOT%\Inf, and Listing 15-3 shows its default contents. You must display super-hidden files to see the Inf folder: In Windows Explorer, click Tools, Folder Options. On the View tab, select the Show Hidden Files And Folders check box.

Listing 15-3: Sysoc.inf

start example

 [Version] Signature = "$Windows NT$" DriverVer=07/01/2001,5.1.2600.0 [Components] NtComponents=ntoc.dll,NtOcSetupProc,,4 WBEM=ocgen.dll,OcEntry,wbemoc.inf,hide,7 Display=desk.cpl,DisplayOcSetupProc,,7 Fax=fxsocm.dll,FaxOcmSetupProc,fxsocm.inf,,7 NetOC=netoc.dll,NetOcSetupProc,netoc.inf,,7 iis=iis.dll,OcEntry,iis.inf,,7 com=comsetup.dll,OcEntry,comnt5.inf,hide,7 dtc=msdtcstp.dll,OcEntry,dtcnt5.inf,hide,7 IndexSrv_System = setupqry.dll,IndexSrv,setupqry.inf,,7 TerminalServer=TsOc.dll, HydraOc, TsOc.inf,hide,2 msmq=msmqocm.dll,MsmqOcm,msmqocm.inf,,6 ims=imsinsnt.dll,OcEntry,ims.inf,,7 fp_extensions=fp40ext.dll,FrontPage4Extensions,fp40ext.inf,,7 AutoUpdate=ocgen.dll,OcEntry,au.inf,hide,7 msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7 RootAutoUpdate=ocgen.dll,OcEntry,rootau.inf,,7 IEAccess=ocgen.dll,OcEntry,ieaccess.inf,,7 Games=ocgen.dll,OcEntry,games.inf,,7 AccessUtil=ocgen.dll,OcEntry,accessor.inf,,7 CommApps=ocgen.dll,OcEntry,communic.inf,HIDE,7 MultiM=ocgen.dll,OcEntry,multimed.inf,HIDE,7 AccessOpt=ocgen.dll,OcEntry,optional.inf,HIDE,7 Pinball=ocgen.dll,OcEntry,pinball.inf,HIDE,7 MSWordPad=ocgen.dll,OcEntry,wordpad.inf,HIDE,7 ZoneGames=zoneoc.dll,ZoneSetupProc,igames.inf,,7 [Global] WindowTitle=%WindowTitle% WindowTitle.StandAlone="*" [Components] msnexplr=ocmsn.dll,OcEntry,msnmsn.inf,,7 [Strings] WindowTitle="Windows Professional Setup" WindowTitle_Standalone="Windows Components Wizard" 

end example

The important section in this file is [Components]. Each line in this section is either a specific component or a category of components. If you see the word hide, Windows XP doesn't display the component or category in Windows Components Wizard. To allow users to remove the component, or the components in the category, remove the word hide. For example, to allow users to remove Windows Messenger, change the line msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,hide,7to msmsgs=msgrocm.dll,OcEntry,msmsgs.inf,,7.

Removing Components After Installation

The first option I gave you enables you to prevent the Windows XP setup program from installing components during installation. The second option enables you to expose additional components in Windows Components Wizard. This last option is for scenarios in which you want to remove a component without exposing it in Windows Components Wizard. This is also useful when you want to script the removal so that you don't have to visit the desktop.

The first step is to find the component's INF file in %SYSTEMROOT%\Inf. Remember that this is a super-hidden folder, and I gave you instructions for showing it earlier in this chapter. The easiest way to find the component's INF file is to use Search Assistant. Look for all files with the .inf extension that contain the name of the component. For example, to find the INF file for Windows Messenger, search for all files with the .inf extension in %SYSTEMROOT%\Inf that contain Windows Messenger. You should come up with the file Msmsgs.inf as shown in Figure 15-3. Then look in the file for a section with the words remove or uninstall in it. In this case, the section is called [BLC.Remove]. Then execute the following command, whether in a script or in the Run dialog box, where Filename.inf is the name of the INF file and Section is the name of the uninstall section:

 rundll32 advpack.dll,LaunchINFSection %systemroot%\Inf\Filename.inf,Section 

click to expand
Figure 15-3: Search the %SYSTEMROOT%\Inf folder for all files with the .inf extension that contain the name of the component you want to remove.

Thus, to remove Windows Messenger, run the command:

 rundll32 advpack.dll,LaunchINFSection %systemroot%\Inf\Msmsgs.inf,BLC.Remove. 

Alas, many components don't have uninstall sections in their INF files, and that leaves you looking for other ways to remove them. You can use this method for many device drivers, programs, and components that do provide INF files, though.

Hiding Non-Removable Components

None of the methods I've shown will help you get rid of some components, including Tour Windows XP, Movie Maker, Outlook Express, and Files And Settings Transfer Wizard, which is what started me on this rampage in the first place. To prevent users from accessing these applications, you're going to have to get creative. Tour Windows XP is easy to hide, if not get rid of altogether. Create a new subkey in HKLM\Software\Microsoft\Windows \CurrentVersion\Applets\Tour called Tour. Then create the REG_DWORD value RunCount and set it to 0x00. Do this on your disk images so that users aren't accosted by Tour Windows XP the first time they log on to the operating system; they can run the tour from the Start menu.

The remaining bits aren't as easy. You can't just remove the program files because Windows File Protection immediately restores them. You could disable Windows File Protection, but I don't recommend doing so because it protects users' configurations from accidents and misbehaved applications that like to replace files they have no business replacing. Instead, on your disk images, hide the shortcuts, and use Software Restriction Policies to prevent users from running the programs by opening the program files:

  1. Prevent Windows XP from creating new shortcuts by removing the appropriate StubPath values from HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components. See the section "Controlling Just-in-Time Setup," earlier in this chapter, for more information.

  2. Hide existing shortcuts to the program (do this on your disk images):

    • Search %SYSTEMDRIVE%\Documents and Settings\All Users for shortcuts to the program, and remove them.

    • Search %SYSTEMDRIVE%\Documents and Settings\Default User for shortcuts to the program, and remove them.

    • Search the Default User folder in \\Server\NETLOGON\Default User share for the program's shortcuts, and remove them.

  3. Create a new Group Policy object (GPO) in Active Directory or locally on your disk images that prevents users from running the program.

That last step requires more explanation. Chapter 6, "Using Registry-Based Policy," contains more information about Group Policy, but I'll get you started. The following instructions assume that you're defining Software Restriction Policies in the local GPO, but the steps transfer to network-based Group Policy:

  1. In Group Policy Editor's left pane, click Software Restriction Policies.

    To start Group Policy Editor, type gpedit.msc in the Run dialog box. Software Restriction Policies is under Computer Configuration\Windows Settings \Security Settings.

  2. Right-click Software Restriction Policies, and then click Create New Policies.

  3. Under Software Restrictions Policies, right-click Additional Rules, and then click New Hash Rule.

  4. Click Browse, and select the file that you want to prevent users from executing. For example to prevent users from running Files And Settings Migration Wizard, select %SYSTEMROOT%\system32\usmt\migwiz.exe.

After you select the file that you want to prevent users from running, Group Policy Editor creates a hash for the file. Figure 15-4 shows an example that prevents users from running Files And Settings Transfer Wizard. Users won't be able to run any program that matches that hash value. That way, users can't trick the system by copying the file to a different location (clever). After you save the policy, you must log off of Windows XP for the change to take affect. When users try to run the program, they see an error message that says, Windows cannot open this program because it has been prevented by a software restriction policy. So between hiding the advertisements and preventing the program file from executing, you can prevent programs such as Movie Maker and Files And Settings Transfer Wizard from distracting users.

click to expand
Figure 15-4: Without a Files And Settings Transfer Wizard shortcut on the Start menu, users will not usually try to run the wizard. Those who do will see an error message.



Microsoft Windows XP Registry Guide
Microsoft Windows XP Registry Guide (Bpg-Other)
ISBN: 0735617880
EAN: 2147483647
Year: 2005
Pages: 185

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net