Configuring Windows 2000/XP for Performance, Usability and Security

Related documents: Configuring System BIOS, Windows 2000 Pro software installation and further notes on configuring Windows 2000

You can use TWEAK (The Windows Environment and Application Konfigurator) program to make the majority of these changes for you automatically.

Note: All the settings we're not sure of are temporarily highlighted in bold whilst we clarify every last registry setting that relates to this document. If you're using our automatic system configuration program, TWEAK, then the only settings you need make manually are highlighted in bold (and not italic), ignore those that are highlighted in bold and italic.

Contents

0. Changes to this document

1. Introduction

2. Hard Disk Partitioning

3. Directory Structure

4. Booting

5. The Windows Operating System [2000,XP]

6. Disaster Prevention

7. Further Windows Housekeeping

8. Clearing Out Unnecessary Files To Make Space And Increase Performance

9. Functionality That Can Be Removed From Windows If You Don't Use It

10. Still to add to this document

11. Appendix

0. Changes to this document

1.34.0 (30 July 04): incorporated Automatic Updates settings from 'Still to add to this document' section; removed 'Windows Automatic Updates' from the list of Windows Components to uninstall (it won't uninstall)

1.33.0 (12 Dec 03): added proper registry setting for Windows XP's 'classic start menu'; added Windows XP's 'Show Quick Launch'; added Windows XP Pro and XP Home Start menu and Desktop icons to be removed; added power scheme for laptops running on batteries

1.31.3 (30 Oct 03): Not convinced 'Launch browser windows in a separate process' and 'Reuse windows for launching shortcuts' are the same thing.
'Launch browser windows in a separate process' should be left to the operating system to decide, which it does automatically, depending on the amont of RAM available (and its registry setting should have been 'BrowseNewProcess' rather than 'SeparateProcess')

1.30.0 (24 Sept 03): changed Windows system TEMP directory name from 'winnt' to 'windows'

1. Introduction

You can configure Windows with all its user interface bells and whistles that have little functional value other than to slow the system down, and pay extra money for bigger, faster, hardware to compensate for your bad configuration; but why bother. This document details how to turn off all the extra fluff, and how to streamline it further so that the system runs at its fastest on the given hardware and saves you throwing away old equipment before its time is really up.

As far as performance goes, configuring a Windows system with the settings layed out in this document will really come-into-its-own on a computer with less resources than those you'd buy brand new now, yet it will enable any computer to run Windows faster and smoother. tuning the operating system for performance goes hand-in-hand with choosing lightweight software applications.

Use this document in conjunction with win-2k-pro-software-installation.html; this document deals with the software worth loading onto a Windows NT sytem, this document deals with how to configure the underlying operating system that exists before you begin loading software onto it.
There are also details of settings worth making in many of the individual programs that make up a Windows system, in documents which can be found via software.html.

Key

2. Hard Disk Partitioning

Stand-alone Windows 2000 Pro / XP Home / XP Pro

Drive Function Volume Name Directories Size(MB) File System Cluster Size Partition Type
C:

 Windows operating system + virtual memory WINDOWS \winnt or \windows min: 700
advised: 1000 - 1200
+ 3X physical (incl. foreseeable) RAM for virtual memory
+ 1X physical (incl. foreseeable) RAM if want hibernation		 NTFS default? primary
D: program files PROGRAMS \programs min: 600
advised: 1500+		 NTFS default? extended/
logical
E: 1. Windows' temporary files
2. applications' (incl. browsers') temporary files / scratch space		 TEMP 1. \windows
2. \'username'\
program-name		 min: 400
advised: 1000
(2000+ for audio / still image / video editing)		 NTFS default? extended/
logical
F: users' Home space for their data and various other uses HOME \files\'username'
\mail
\software
\drivers
\freedb
\backup		 rest of available space; or leave some for GNU/Linux NTFS default? extended/
logical
Z: CD-ROM / CD-RW / etcetera . . . . . .
backup partitions (optional):
n/a invisible partition for 'WINDOWS' backup PROG-BAK n/a = NTFS default?
n/a invisible partition for 'PROGRAMS' backup WIN-BAK n/a = NTFS default?
partitions of an additional dual booting GNU/Linux system (optional):
hd# root n/a ? 100 EXT2 (83) ? primary/logical
hd# swap n/a ? = or 2x physical RAM size (and between 128MB and 2GB) LINUX-SWAP (82) ? logical
hd# everything else ? ? min: 800+
advised: 2000+		 EXT2 (83) ? logical

Advantages of spreading operating system functionality over multiple partitions (or even disk drives):

If you have a second hard disk, depending on how often its being accessed by programs, you can improve performance by locating Windows' virtual memory on that disk. This saves the virtual memory file from fragmenting the Windows partition. We used to also advise locating Windows' virtual memory on its own partition in a single disk system but it transpires that though this reduces fragmentation (a major performance hindrance), it forces the disk heads to move back and forwards too much between the Windows system files and the virtual memory, reducing the performance boost gained from the lack of fragmentation; where-as with the virtual memory on a separate disk the disk heads remain constantly around the same position on the disk where the virtual memory file is located

TEMP wants to be larger (i.e. by an extra 1GB) if an image manipulation (i.e. GIMP, Photoshop) or audio editing software (i.e. Audacity, CoolEdit/Audition) is using it

If you wish to have the GNU/Linux operating system installed concurrently with Windows, install Windows first, leave some partition space free (use something like Ranish Partition Manager or FIPS and Partition Resizer or Partition Magic or FDISK), and the GNU/Linux installer should prompt you to allow it to install in the free space and should then insert an operating system loader (LILO/GRUB/etc) in the hard disk's Master Boot Record (MBR) (the first sectors of the disk, that previously had Windows' operating system loader that took you into Windows automatically) which instead will ask you each time you switch on which operating system you'd like to run

the minimum and maximum partition sizes in the following table are based on a system presumed to be heavily used for a typical set of popular contemporary desktop uses, such as office suite applications (word processing, spreadsheet, database), various Internet applications (web, email) and graphics editing (i.e. GIMP/Photoshop) and other general uses; and assumes you have generous amounts of disk space to use (minimum of 3GB but for full flexibility its advisable to have 5.5GB or more). More leniant partition sizes could be used instead, for a system not intended for such a variety of applications and/or with smaller hard disk(s) (see further on)

if you're trying to cram this into a smaller hard disk, remember this:

3. Directory Structure

per-machine

per-user

(this info needs to be folded into the 'windows-config' document)

4. Booting

BOOT.INI

Assuming your Windows system drive is on the first partition on the primary master hard disk, Windows is by installed in the \WINNT directory (this is Windopws 2000's default; Windows XP defaults to \WINDOWS) and you use an ATA disk controller (replace 'multi' with 'scsi' if you have a SCSI controller), copy this BOOT.INI file to the root directory of the system drive (usually C:\; otherwise known as %SYSTEMROOT%):

5. The Windows Operating System

System Properties -> Hardware -> Device Manager

System Properties -> Advanced -> Performance Options

(these are per-machine settings)

System Properties -> Advanced -> Startup and Recovery

(these are per-machine settings)

Sounds and Multimedia

(these are per-user settings)

Networking

Network Card (hardware)

(these are per-machine settings)

Modem (hardware)

(these are per-machine settings)

Taskbar & Start Menu

Internet Explorer

(presumably these are per-user settings)

These are Internet Explorer (IE) settings (integrated with the operating system from Windows 95c onwards, unless you use 98Lite so as to not install it in the first place). as IE is installed by default and is an integral part of Windows these changes are worth making in case anyone or anything chooses to use IE or its components). We recommend you lock down Internet Explorer as tight as you can and use something like Netscape (or another Gecko-based browser such as Mozilla or K-Meleon) instead. Or, if you do really need to use IE, loosen off those insecure parts of it that you need in browsing and for only those security zones which are apply. It is not advised using IE on the open Internet because of its many security vulnerabilities.

it's probably worth running IERadicator (unless Windows was initially installed Windows using 98Lite) to remove a greater proportion of Internet Explorer (but I haven't used it in a while and need to check what it does and doesn't remove)

'control panel -> Internet Options' or 'Internet Explorer -> Tools -> Options' or right click on Internet Explorer desktop icon and choose Properties

Options for various versions of IE (applicable product version number(s) are in square brackets afterward...
(Win2k comes with IE5.0, WinXP comes with IE6.0)

  • customise toolbar for increased screen real estate:
    right-click on 'Standard Buttons' toolbar -> Customize...

    • Text options -> 'Selective text on right' or 'No text labels' (but this depends on user preference)

    • Icon options -> Small icons (but this depends on user preference)

  • specify an alternate search URL for the 'Search' toolbar button (http://google.com)

    per-machine .REG file setting: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Search Bar"="http://google.com/"
    per-user .REG file setting: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Search Bar"="http://google.com/"

is it worth removing all security certificates that come with the default installation?

Display (settings)

(these are per-user settings (apart from hardware acceleration))

  • Background -> Wallpaper -> (None) (improves performance)

    per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
    "Wallpaper"=""
    logon screen .REG file setting: [HKEY_USERS\.DEFAULT\Control Panel\Desktop]
    "Wallpaper"=""

  • Appearance -> Scheme - Windows Standard (or whatever your preference)

    per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Current]
    "Color Schemes"="Windows Standard"

    (if you need to change the Windows Standard settings, its defined by:
    per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Appearance\Schemes]
    "Windows Standard"=...    )

  • Appearance -> Color - black (or whatever your preference)

    per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Colors]
    "Background"="0 0 0"     (these are RGB values)
    logon screen .REG file setting: [HKEY_USERS\.DEFAULT\Control Panel\Colors]
    "Background"="0 0 0"

  • Effects -> Visual effects -> Use transition effects for menus and tooltips - off

    per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
    ? atleast covered with "UserPreferencesMask"=hex:90,00,00,80

  • Effects -> Visual effects -> Smooth edges of screen fonts - on
    (otherwise known as 'anti-aliasing' - you probably don't want this on if you use image manipulation software (i.e. GIMP, Photoshop). only effective when using high color video modes

    per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
    "FontSmoothing"="2"

  • Control the Font Smoothing Mode - Microsoft ClearType or the standard anti-aliased fonts [xp]

    per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
    "FontSmoothingType"=dword:1/2     (1 = standard, 2 = ClearType)

  • Effects -> Visual effects -> Show icons using all possible colors - on (unless your system isn't up to it)

    per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics]
    "Shell Icon BPP"="16"

  • Effects -> Visual effects -> Show window contents while dragging - off (for performance gain)

    per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
    "DragFullWindows"="0"

  • Web -> View my Active Desktop as a web page - off
    You can possibly ignore this as the 'Web' tab isn't displayed if 'Allow Active Desktop to be turned on/off and/or(?) 'Allow changes to Active Desktop' are turned off

    ? per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "?"=?

  • Settings -> set optimum 'Screen area' (resolution) and 'Colors' settings for you and your video card. (You can also use these settings to affect performance, which is dependant on whether the card is built predominantly for games or general use. checkout page 28 of David L. Farquhar's 'Optimizing Windows (for Games, Graphics and Multimedia)

  • Settings -> Advanced -> Adapter -> Refresh rate - set to the maximum permissable for the monitor and display adaptor so that it doesn't noticeably flicker (and give you brain strain - you want white backgrounds to appear as solid a white as possible). A setting higher than that supported by the monitor can damage it. Too high a rate may affect performance (if unsure, 75Hz is a good balance).

    Unsure if this is safe to change with simply this registry setting yet. [HKEY_CURRENT_CONFIG\System\CurrentControlSet001\SERVICES\pick the display adaptor (i.e. ATI2MTAG, ATIRAGE3, MGA64)\Device0\Mon10000080 (there are other such numbers here too)]
    "DefaultSettings.VRefresh"=dword:00000000

    related to this but the same key doesn't exist there: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pick the display adaptor\Device0\Desktop]

  • Settings -> Advanced -> Color Management - ?

Windows Explorer

(these are per-user settings)

  • View -> Details

    per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\Explorer]
    "?"="?"
    see http://www.annoyances.org/exec/forum/winxp/n1022967830 and http://www.activewin.com/tips/reg/explorer_2.shtml

Automatic Updates

(these are per-machine settings)

  • Turn off Automatic Updates
    Windows 2000: Control Panel -> Automatic Updates -> Keep my computer up to date... - off
    Windows XP: Control Panel -> System -> Automatic Updates -> Keep my computer up to date... - off

    per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
    "AUOptions"=dword:00000001
    "AUState"=dword:00000007
    - DetectionStartTime
    - LastWaitTimeout

    Some of Microsoft's fixes are broken, breaking more than they fix. We recommend checking their web page or subscribing to their mailing list for notification of updates, evaluating then applying those that are critical. Microsoft's patches are being released more frequently; malicious coders are taking advantage of Windows' security flaws much quicker than they once did; and with so many more people connected using the Internet and with high speed connections means malicious software is infecting quicker and more completely than it once did.

    We recommend once you've evaluated certain updates you login as Administrator, turn on Automatic Updates (either manually or using TWEAK) which will offer a list of applicable updates from which you can choose those you trust. You should then disable it again (either manually or using TWEAK). This keeps you in control of the updates and doesn't unexpectedly use bandwidth (though the Background Intelligent Transfer Service is used, which "transfers files in the background using idle network bandwidth"). When Automatic Updates is turned back on after being off, it fortunately defaults to 'Notify me before downloading any updates and notify me again before installing them on my computer'.

    Reference: http://www.jmu.edu/computing/security/info/susinfo.shtml

    We've heard that a list of all software installed on the system running Automatic Updates is sent to Microsoft. We've only heard this from one source and can't now find a reference to even that. Microsoft say no information is sent to them that could identify individuals but this issue could be worth considering.

Power Options

(these are per-machine settings)

  • [this option should be moved elsewhere, its a per-user setting] Screen Saver -> Screen Saver - none (is this the default? a screen saver was once necessary to save the still image burning into the screen, now it just prevents the monitor from ever resting (which is good for it) and (as is common with screen savers that didn't come with the operating system) can crash the system)

  • Control Panel -> Power Options -> Power Schemes -
    for desktop systems and laptops on mains power: 10 mins for the monitor; 20 mins for the hard disk; 30 mins for standby (but test the standby as not all systems will wake up from it); Never for hibernate
    for laptop systems running on batteries: 5 mins for the monitor; 3 mins for the hard disk; 10 mins for standby (but test the standby as not all systems will wake up from it); Never for hibernate
    (requires you to have administrative priviliges to change this)
    http://www.winguides.com/registry/display.php/1106/

  • Control Panel -> Power Options -> Advanced -> Power buttons -> when I press the power button on my computer: standby/sleep or standby
    Tell me if I'm wrong, but you wouldn't want to press the power-off button on the front of the computer whilst Windows is running anyway, with the intention of cutting the power, unless something was wrong (in which case you can press the reset button); let-alone mistakenly pressing the keyboard power-off button and Windows shutting down. Sending the computer to sleep can also be useful in saving energy and in making for a quieter environment (especially if you also have a quiet fan or can set in the BIOS setup to turn the fan off in standby/sleep). However, be aware that many people aren't accustomed to a sleeping computer and can be confused by it, especially if the BIOS settings are such that moving the mouse or pressing keys on the keyboard will not wake it.

  • Control Panel -> Power Options -> Advanced -> Power buttons -> when I press the sleep button on my computer: standby/sleep or standby

  • Control Panel -> Power Options -> Advanced -> Options -> Prompt for password when computer goes off standby
    (atleast with Windwso 2000 SP3 this is on by default)

Folder Options

(these can be configured either per-user or per-machine (by editing the registry directly). possibly, File Types can only be configured by users with high-ish priviliges)

Tools -> Folder Options

  • General -> Web View -> Use Windows classic folders

    per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "WebView"=dword:00000000
    per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "WebView"=dword:00000000

    [? Windows XP] per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "ClassicShell"=dword:00000001
    [? Windows XP] per-machine: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "ClassicShell"=dword:00000001

  • View -> You can make all your folders look the same : Like current folder [2k] / Apply to All Folders [xp] (but be sure the current folder is how you want them all to be! this option is only available if you've launched this dialog from within Windows Explorer)

  • View -> Display compressed files and folders with alternate color - on

    per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "ShowCompColor"=dword:00000001
    ? per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "ShowCompColor"=dword:00000001

  • View -> Display the full path in the address bar - on

    per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState]
    "FullPathAddress"=dword:00000001

    configuration registry setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress or ShowFullPath]

  • View -> Display the full path in title bar - on

    per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState]
    "FullPath"=dword:00000001
    "Settings"=hex:0c,00,02,00,0b,01,06,00,60,00,00,00     (the 0b changes to 0a when its off)

    configuration registry setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress or ShowFullPath]

  • View -> Hidden files and folders -> Show hidden files and folders / Do not show hidden files and folders - depends on whose using the system but we advise to 'Do not show...' (the default) and turn it back on only when you need it when working through a problem or other such fiddling

    per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "Hidden"=dword:00000002
    ? per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "Hidden"=dword:00000002

  • View -> Hide file extensions for known file types - off

    per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "HideFileExt"=dword:00000000
    per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "HideFileExt"=dword:00000000

  • View -> Hide protected operating system files - off (off by default. leave it off unless you know specifically you want it on)

    per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "ShowSuperHidden"=dword:00000000
    per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "ShowSuperHidden"=dword:00000000

  • View -> Launch folder windows in a separate process - off (off by default)

    per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "SeparateProcess"=dword:00000000
    per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
    "SeparateProcess"=dword:00000000

  • View -> Remember each folder's view settings - off

    per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer??????????]
    "???????????"=dword:00000000
    per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer??????????]
    "???????????"=dword:00000000

  • File Types

  • Offline Files -> Enable Offline Files - off

    per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\NetCache]
    "Enabled"=dword:00000000

Desktop Aesthetic and Usability Improvements

(depending on how you use them, these can be either per-user or per-machine settings)
(make these changes when all applications have been installed)

  • organise the Start menu

    • get rid of icons that have been rudely put in prominant places that you don't want there, such as on the same level as the 'Start' button

      • remove the 'Windows Update' icon
        per-machine batch file method: del "%ALLUSERSPROFILE%\Start Menu\Windows Update.LNK"

      • remove the 'Set Program Access and Defaults' icon
        per-machine batch file method: del del "%ALLUSERSPROFILE%\Start Menu\Set Program Access and Defaults.LNK"

      • remove the 'Outlook Express' icon
        per-user batch file method: del "%USERPROFILE%\Start Menu\Programs\Outlook Express.LNK"

      • remove the 'Internet Explorer' icon?
        (we leave this incase there are web sites written to only work with Internet Explorer that people will need to use, but you may want to see it gone altogether)
        per-user batch file method: del "%USERPROFILE%\Start Menu\Programs\Internet Explorer.LNK"

      • remove the 'Windows Catalog' icon [XP Home and XP Pro]
        per-machine batch file method: del "%ALLUSERSPROFILE%\Start Menu\Windows Catalog.LNK"

      • remove the 'MSN Explorer' icon [XP Home]
        per-machine batch file method: del "%ALLUSERSPROFILE%\Start Menu\MSN Explorer.LNK"

    • group 'Programs' into logical sections defined by their subject area

    • when installing programs, if you've chosen the often given hierarchy, of company name then application name, get rid of the company names

    • menu items will be placed by applications in per-user or per-machine sections of the Windows directory structure depending upon the different perspectives of software authors. move them into the one area best for your situation. we prefer per-user, rather than per-machine, icons

  • organise desktop icons

    • remove icons to things that you don't need desktop icons cluttering things up for (useful to make sure they're represented on the Start Menu though)

      • remove the 'Connect to the Internet' icon
        per-user batch file method: del "%USERPROFILE%\Desktop\Connect to the Internet.LNK"

      • remove the 'AOL Double-Click to Start' icon [XP Home]
        per-user batch file method: del "%USERPROFILE%\Desktop\AOL Double-Click to Start.LNK"

      • remove the 'EarthLink Internet 30 Days Free' icon [XP Home]
        per-user batch file method: del "%USERPROFILE%\Desktop\EarthLink Internet 30 Days Free.LNK"

      • remove the 'MSN Explorer' icon [XP Home]
        per-user batch file method: del "%USERPROFILE%\Desktop\MSN Explorer.LNK"

      • removing the Internet Explorer icon has been dealt with elsewhere in this document

    • deal with security permissions

  • organise icons on Quick Launch bar
    some people find it useful to have often used programs on the Quick Launch bar. whether they intend to use the Quick Launch bar or not its best to remove the Outlook Express icon that is placed there, if Outlook Express isn't going to be used, and any other icons that are put there when their applications are installed. Because there exist non-standard pages on the web, designed to only work with Internet Explorer in particular, it can be worth leaving its icon for the rare occasions people need to use that browser to work around a broken page.
    [per user: %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch
    per machine: %ALLUSERSPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch]

    • remove the 'Outlook Express' icon
      per-user batch file method: del "%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Outlook Express.LNK"

    • remove the 'Internet Explorer' icon
      per-user batch file method: del "%USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.LNK"

  • set Quick Launch bar to be on left hand side of the Windows Taskbar, minimised/background applications on the right or even raise the bar up so that background applications are on their own toolbar below

  • show large icons on the Quick Launch bar instead of the default small icons
    right-click on the Quick Launch bar -> View -> Large

  • organise 'Send To'
    for applications that don't automatically do this for themselves, add shortcuts to useful applications or functions in 'SendTo'. (this can be especially useful for WordPad (if you don't have a preferred plain text editor), IrfanView, BinText, your email program, etcetera). Windows 2000 also has what may be a more appropriate 'Open With', but that option isn't available in as many situations as 'Send To'. the easy way to add to 'Send To' is:
    right-click on the program executable -> choose 'Create Shortcut' -> cut and paste the shortcut to %USERPROFILE%\SendTo\ or ...Default User\SendTo\

    remove unnecessary items from the 'Send To' list

  • organise Favorites
    otherwise known as 'bookmarks', these are available from the Start Menu, Windows Explorer and Internet Explorer. They can be useful for making shortcuts to directories / folders on your hard disk as well as web sites (though though they won't be dynamically available to choose from within web browsers other than Internet Explorer).

    • remove user's bookmarks under 'Links' and 'Media' and remove 'Media' altogether - Microsoft have been paid to place these advertisements here - without removing any bookmarks someone may have saved themselves. 'Links' is a special case and can be dealt with using 'Show Links on Favorites menu'

      per-user batch file method:
      del "%USERPROFILE%\Favorites\MSN.url"
      del "%USERPROFILE%\Favorites\Radio Station Guide.url"
      del "%USERPROFILE%\Favorites\Web Events.url"
      del "%USERPROFILE%\Favorites\MSN.com.url"
      del "%USERPROFILE%\Favorites\Links\Customize Links.url"
      del "%USERPROFILE%\Favorites\Links\Free Hotmail.url"
      del "%USERPROFILE%\Favorites\Links\Windows.url"
      del "%USERPROFILE%\Favorites\Links\Windows Media.url"
      del "%USERPROFILE%\Favorites\Media\Bloomberg.url"
      del "%USERPROFILE%\Favorites\Media\Capitol Records.url"
      del "%USERPROFILE%\Favorites\Media\CBS.url"
      del "%USERPROFILE%\Favorites\Media\CNBC Dow Jones Business Video.url"
      del "%USERPROFILE%\Favorites\Media\CNET Today - Technology News.url"
      del "%USERPROFILE%\Favorites\Media\CNN Videoselect.url"
      del "%USERPROFILE%\Favorites\Media\Disney.url"
      del "%USERPROFILE%\Favorites\Media\ESPN Sports.url"
      del "%USERPROFILE%\Favorites\Media\Fox News.url"
      del "%USERPROFILE%\Favorites\Media\Fox Sports.url"
      del "%USERPROFILE%\Favorites\Media\Hollywood Online.url"
      del "%USERPROFILE%\Favorites\Media\Internet Radio Guide.url"
      del "%USERPROFILE%\Favorites\Media\MSNBC.url"
      del "%USERPROFILE%\Favorites\Media\MUSICVIDEOS.COM.url"
      del "%USERPROFILE%\Favorites\Media\NBC VideoSeeker.url"
      del "%USERPROFILE%\Favorites\Media\TV Guide Entertainment Network.url"
      del "%USERPROFILE%\Favorites\Media\Universal Studios Online.url"
      del "%USERPROFILE%\Favorites\Media\Warner Bros. Hip Clips.url"
      del "%USERPROFILE%\Favorites\Media\What's On Now.url"
      del "%USERPROFILE%\Favorites\Media\Windows Media Showcase.url"
      rd "%USERPROFILE%\Favorites\Media"

    • remove, for new users in the future, 'Media' bookmarks that Microsoft have been paid to advertise

      per-machine batch file method:
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\Bloomberg.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\Capitol Records.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\CBS.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\CNBC Dow Jones Business Video.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\CNET Today - Technology News.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\CNN Videoselect.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\Disney.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\ESPN Sports.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\Fox News.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\Fox Sports.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\Hollywood Online.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\Internet Radio Guide.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\MSNBC.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\MUSICVIDEOS.COM.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\NBC VideoSeeker.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\TV Guide Entertainment Network.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\Universal Studios Online.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\Warner Bros. Hip Clips.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\What's On Now.url"
      del "%ALLUSERSPROFILE%\..\Default User\Favorites\Media\Windows Media Showcase.url"
      rd "%ALLUSERSPROFILE%\..\Default User\Favorites\Media"

    • create a 'web' folder to differentiate web page links from shortcuts to directories / folders

      per-user batch file method: md "%USERPROFILE%\Favorites\web"
      pre-configure for all users, batch file method: md "%ALLUSERSPROFILE%\..\Default User\Favorites\web"

  • right-click context sensitive menu

    • plain text editor

    • ?

    • ?

    • ?

    • (this is done with something like...
      HKEY_CLASSES_ROOT\*\
      HKEY_CLASSES_ROOT\filename extension\
      HKEY_CLASSES_ROOT\Applications\program name\

      may need to be backed-up with the following: HKEY_CLASSES_ROOT\Unknown\program name\shell\edit\command\

      and for each there can be settings for:
      shell
      shellex
      OpenWithList

      and:
      shell\Open with
      shell\Open as

  • depending on personal preference, it can be a good idea to name desktop icons by that of the functionality they perform rather than the name of the actual program offering that functionality, as this can be more descriptive to less-aware people and enable the software to change but the desktop remain consistant

Miscellaneous

  • set Regional Settings to your geographical region i.e. English (United Kingdom):
    Start -> Settings -> Control Panel -> Regional Options -> General -> Your locale - set this to the region you want.
    (this setting is made easily whilst installing Windows)

    per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\International]
    "Locale"="00000809"
    but there are other related keys around there too so this is best set whilst installing Windows

  • set keyboard layout for relevant language(s) and remove those you don't need:
    Start -> Settings -> Control Panel -> Regional Options -> Input locales -> Installed input locales.
    (also navigable to using Control Panel -> Keyboard -> Input Locales; and is also presented when manually installing Windows)
    see per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\International]

  • if you use multiple written languages and want to switch easily between them: 'Enable indicator on taskbar', but this does use up some RAM.
    (this setting is made easily whilst installing Windows)

  • disable active scripting (the Windows Scripting Host) (unless you know that you need it)
    the only way we know to disable it is to manually delete its files. (these are per-machine settings)

    • create a quarantined area to put them (%WINDIR%\quarantined)

      batch file command: md %WINDIR%\quarantined

    • Windows File Protection does try to restore these files but you can remove Windows File Protection's copy of the file too

    • Windows Scripting Host (GUI version) (%WINDIR%\SYSTEM32\WSCRIPT.EXE)

      batch file command: move %WINDIR%\SYSTEM32\WSCRIPT.EXE %WINDIR%\quarantined\
      del %windir%\system32\dllcache\WSCRIPT.EXE

    • Windows Scripting Host (command-line version) (%WINDIR%\SYSTEM32\CSCRIPT.EXE)

      batch file command: move %WINDIR%\SYSTEM32\CSCRIPT.EXE %WINDIR%\quarantined\
      del %windir%\system32\dllcache\CSCRIPT.EXE

    • ? Windows Scripting Host runtime library / ActiveX control
      %WINDIR%\System32\WSHOM.OCX

      batch file command: move %WINDIR%\System32\WSHOM.OCX %WINDIR%\quarantined\
      ? del %windir%\system32\dllcache\WSHOM.OCX

    • JScript scripting engine
      NOTE: we used to advise quarantining this but its begun to break the Add/Remove Programs window, causing it to display almost a blank window, losing all its functionality!
      (this file is re-installed by a fresh installation of Internet Explorer or Microsoft Office)
      %WINDIR%\SYSTEM32\JSCRIPT.DLL

      batch file command: move %WINDIR%\SYSTEM32\JSCRIPT.DLL %WINDIR%\quarantined\
      del %windir%\system32\dllcache\JSCRIPT.DLL

    • VBScript scripting engine
      %WINDIR%\SYSTEM32\VBSCRIPT.DLL

      batch file command: move %WINDIR%\SYSTEM32\VBSCRIPT.DLL %WINDIR%\quarantined\
      del %windir%\system32\dllcache\VBSCRIPT.DLL

    • registry settings involved:
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Scripting Host]
      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host]

Add/Remove Programs -> Add/Remove Windows Components

(these are per-machine settings)

these are on by default and can be turned off

  • Indexing Service

  • Internet Explorer (if you know there won't be the occasional web site you'll need to use that is written to only work with Internet Explorer)

  • Outlook Express

  • Windows Media Player (unless you need it for some proprietary Microsoft media formats)

edit %windir%\inf\sysoc.inf, removing all instances of ',hide'
command-line: perl -pi.bak -e 's/,hide//gi' %WINDIR%\inf\sysoc.inf

after editing sysoc.inf, you can then use Add/Remove Windows Components to delete atleast:

  • Accessories and Utilities

    • Accessories

      • Desktop Wallpaper

      • Document Templates

    • Communications

      • Chat

      • Hyper Terminal

      • Phone Dialer

    • Games

      • Pinball

    • Multimedia

      • Sample Sounds

      • Utopia Sound Schemes

  • Indexing Service

  • Outlook Express

TweakUI

(unless otherwise indicated, we believe these are all per-user settings; though some may be disabled depending on Policy settings the administrator has made, we haven't played about with this yet)

Control Panel -> TweakUI
TweakUI (Tweak User Interface) is part of the Microsoft Power Toys collection of utilities for Windows and as such needs to be installed seperately. it is available from http://www.microsoft.com/ntworkstation/downloads/PowerToys/Networking/NTTweakUI.asp or http://www.annoyances.org/exec/show/tweakui

worthwhile settings (currently this deals only with settings worth changing from the default):

  • Mouse

    • Menu speed : fastest is our preferred but play around between fast and slow to find whats best for the intended user - slower will snap out menus slower which can be painful but will also enable them to linger longer which is helpful to some people. the default is so slow as to be annoying

      per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
      "MenuShowDelay"="0"

  • General
    (turn off the fancy interface acrobatics to improve performance/prevent the system focusing any resources on functionally pointless tasks)

    • Combo box animation - off
      also selectable with Display Properties' Use transition effects for menus and tooltips

      per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
      atleast covered with "UserPreferencesMask"=hex:90,00,00,80

    • Cursor shadow - off

      per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
      atleast covered with "UserPreferencesMask"=hex:90,00,00,80

    • List box animation - off
      also selectable with Display Properties' Use transition effects for menus and tooltips

      per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
      atleast covered with "UserPreferencesMask"=hex:90,00,00,80

    • Menu animation - off
      also selectable with Display Properties' Use transition effects for menus and tooltips

      per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
      atleast covered with "UserPreferencesMask"=hex:90,00,00,80

    • Menu fading - off
      also selectable with Display Properties' Use transition effects for menus and tooltips

      per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
      atleast covered with "UserPreferencesMask"=hex:90,00,00,80

    • Menu selection fading
      also selectable with Display Properties' Use transition effects for menus and tooltips

      per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
      atleast covered with "UserPreferencesMask"=hex:90,00,00,80

    • Mouse hot tracking effects - ?

      per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
      atleast covered with "UserPreferencesMask"=hex:90,00,00,80

    • Smooth scrolling - off
      makes the page scroll in annoying jumps, and affects performance. IE has its own specific setting for this

      per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
      "SmoothScroll"=dword:00000000       (or on some versions of Windows: REG_BINARY (00 00 00 00))

    • Tooltip animation - off
      also selectable with Display Properties' Use transition effects for menus and tooltips

      per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
      atleast covered with "UserPreferencesMask"=hex:90,00,00,80

    • Tooltip fade - off
      also selectable with Display Properties' Use transition effects for menus and tooltips

      per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop]
      "UserPreferencesMask"=xx,00,xx,xx (2nd set of digits (28 for scroll effect, 3e for fade))
      atleast covered with "UserPreferencesMask"=hex:90,00,00,80

    • Window animation - off
      (determines Display Properties' Use transition effects for menus and tooltips.
      "Windows 2000 carries on the tradition of earlier Explorer interfaces and adds "extra" animations to show Windows actually being minimized to and maximized from the taskbar. This extra animation was designed to help new users to the interface actually see where their windows are going when minimized. This might be great for a beginner, but most of us cannot stand this slowdown and extra little hit on resources." -'Windows 2000 Reegistry', Nathan Wallace and Anthony Sequeira

      per-user .REG file setting: [HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics]
      "MinAnimate"="0"

  • Explorer

    • Prefix "Shortcut to" on new shortcuts - off

      per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
      "Link"=dword:00000000       (http://www.microsoft.com/mspress/books/sampchap/6232.asp says DWORD, so is that just for XP?
      related per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete]
      "? 'Append Completion' and/or 'AutoSuggest'="no"

      ? [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer]
      "link"=hex:00,00,00,00

    • Save Explorer window settings - off (change the way one view is set and all remember it)

      per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      ? "NoSaveSettings"=dword:00000001 ?
      ? per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      ? "NoSaveSettings"=dword:00000001 ?

  • Cmd

    • Filename completion : Tab

      per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
      "CompletionChar"=dword:00000009
      per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
      "CompletionChar"=dword:00000009

    • Directory completion : Tab

      per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
      "PathCompletionChar"=dword:00000009
      per-machine: [HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
      "PathCompletionChar"=dword:00000009

  • IE

    • Allow Active Desktop to be turned on/off - off
      (remove the 'Active Desktop' option from the desktop context sensitive menu so that there's less chance it'll ever be turned on. or, presumably, this is the same as saying 'Disable Active Desktop')

      per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "NoActiveDesktop"=dword:00000001
      per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "NoActiveDesktop"=dword:00000001

    • Allow changes to Active Desktop - off
      (meaningless if 'Allow Active Desktop to be turned on/off' is off, otherwise prevent previously set Active Desktop options from being changed)

      per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "NoActiveDesktopChanges"=hex:01,00,00,00
      ? per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "NoActiveDesktopChanges"=hex:01,00,00,00

    • Clear document, run, typed-URL history on exit - depends on personal preference and/or security policy

    • Shell enhancements - on/off - IE integration. turn the feature off to save resources (atleast saves a little RAM) but some of it may be useful to people; on modern systems we leave this on.
      This setting enables or disables Active Desktop, Web View, folder customization, the Quick Launch bar, the ability to right-click the taskbar - the Quick Launch bar and taskbar right-clicking are useful, the rest aren't.

    • Show Links on Favorites menu - off

      there is no registry method for removing Links. so, rather than delete the Links directory (which still leaves Links on the Favorites menu) we make the directory hidden, which is also compatible with TweakUI as this is what TweakUI does
      batch file method: attrib +h "%USERPROFILE%\Favorites\Links"

  • New
    these are types of document that will appear in the list when the right-mouse button is clicked and you choose 'New', too many of them can be counter-productive so remove those you're unlikely to use

  • Paranoia

    • Clear Last User at logon - on
      Whether or not you use this depends upon your security policy. If are turning on Logon -> Logon automatically at system startup - though this may not apply with Windows 2000

      per-user .REG file setting: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
      "DontDisplayLastUserName"=dword:00000001
      ? per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "DontDisplayLastUserName"=dword:00000001

    • play data CDs automatically - off
      turns off CD or DVD Auto Insert Notification. Prevents Windows from constantly polling the drive to see if a disc has been inserted (which consumes resources) and if it has, it follows the commands, if present, in the file \AUTORUN.INF, which invariably loads an application setup program (but could also load malicious code, making this a large security risk with unknown discs). With this disabled, you'll have to run setup programs manually, using something like Start -> Run -> Browse... and looking for the setup program (often SETUP.EXE if its the kind of program that uses AIN) on the disc drive:

      per-machine .REG file setting: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cdrom]
      "Autorun"=dword:00000000
      ? per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      ? "CDRAutoRun"=dword:00000001

      ? per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      ? "CDRAutoRun"=dword:00000001

      per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "NoDriveTypeAutoRun"=hex:b5,00,00,00

      per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "NoDriveTypeAutoRun"=hex:b5,00,00,00

      it may be better to improve this even more, see http://snakefoot.fateback.com/tweak/windows/tips.html#AUTORUN

    • play audio CDs automatically - off (prevent Windows wasting resources by constantly polling the CD drive)
      ? per-machine .REG file setting: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cdrom]
      ? "Autorun"=dword:00000000

      ? per-machine .REG file setting: HKEY_CLASSES_ROOT\AudioCD\shell\play\
      ? (Default)="&Play"

  • Logon

    • (these aren't available to Restricted Users (and maybe not to others either, haven't tested it yet))

    • Log on automatically at system startup - can be useful, but obviously totally insecure

      per-machine .REG file setting: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "AutoAdminLogon"="0"

  • My Computer

    • ('Restricted' user's don't see the 'My Computer' tab)

    • in a multi-partitioned system, such as we recommend, it can be useful to not show users the drives by default so we hide partitions C:, D: and E:, leaving just F:, to make the interface simpler for some people:
      My Computer -> Drives -> remove the check-mark from drives C:, D: and E:

      per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "NoDrives"=hex:1c,00,00,00
      per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      Internet Explorer (and presumably Windows Explorer, etc?) checks both HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER for restrictions. The browser first checks HKEY_LOCAL_MACHINE. If it finds the restriction there, it does not check HKEY_CURRENT_USER for the restriction. Typically, you use HKEY_CURRENT_USER for restrictions.

      Uses a 32-bit word to define local and network drive visibility for each logical drive in the computer. The lower 26 bits of the 32-bit word correspond to drive letters A through Z. Drives are visible when set to 0 and hidden when set to 1. this number is then converted to hex.
      You can instead just use the formula A=1, B=2, C=4, D=8, E=16, etc, add them together and convert to hex. For example to hide C:, D: and E: the value would be 4+8+16=28, which is 1c,00,00,00 in hex

    • Special Folders -> Program Files ->

      • d:\programs (for example, if using multiple partitions for different functions; replace d: with the drive letter of your PROGRAMS partition if it differs. Use c:\programs if using one partition) (if you're following this logically, this setting was made near the beginning)

        per-machine .REG file setting: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
        "ProgramFilesDir"="D:\\programs"

Thin Out Critical Directories For Performance Gain

  • move *.htm from %windir% to %windir%\docs or delete altogether

  • move *.bmp from %windir% to %windir%\wallpaper or delete altogether (Windows2000 has BMPs in %WINDIR% and %WINDIR%\SYSTEM32

  • move *.gif from %windir% to %windir%\web\wallpaper or delete altogether

  • delete *.scr (screen savers) from %WINDIR%\SYSTEM32

More stuff to delete

  • %windir%\Web\Wallpaper\*.jpg

  • %windir%\Web\Wallpaper\*.bmp [XP]

Additional changes to make Windows XP's user interface that of Windows 'Classic'

  • Start -> Settings -> Control Panel -> Display Properties -> Themes -> Windows Classic
    (unloading the Luna theme also frees up about 5MB of memory)

    per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ThemeManager]
    "ThemeActive"="0"

    delete "ColorName", "DllName", "LastUserLangID", "SizeName"

  • taskbar & start menu -> hide inactive icons - off

    per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
    "EnableAutoTray"=dword:00000000
    ? per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer]
    "EnableAutoTray"=dword:00000000

  • taskbar & start menu -> classic start menu

    per-user .REG file setting covered by: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
    "ShellState"=hex:"24,00,00,00,30,28,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,0d,00,00,00,00,00,00,00,00,00,00,00"

    to set this setting and remove the ability in the user interface to change it: per-user .REG file setting: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoSimpleStartMenu"=dword:00000001
    per-machine .REG file setting: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoSimpleStartMenu"=dword:00000001

  • taskbar & start menu -> Show Quick Launch

    per-user .REG file setting covered by: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
    "ShellState"=:

  • disable the Windows XP logon welcome screen:
    Start -> Control Panel -> User Accounts -> Change the way users log on or off -> Use the Welcome screen - off
    this also disables the 'Fast User Switching' option

    per-machine .REG file setting: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon]
    "LogonType"=dword:00000000

  • (haven't read this yet but it may have something to add: http://www.theeldergeek.com/windows_classic_start_menu.htm and http://members.aol.com/axcel216/xp1.htm

6. Disaster Prevention

  • Make an Emergency Recovery Disk
    Start -> Programs -> Accessories -> System Tools -> Backup -> Emergency Repair Disk -> (its useful to 'Also backup the registry to the repair directory...') -> OK
    (or just run 'ntbackup')
    write the date on the disk; update the disk with fresh copies whenever you install system updates, install software and other such changes

  • Backup system state data (if you have room for it)
    Start -> Programs -> Accessories -> System Tools -> Backup -> ... ?
    (or just run 'ntbackup')

  • Install the Recovery Console as a startup option
    from the \i386 directory on the Windows 2000/XP installation CD type 'winnt32 /cmdcons'

7. Further Windows Housekeeping

This doesn't need to be followed on a default installation

  • clean out ghost devices in device manager whilst in safe mode

  • keep an eye on JavaScript left in the browser cache, these can be huge programs, some of which could be malicious, perhaps left there to be run in future

  • use the Windows Desktop to store shortcuts (to programs, data, directories, drives, etc), rather than the actual item

  • you may need to change the 'organisation name' and 'your name'(?) of the system:

    per-machine .REG file setting: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization...

8. Clearing Out Unnecessary Files To Make Space And Increase Performance

This doesn't need to be followed on a default installation

  • to make space

    feel happy to delete these files other than those with question marks beside them (unless you know more than we do you might be better off waiting till we can confirm these as deletable or not)

    • %windir%\*.~mp

    • any file with numeric extension from %windir%

    • Windows needs system.dat, user.dat, system.ini and win.ini but files with the same names yet differing extensions can be deleted

    • %windir%\*.scr and %WINDIR%\SYSTEM32\*.scr - screen savers. they can contain malicious code

    • *.tmp

    • ~*.* (probably)

    • *.bak

    • %windir%\*.txt

    • .old

    • da0 - last known good copy of Windows registry?

    • \config.???  - any of them other than config.sys

    • \autoexec.??? - any of them other than autoexec.bat

    • \bootlog.prv

    • *.gid

    • C:\Documents and Settings\All Users\Documents\DrWatson\drwtsn32.log and user.dmp

    these directories hold temporary information that can all be deleted unless anyone has inadvertantly stored files there they wouldn't want to lose:

    • system temp

    • user temp: %temp%

    • \documents and settings\%username%\Local Settings\temp

    • \documents and settings\%username%\Local Settings\temporary internet files or wherever you've moved it to (best deleted with Internet Explorer's General -> Temporary Internet files -> Delete Files)

  • to increase performance

    • anything unnecessary in \

    • anything unnecessary in %WINDIR%

9. Functionality That Can Be Removed From Windows If You Don't Use It

This doesn't need to be followed on a default installation

(dont delete the directories, just the files)

  • %WINDIR%\*.hlp (other applications might put further things such as ATI putting %WINDIR%\SYSTEM32\ATMxxxXX.HLP where xxx is a spoken language reference)

  • \%WINDIR%\fonts\ - just those that neither you nor Windows uses

  • \%WINDIR%\help\

  • \%WINDIR%\media\ - audio files

10. Still to add to this document

  • modem - Windows 95, 98, Me, NT4, 2000 registry settings tuned for PPP rather than the default tuning for ethernet:
    the maximum packet size that can be transferred over a network without fragmentation. The Internet "standard" for MTU is 576, however most ISP's use MTU's larger than this. The Windows 95 default setting for MTU is 1500, which is the LAN standard. If a packet is sent across a network that has an MTU smaller than the size of the packet, fragmentation will occur. This will reduce data throughput, as fragments need to be reassembled. If you connect to a remote site there is a reasonable chance that your data go through a router with an MTU of 576. Note: After installation of the Dial-Up Networking 1.3 upgrade the MTU size will be automatically set to 576 for dial-up connections. MSS = Maximum Segment Size of TCP data. MSS = MTU - 40. The 40 bytes is the size of header and trailer information of one packet. RWIN = Reveive Window, the size of the buffer that is filled before the received data is acknowledged. Usually RWIN is set to 4 times MSS
    MaxMTU software: http://www.mjs.u-net.com/mtuspeed.htm

  • modem - MTU (Maximum Transmission Unit), per-machine .REG file setting: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Net\xxxx\TCP/IP\DriverDesc MaxMTU = 1500 [String Value] this is the default, even when they key isn't set, optimized for ethernet (LAN/WAN, xDSL, cable, satellite modems), not analog modems
    (If you are experiencing problems such as your browser stopping in the middle of a page, an MTU value of 576 might fix the problem)
    DUN 1.3 automatically adjusts the IP packet (MaxMTU ) size for dial-up connections depending on the connection speed. The setting toggles between small (576) for Dial-Up connections and large (1500) for LAN connections. One can also manually set the MTU size under the advanced properties for the Dial-Up Adapter. Select IP Packet Size and set to small (576), medium (1000) or large (1500)

  • modem - RWIN (TCP Receive WINdow), per-machine .REG file setting: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP DefaultRcvWindow = 2144 [String Value]

  • modem - maximum MSS (Maxmum Segment Size)

  • modem - default TTL

  • on a laptop, save resources by disabling:
    InfraRed system tray icon
    the beeping to indicate PCMCIA card insertion and removal
    the power management indicator for mains or battery power (you can set Windows to still warn when power is low) (this battery indicator may have been what on one system was taking upto 20% CPU cycles whilst at idle)

  • in each area, enable logging, except where it contravenes personal privacy: FAULTLOG.TXT; Dial-up Networking; anti-virus

  • new document layout:
    The technical summary of what the setting/change does
    The non-technical summary of what the setting/change does
    Why set the setting or make the change (security, performance, usability)
    Windows 95
    Menu sequence to make it happen
    And/or respective registry setting / INI file setting to make it happen

    Windows 98
     Menu sequence to make it happen
     And/or respective registry setting / INI file setting to make it happen

    Windows 2000 Pro
     Menu sequence to make it happen
     And/or respective registry setting / INI file setting to make it happen

    Windows XP (Home / Pro?)
     Menu sequence to make it happen
     And/or respective registry setting / INI file setting to make it happen

    Windows 2003
     Menu sequence to make it happen
     And/or respective registry setting / INI file setting to make it happen

  • Network/Identification

  • Network/Access Control

  • ICC profile

  • does System Monitor save its open windows to a file that we can save and offer for download?

  • display properties - small fonts (so that web pages aren't distorted compared to what their designer intended. and instead how should people change the font size?)

  • SYSTEM.INI: [386enh] COM1FIFO=1 gets put in by fax software

  • configure 'mail recipient' - this should point to your preferred mail client

  • Create a %PROGRAMFILES%\utils\ directory for putting various utility programs in that you want easy access to that don't have installers.
    command-line or batch method: md "%PROGRAMFILES%\utils\"

    Add it to the path.
    GUI method: System Properties -> Advanced -> Environment Variables -> System variables -> Path
    command-line or batch method: regfree -MachineEnvPathAdd "%programfiles%\utils" (you'll need to get hold of regfree first)
    registry value: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment, "Path" (its easier to set this using regfree than from the command-line or batch file)

  • read this: http://www.sohointer.net/howto/tweak_tcp.htm

  • though its advised to use the Windows Desktop to store shortcuts (to programs, data, directories, drives, etc), rather than the actual item, you can make a workaround for people who aren't aware of this and will store large files on the Desktop and it potentially fill up the WINDOWS partition (C:) by:

    for multi-user systems (this will need to be set for each user seperately):
    - create a F:\%username%\desktop directory
    - Start -> Settings -> Control Panel -> TweakUI -> My Computer -> Special Folders -> Desktop -> and set it to F:\'username'\Desktop

  • when making drive mappings from Windows 98 to Windows shares, to save Windows checking at boot and complaining loudly if the shares aren't available, it can just display them as if they were connected and check when you try to use them: client for Microsoft networks -> Properties -> network logon options -> Quick logon. Windows 2000 doesn't have an equivalent, if it can't find its shares it generally just depicts them with a red cross instead of complaining, yet there are times when it too complains...

  • Windows 2000 and XP (and probably NT) saves the values from Control Panel -> Internet Options -> Connections -> Dialup Settings in the registry as follows:

    turn on autodial: HKCU/software/microsoft/windows/currentversion/internet settings/enableautodial

    dial only when there is no connection vs always autodial: HKCU/software/microsoft/windows/currentversion/internet settings/NoNetAutodial

  • Scheduled Tasks / Task Scheduler / Maintenance Wizard - scheduled tasks to complete various automated functions

    • delete obsolete temporary files using Disk Cleanup
      Start -> Programs -> Accessories -> System Tools -> Disk Cleanup or run cleanmgr.exe

    • defragment all hard disks

    • perhaps update anti-virus definition files if its more convenient to do it with this one scheduler rather than also using the scheduler that comes with the anti-virus software

  • section on checking correct hardware installed - make sure correct monitor and video adaptor are recognised
    (Control Panel -> System -> Hardware -> Device Manager - Monitors)

  • security - disable password caching. per-machine .REG file setting: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\DisablePwdCaching =1 [DWORD] (and its HKLM counterpart) and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network (and its HKLM counterpart) and delete all .PWL files (tho this might be annoying for some people and not worth it if their security isn't important enough to warrant it)

  • security - further points for increased security in very security conscious environments... hide away all parts of Windows considered unnecessary in daily life that could potentially be used maliciously: FORMAT.COM, FDISK.COM, DEBUG.EXE. there are many more points to this topic

  • security - clear page file at shutdown, for security reasons
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
    "ClearPageFileAtShutdown"=dword:1

  • security policies -
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
    NoChangingWallPaper
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
    NoHTMLWallPaper
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    ClearRecentDocsOnExit
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    ForceStartMenuLogOff
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    ForceStartMenuLogOff
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    Intellimenus
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    Intellimenus
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoActiveDesktop
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoActiveDesktop
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoActiveDesktopChanges
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoActiveDesktopChanges
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoDriveTypeAutoRun
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoDriveTypeAutoRun
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoFavoritesMenu
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoFavoritesMenu
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoInternetIcon
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoInternetIcon
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoNetHood
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoNetHood
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoRecentDocsHistory
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoRecentDocsHistory
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoRecentDocsMenu
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoRecentDocsMenu
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoSMHelp
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoSMHelp
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoSMMyDocs
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    NoSMMyDocs
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    NoDispScrSavPage

  • Hide keyboard navigation indicators until I use the ALT key

    • hide: Effects -> Visual effects -> Hide keyboard navigation indicators until I use the ALT key - off
      per-user: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "NoChangeKeyboardNavigationIndicators"=dword:00000001
      per-machine: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "NoChangeKeyboardNavigationIndicators"=dword:00000001

  • [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "ExcludeProfileDirs"="Local Settings;Temporary Internet Files;History;Temp"

  • NotifyDownloadComplete
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "NotifyDownloadComplete"="no"

  • NT's Internet auto dial needs 'remote access auto connection manager'

  • "you can tailor NT's paging behavior to improve performance by having it not page the kernel or device drivers to disk. (The swapping of those particular items to disk accounts for the most severe bottleneck in paging performance, and the occasional conflict from an "awakening" driver, too.)
    In the registry, go to
    HKLM\System\Current\ControlSet\Control\Session Manager\Memory Management
    There is a type REG-DWORD entry there named "DisablePagingExecutive". The default value is "0" (zero). Set it to "1" (one) to prohibit kernel and driver paging. The setting can make a big difference on some systems"

  • http://fox2k.net/2ktweaks/enhancing_performance_with_2_disks.htm
    http://captivatingcreations.com/win2k.html
    http://www.captivatingcreations.com/win2k2.html

  • http://www.winguides.com/registry/display.php/1202/

  • http://www.winguides.com/registry/display.php/291/

  • if you're using 'Log on automatically at system startup' then the registry settings that pertain to this are:
    Add a new string value named 'DefaultUserName' and set it to the username you wish to automatically logon as
    Add a new string value named 'DefaultPassword' and set this to the password for the user entered above
    Add a new string value named 'DefaultDomainName' and set this to the domain of the user. Ignore this value if not participating in NT Domain security
    Add a new string value named 'AutoAdminLogon' and set it to '1'

  • pre-configure useful regedit Favorites
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\Favorites]
    "Programs that run at system startup (HKLM\Run)"="My Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
    "Programs that run at system startup (HKLM\RunOnce)"="My Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce"
    "Programs that run at system startup (HKLM\RunServices)"="My Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices"
    "Programs that run at system startup (HKLM\RunServicesOnce)"="My Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce"
    "Programs that run when I login (HKCU\Run)"="My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
    "Programs that run when I login (HKCU\RunOnce)"="My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"

  • various dial-up networking options, for dial-up, LAN, ISDN etcetera (incl 'close this connection when it may not be needed')

  • potentially useful registry settings:
    Show_FullURL
    Show_StatusBar
    Show_URLinStatusBar
    ShowGoButton
    SmoothScroll

  • alter a workstation's maximum concurrent user value to allow more than ten users at one time:
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\