Restrict searches for new drivers
The check boxes under "Restrict searches for new drivers" lets you configure the location that Windows searches for drivers when a new piece of hardware is found. By default, Windows searches the following places for drivers: local installation, floppy drives, CD-ROM drives, Windows Update.
Using this setting, you may remove any or all of these from the search algorithm.
Disable Command Prompt
Here you can choose to disable the command prompt, and additional disable command scripts.
Prevents users from running the interactive command prompt, Cmd.exe. This setting also determines whether batch files (.cmd and .bat) can run on the computer.
If you enable this setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action.
Note: Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Terminal Services.
Enable Autoplay for all
The "Enable Autoplay for all" check box lets you enable Autoplay for all drives.
Autoplay is set by default to "Enabled" one the following drive-types:
Removable drives
Fixed drives
CD-ROM drives
RAM disks
To customize AutoPlay settings, open "My Computer", right-click the drive you want to customize, select "Properties" from the context menu, and click "AutoPlay".
Disable Windows Automatic Updates
The "Disable Windows Automatic Updates" check box lets you prohibit Windows from searching for updates (on-line).
Whenever a user connects to the Internet, Windows searches for updates available for the software and hardware on their computer and automatically downloads them. This happens in the background and the user is prompted when downloaded components are ready to be installed, or prior to downloading, depending on their configuration.
Disable Task Manager
The "Disable Task Manager" check box lets you prevent users from starting Task Manager (Taskmgr.exe). If this setting is enabled and users try to start Task Manager, a message appears explaining that a policy prevents the action.
Task Manager lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers, including system services; find the executable names of programs; and change the priority of the process in which programs run.
Disable System Restore Configuration
The "Disable System Restore Configuration" check box lets you disable the System Restore Configuration interface to prevent users from modifying System Restore settings, or from turning this feature on or off for the system and non-system drives.
Disable registry editing tools
The "Disable registry editing tools" check box lets you disable the Windows registry editors, Regedit.exe and Regedt32.exe.
If this setting is enabled and the user tries to start a registry editor, a message appears explaining that a setting prevents the action.
Switch on Num Lock at system start
The "Switch on Num Lock at system start" check box lets you control the state of the "Num Lock" on system start.
Note: This is a system wide setting, and changing it requires administrative privileges.
Disable NTFS last access time
The "Disable NTFS last access time" check box lets you disable the last access time recorded when using the NTFS file system. When using NTFS, Windows records the last access time for each directory. Disable this to improve hard disk performance.
Note:
This is a system wide setting, and changing it requires administrative privileges.
Disable changing of file associations
Setting "Disable changing of file associations" will prevent users from changing the file associations (i.e. which program opens which file type). This is a system wide setting. For a "per user" setting, use "Disable changing of file associations" located under "Explorer > Explorer Settings".
Remove My Computer from Desktop and Start Menu
Setting "Remove My Computer from Desktop and Start Menu" removes "My Computer" from the Desktop & the Windows Start menu.
Disable Windows Key
Setting "Disable Windows Key" will disable the "Windows" key on your keyboard. The Windows Key is a function key found between the Ctrl and Alt keys on a Windows enhanced keyboard. You can identify it by the Windows flag printed on it.
Note: This is a system wide setting, so it will affect all users on the system!
System & Security > Task Scheduler
Disable Advanced Properties
The "Disable Advanced Properties" check box lets you prevent users from viewing or changing the properties of newly created tasks. This setting removes the "Open advanced
properties for this task when I click Finish" item from the last page of the Scheduled Task Wizard.
This setting prevents users from viewing and changing task characteristics, such as the program the task runs, details of its schedule, idle time and power management settings, and its security context. It is designed to simplify task creation for beginning users.
Tip: This setting affects newly created tasks only. To prevent users from changing the properties of existing tasks, use the "Disable Task Properties" setting.
Disable Task Properties
The "Disable Task Properties" check box lets you prevent users from viewing and changing the properties of an existing task. This setting removes the "Properties" item from the "File" menu in Scheduled Tasks and from the context menu that appears when you right-click a task. As a result, users cannot change any properties of a task. They can only see the properties that appear in Detail view and in the task preview.
This setting prevents users from viewing and changing characteristics such as the program the task runs, its schedule details, idle time and power management settings, and its security context.
Tip: This setting affects existing tasks only. To
prevent users from changing the properties of newly created tasks, use the "Disable Advanced Properties" setting.
Disable Run and End Task
The "Disable Run and End Task" check box lets you prevent users from starting and stopping tasks manually. This setting removes the "Run" and "End Task" items from the context menu that appears when you right-click a task. As a result, users cannot start tasks manually or force tasks to end before they are finished.
Disable Drag-and-Drop
The "Disable Drag-and-Drop" check box lets you prevent users from adding or removing tasks by moving or copying programs in the Scheduled Tasks folder.
This setting disables the "Cut", "Copy", "Paste", and "Paste shortcut" items on the context menu and the "Edit" menu in Scheduled Tasks. It also disables the drag-and-drop features of the Scheduled Tasks folder.
As a result, users cannot add new scheduled tasks by dragging, moving, or copying a document or program into the Scheduled tasks folder.
This setting does not prevent users from using other methods to create new tasks, and it does not prevent users from deleting tasks.
Disable New Task Creation
The "Disable New Task Creation" check box lets you prevent users from creating new tasks. This setting removes the "Add Scheduled Task" item that starts the "New
Task" wizard. Also, the system does not respond when users try to move, paste, or drag programs or documents into the Scheduled Tasks folder.
Important: This setting does not prevent administrators of a computer from using At.exe to create new tasks or prevent administrators from submitting tasks from remote computers.
Note:
Changing this setting requires a logoff.
Disable Task Deletion
The "Disable Task Deletion" check box lets you prevent users from deleting tasks from the Scheduled Tasks folder. This setting removes the "Delete" command from the "Edit" menu in the Scheduled Tasks folder and from the menu that appears when you right-click a task. Also, the system does not respond when users try to cut or drag a task from the Scheduled Tasks folder.
Important: This setting does not prevent administrators of a computer from using At.exe to delete tasks.
System & Security > Uninstall of Windows components
Allow uninstall of Windows components
Windows includes a number of applications that can't be uninstalled via "Add or Remove Programs", but by using TT-XP you can add a number of these to the "Add or Remove Programs" applet in Control Panel (under "Add/Remove Windows Components")
If you are not sure what a certain application does, I suggest you leave it installed!
Here's a short description:
COM+
Provides support for developing and deploying distributed, component-based applications.
Distributed Transaction Coordinator
Coordinates distributed transactions between multiple clients, servers, and resource managers.
Windows Automatic Updates
Automatically searches for updates for your system, and download them in the background.
Windows Messenger
Microsoft's Messenger Client.
Communications
Listed under "Accessories and Utilities > Communications". Includes "Chat", "Hyper Terminal", and "Phone Dialer".
Multimedia
Listed under "Accessories and Utilities > Multimedia". Includes "Media Player", "Sound Recorder", and "Volume Control".
Accessibility Wizard
Listed under "Accessories and Utilities > Accessibility Wizard". Provide tools to meet vision, hearing, and mobility needs.
Pinball
Listed under "Accessories and Utilities > Games".
WordPad
Listed under "Accessories and Utilities > Accessories".
Disable Messenger
The "Disable Messenger" check box lets you disable Windows Messenger. If you enable this setting, Windows Messenger will not run.
Note I: There will be no warning when trying to run Messenger, the program just won't start.
Note II:
If you enable this setting, Remote Assistance also cannot use Windows Messenger.
Disable Auto Start
The "Disable Auto Start" check box lets you stop Windows Messenger from loading automatically when a user logs on.
Windows Messenger is automatically loaded and running when a user logs on to a Windows XP computer. You can use this setting to stop Windows Messenger from automatically being run at logon.
Note: This setting simply prevents Windows Messenger from running initially. If the user invokes and uses Windows Messenger from that point on, Windows Messenger will be loaded.
Uninstall Messenger
The "Uninstall Messenger" button will do just that, it will uninstall Windows Messenger from your system.
If you want to reinstall Messenger, after uninstalling it, go to the Windows Update Web site, and download/install the latest version of Windows Messenger. You can find a link to Windows Update by going to "Start > All Programs".
System & Security > Run allowed applications only
Here you can limit the Windows programs that users have permission to run on the computer.
If you enable this setting, users can only run programs that you add to the list of "Allowed applications".
This setting only prevents users from running programs that are started by the Windows Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt, Cmd.exe, this setting does not prevent them from starting programs in the command window that they are not permitted to start by using Windows Explorer.
Note:
Changing this setting requires a logoff.
System & Security > Restrict specified applications
Here you can prevent Windows from running programs on the computer.
If you enable this setting, users cannot run programs that you add to the list of "Disabled applications".
This setting only prevents users from running programs that are started by the Windows Explorer process. It does not prevent users from running programs, such as Task Manager, that are started by the system process or by other processes. Also, if you permit users to gain access to the command prompt, Cmd.exe, this setting does not prevent them from starting programs in the command window that they are not permitted to start by using Windows Explorer.
Note:
Changing this setting requires a logoff.
Please note
that for most of the settings here you will need administrative privileges to
change them.
Restrict CD-ROM to local logged-on user
The "Restrict CD-ROM to local logged-on user" check box lets you restrict access to the CD-ROM only to the local user.
Note:
Changing this setting requires a logoff.
Restrict floppy to local logged-on user
The "Restrict floppy to local logged-on user" check box lets you restrict access to the floppy drive only to the local user.
Note:
Changing this setting requires a logoff.
Clear pagefile on shutdown
The "Clear pagefile on shutdown" check box lets you clear the Windows pagefile when you shut down Windows. Normally it would be possible that sensitive information is saved in the pagefile, which can be accessed by other users of the computer.
Note: This setting can add a significant amount of time to the total time needed to shut down Windows, since every "page" of the pagefile has to be cleared (overwritten).
Don't allow shutdown without log on
The "Don't allow shutdown without log on" check box lets you prevent unauthorized users from shutting down Windows XP from the logon screen.
Disable 'Invite' for remote assistance
The "Disable 'Invite' for remote assistance" check box lets you disable the ability to send an invitation for help via "Remote Assistance".
"Remote Assistance" can be started from the "Help and Support" shortcut on the Windows XP Start menu.
Classic Logon
The "Classic Logon" check box lets you enable the "Classic Logon", where you are presented with a logon box where users have to type their Username and Password (as in Windows 2000).
Parse Autoexec.bat at logon
The "Parse Autoexec.bat at logon" check box lets you enable Windows to scan the Autoexec.bat file for SET commands and variables. These will be set in the user's environment.
Un check a user to remove their name from the Windows XP Welcome screen. Check to add a user to the Welcome screen.
Note: A user can still log on, even if his account is removed from the Welcome screen. To disable a user's account permanently, go to the "User Accounts" applet in Control Panel.
Logon automatically at system startup
To logon automatically when the system starts, check the "Log on automatically as system start up" check box. Enter your details in the "User name" and "Domain" sections, and set your password by clicking the "Set Password" button.
Note I: If you are not a member of a domain, leave the default value in place.
Note II: If your user account has not been assigned a password, leave the "Autologon Password" (which you get to by pressing the "Set password" button) blank. If you want to set a password on your account, open "Control Panel", and select "User Accounts".
Show unread mail on Welcome screen
The "Show unread mail on Welcome screen" check box lets you show unread mail on the Welcome screen for your account. If selected you can also set the number of days after which Windows will consider your mail read, even if it is still unread.
Note I: Currently only Outlook & Outlook Express are capable of updating the unread mail "count" on the Welcome Screen.
Note II: If you have multiple email accounts, this feature will "break", meaning no unread mail count will be displayed. It's a matter of debate if this happens as soon as you have 2 email accounts, or if you have 3 or more. For me it "breaks" as soon as I add a 2nd account.
You can choose to have your "Show unread mail on Welcome screen" preferences applied to only the current account, or as a system wide setting, where it will apply to all users on the system.
Keep RAS connections alive when switching users
The "Keep RAS connections alive when switching users" check box will enable you to switch users while keeping the current RAS connection "alive".
System & Security > System Performance
Enable Core System Performance
The "Enable Core System Performance" check box lets you keep the Windows XP core system in memory and not paged to disk.
Note: Should only be used when you have 512MB or more RAM available.
Optimize Memory usage for...
The "Optimize Memory usage for" radio buttons let you choose to optimize your system for either "Programs" or "System cache". By default, Windows is set to allocate a greater share of memory for running
programs.
Note: Changing this setting requires a restart.
Optimize CPU usage for...
The "Optimize CPU usage for" radio buttons let you choose to optimize your system for either "Programs" or "Background services". By default, Windows is set to allocate a greater share of CPU time to run your programs.
Enable boot defrag
The "Enable boot defrag" check box lets you select to optimize the boot process for faster booting by defragging the boot files.
Disable 8.3 Name Creation (NTFS)
The "Disable 8.3 Name Creation" check box lets you disable the creation of 8.3 (8 characters for the name and 3 characters for the extension) names for NTFS files, to speed up NTFS performance.
System & Security > DNS Settings
Positive / Negative DNS Cache Time
Windows XP includes a cache where responses to queries of DNS (Domain Name System) servers are stored on the local machine. The local cache is there so that local clients don't need to query the DNS servers for the same addresses. This has a slight speed advantage, and also reduces network traffic, when you would want to (re)use an address that is already in the cache.
The length of time for which entries (negative or positive) are stored in the cache depends on settings in the Windows registry. By default, positive responses (meaning there was a "match" for the name queried) are stored for 14,400 minutes (1 day). Negative responses are stored for 300 seconds (5 minutes) by default.
The reason you might want to change the time that positive responses are cached for is this: in the 'old' days on the Internet, DNS entries were updated only twice a day, but today, most ISP's and domain name registrars have set their TTL (Time To Live) set to 4 hours, so entries could change faster than before.
Note: Changing this setting requires you to flush the DNS cache
Make DNS Cache Resolver more secure
By default, Windows XP's DNS resolver accepts responses even from servers it did not query. This could present a possible security liability, as an unauthorized DNS server might pass along invalid resource records to misdirect DNS queries.
Checking "Make DNS Cache Resolver more secure" will add an entry to the registry that will prevent this.
Flush DNS Cache
Flushes Windows XP's DNS Cache, similar to giving the command ipconfig /flushdns at the command prompt.
If you adjust the Positive and/or Negative Cache Time, you'll need to flush Windows XP's DNS cache for the changes to take effect.