Search A-Z index Help
University of Cambridge Home Physics Dept Home Mike Roses' Home Page TCM Group Home

My favourite Windows reg hacks for managing client windoes computer

reg hacks done using regedt32, testing, then regexlorer to generate the reg hacking files

All for samba running a windows domain to manage users and computers, but how do we reboot the computers to get the startup script to work?

Windows Machine hacks - run by script on startup

Define the startup script (on samba server, e.g. windows_startup.bat in NETLOGON share) for windows computers

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0]
"FileSysPath"="C:\\WINDOWS\\System32\\GroupPolicy\\Machine"
"GPO-ID"="LocalGPO"
"GPOName"="Local Group Policy"
"SOM-ID"="Local"
"DisplayName"="Local Group Policy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0]
"ExecTime"=hex(11):00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Parameters"=""
"Script"="\\\\SERVER_COMPUTER\\netlogon\\scripts\\windows_startup.bat"

The Registry Settings

Windows Automatic updates on

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]
"RescheduleWaitTimeEnabled"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000004
"AUOptions"=dword:00000004
"NoAutoUpdate"=dword:00000000
"RescheduleWaitTime"=dword:00000014

disable Windows XP tour

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Applets\Tour]
"RunCount"=dword:00000000

DNS search list of suffixes

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient]
"SearchList"="domain.com,domain.ac.uk,ac.uk"

Remove Logon Banner

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"LegalNoticeText"=-
"LegalNoticeCaption"=-

Windows Time Client (NTP)

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient]
"ResolvePeerBackoffMaxTimes"=dword:00000007
"ResolvePeerBackoffMinutes"=dword:0000000F
"SpecialPollInterval"=dword:00000E10
"CrossSiteSyncFlags"=dword:00000002
"Enabled"=dword:00000001
"EventLogFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32time\Parameters]
"Type"="NTP"
"NtpServer"="ntp-servername.domain.ac.uk"
The script (e.g. windwos_startup.bat) is something like:
regedit /s \\$SERVER\netlogon\scripts\windows_machine_reg_hacks\dns_search_list_suffixes.reg

regedit /s \\$SERVER\netlogon\scripts\windows_machine_reg_hacks\remove_logon_banner.reg

regedit /s \\$SERVER\netlogon\scripts\windows_machine_reg_hacks\auto_updates.reg

regedit /s \\$SERVER\netlogon\scripts\windows_machine_reg_hacks\windows_time_client.reg

regedit /s \\$SERVER\netlogon\scripts\windows_machine_reg_hacks\disable_xp_tour.reg

regedit /s \\$SERVER\netlogon\scripts\windows_machine_reg_hacks\firewall_adjustments.reg

Windows User hacks - run by windows logon script

Delete internet explorer cache on logout

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
"Persistent"=dword:00000000

Desktop Cleanup Wizard Off

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]
"NoRun"=dword:00000001

Folder Redirection. network paths (\\server\profiles\userID\folder) are done as HEX stuff - easiest is to type in paths with regedt32 and use reg explorer to generate .reg files

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"=hex(2):Hex stuff
"AppData"=hex(2):Hex stuff
"My Pictures"=hex(2):Hex stuff

Internet Explorer Autoconfig Proxy (if using a webcache)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"="http://domain/your_prox_config.pac"
"ProxyServer"=-
"ProxyOverride"=-
"ProxyEnable"=dword:00000000

Enabling the user registry settings script

Run a reg script (e.g. startup_script.reg) on each client computer:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0]
"FileSysPath"="C:\\WINDOWS\\System32\\GroupPolicy\\Machine"
"GPO-ID"="LocalGPO"
"GPOName"="Local Group Policy"
"SOM-ID"="Local"
"DisplayName"="Local Group Policy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup\0\0]
"ExecTime"=hex(11):00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"Parameters"=""
"Script"="\\\\$SERVER.$DOMAIN\\netlogon\\scripts\\windows_startup.bat"