Lazy post – Here’s some fun windows registry keys

Reading time: 10 – 17 minutes

These are just some of the keys listed on my Registry PDF that you can get from my site, http://www.rhwiii.info

System Settings

Notes:  The settings here apply to system-wide configurations.  These settings are all applied to computers, not users.

 

Registered Owner

Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion

Value Name: RegisteredOwner

Value Type: REG_SZ

Set To: New Owner’s Name

Notes: This key controls the Owner’s name in the system tab of control panel, and in any programs that reads this data.  This has little to no effect in Windows, it’s merely a cosmetic change.

 

 

Explorer Settings

Notes:  All the settings here work with explorer.  They should not be used for a sole means of security, as they do not remove the rights to perform actions.  They merely remove the ability to do an action via Explorer.

 

Disable Desktop Right Click

Key: (HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value Name: NoViewContextMenu

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 Default)

Notes: Use this to disable right click context menu on the desktop.

Show Windows Version On Desktop

Key: HKCU\Control Panel\Desktop

Value Name: PaintDesktopVersion

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 Default)

Notes: Displays the current Windows version on top of the desktop wallpaper.

Disable Shutdown

Key: (HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value Name: NoClose

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 Default)

Notes: Removes the shutdown option from the start menu.  This should be used with removal the shutdown system right.  This key does not prevent the user from turning off the computer, it only removes the shutdown button from the start menu.

Disallow These Programs From Running (1)

Key: (HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value Name: DisallowRun

Value Type: REG_DWORD

Set To: 1

Notes: This enables disallow run.  Any programs later added to the DisallowRun subkey will not be ran from explorer.  Programs can still be ran by other means, and they can be renamed to bypass this.

 

 

Disallow These Programs From Running (2)

Key: (HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

Value Name: 1+

Value Type: REG_SZ

Set To: Application’s Name

Notes: This is the container for the DisallowRun.  Each program should be placed in the DisallowRun key. The first program’s value should be called 1. And if the program was, for example, cmd.exe, then the string value should be cmd.exe. Renaming files will bypass this.

Allow ONLY These Programs To Run (1)

Key: (HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value Name: RestrictRun

Value Type: REG_DWORD

Set To: 1

Notes: This enables RestrictRun.  This is like Disallow Run, but explorer will only run programs listed in this key.  Make sure you enable regedit for your account, or have some other means to reverse this. This is Opt-In security.
Allow ONLY These Programs To Run (2)

Key: (HKCU|HKLM)\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun

Value Name: 1+

Value Type: REG_SZ

Set To: Application’s Name

Notes: This is the container for the Restrict Run.  Each program should be placed in the Restrict Run key. The first program’s value should be called 1. And if the program was, for example, cmd.exe, then the string value should be cmd.exe. Renaming files will bypass this.   

 

Shell Folders

Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Value Name: Various

Value Type: REG_SZ

Set To: New Path

Notes: This key contains different paths to special folders for the user, such as desktop, CD Burning, Programs, Start Menu and the like.  I personally like to use NTFS Junctions rather then change the folder location, since some programs write to the default location without checking for the correct value.

 

 

Application Specific

Notes:  The settings here are for the listed applications only.  These can be used to set options on all computers on a network remotely, or to lock in settings by disabling the write permission to the key.

 

Application: Notepad

 

Set Font (Notepad)

Key: HKCU\Software\Microsoft\Notepad

Value Name: lfFaceName

Value Type: REG_SZ

Set To: Font name (For example: Lucida Console)

Notes: Sets the default font used in notepad.

 

 

Italics (Notepad)

Key: HKCU\Software\Microsoft\Notepad

Value Name: lfItalic

Value Type: REG_DWORD

Set To: 0 to disable, 1 to enable (default is 0)

Notes: Sets the italics for notepad.

Font Size (Notepad)

Key: HKCU\Software\Microsoft\Notepad

Value Name: iPointSize

Value Type: REG_DWORD

Set To: Desired font size.

Notes: This setting controls the font size.  The value should be 10x the desired size.  For example, to set a font of size 24, then enter a decimal value of 240.

Window Size (Notepad)

Key: HKCU\Software\Microsoft\Notepad

Value Name: iWindowPosDX & iWindowPosDY

Value Type: REG_DWORD

Set To: Desired Window Size

Notes: Change these two values to control the default size of notepad when opened.

Internet Explorer

Notes:  These settings control security for internet explorer.  After setting them, you may wish to remove full control of the key from non-administrators.

 

Disable ability to close browser (Internet Explorer)

Key: (HKCU|HKLM)\Software\Policies\Microsoft\Internet Explorer\Restrictions

Value Name: NoBrowserClose

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 by default)

Notes: When the user presses the close button, or tries to close view the file menu, the action is denied with a message stating “The operation has been canceled due to restrictions in effect on this computer. Please contact your system administrator”  IE can still be closed by killing the process.  If this restriction is in place on a user account, and IE is ran under the context of a different user, the first user can not kill the process of the second user.  This allows internet explorer to be always active in kiosk computers.

Remove Favorites

Key: (HKCU|HKLM)\Software\Policies\Microsoft\Internet Explorer\Restrictions

Value Name: NoFavorites

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 by default)

Notes: Removes the Favorites menu from Internet Explorer.

Disable Context Menu (Right Click)

Key: (HKCU|HKLM)\Software\Policies\Microsoft\Internet Explorer\Restrictions

Value Name: NoBrowserContextMenu

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 by default)

Notes: Removes the ability to right click in IE

Remove File -> Open Menu

Key: (HKCU|HKLM)Software\Policies\Microsoft\Internet Explorer\Restrictions

Value Name: NoFileOpen

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 by default)

Notes: Removes the File -> Open that can be used to launch other programs.  Helps keep a cleaner look in a Kiosk machine, but NTFS permissions should still be used to limit what programs the end user may run.

Remove File -> Save As Menu

Key: (HKCU|HKLM)Software\Policies\Microsoft\Internet Explorer\Restrictions

Value Name: NoBrowserSaveAs

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 by default)

Notes: Removes the File -> Save As that can be used to launch other programs.  Helps keep a cleaner look in a Kiosk machine, but NTFS permissions should still be used to limit what programs the end user may run.

Remove Address Bar

Key: HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions

Value Name: NoAddressBar

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 by default)

Notes: By removing the address bar, and disabling Explorer, you can use a single HTML page as the computers interface on a kiosk machine.

Automatic Update Settings

Notes:  These settings allow the user to fine-tune how Automatic Updates run on a system.  Most of these settings can be set via Group Policy using default templates shipped in 2K and 2K3.

 

Automatic Updates

Key: HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

Value Name: NoAutoUpdate

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 by default)

Notes: This is the key to DISABLE auto updates. So setting it to 1 enables disable automatic updates. In other words, set it to 1 to turn off automatic updates.

Automatic Updates – Options

Key: HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

Value Name: AUOptions

Value Type: REG_DWORD

Set To: 2, 3, 4, 5

Notes: These options control if it downloads the updates on it’s own, or if it just tells the user when downloads are out.  It also controls if the service will install the updates, or prompt the user to install them later. 2 will tell you when there are updates to download. 3 will download them automatically, and ask for an install.  4 will fully automate the process, but may not finish the installs till you reboot.  To use 4, you must have ScheduledInstallDay and ScheduledInstallTime set.  5 forces automatic updates to be enabled, but allows the end users to configure it.

 

 

Automatic Updates – Install Options

Key: HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

Value Name: ScheduledInstallDay

Value Type: REG_DWORD

Set To: 0~7

Notes: Controls on what day the updates will be installed.  0 is daily, while 1~7 is a set day of the week, Sunday to Saturday.

Automatic Updates – Install Options 2

Key: HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

Value Name: ScheduledInstallTime

Value Type: REG_DWORD

Set To: 0~23

Notes: Controls at what time Windows will install the updates, in 24 hour format.

 

Automatic Updates – Auto Reboot When Logged On

Key: HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU

Value Name: NoAutoRebootWithLoggedOnUsers

Value Type: REG_DWORD

Set To: 0  or 1

Notes: Controls if Windows will automatically reboot when a user is logged on.  Setting to 1 will prompt the user to reboot, while setting to 0 will cause Automatic Updates to notify the user that the computer will reboot. Default time till reboot is five (5) minutes.

TCP\IP Settings in Windows 2003

Notes:  These settings are based off of Windows 2003. Some may apply to 2K and XP, and a few keys may work on 9x based systems.  But these are primarily aimed for Windows 2K3 servers.  All keys listed here can be found inside the paper “Microsoft Windows Server 2003 TCP/IP Implementation Details”, listed in the references section of this paper.

Allow Raw Sockets For Users (Windows 2003)

Key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Value Name: AllowUserRawAccess

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 by default)

Notes: By default, only Administrators can access raw sockets on a Windows 2003 system.  Setting this value to 1 allows raw-socket usage for all users.

Arp Cache Keep Alive

Key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Value Name: ArpCacheLife

Value Type: REG_DWORD

Set To: 0 to 0xFFFFFFFF (4,294,967,295 Decimal)

Notes: Controls the time, in seconds, that an entry stays within the ARP cache.  Without this key, defaults are two minutes for unused entries, and ten minutes for used entries.

Data Base Path

Key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Value Name: DatabasePath

Value Type: REG_EXPAND_SZ

Set To: Path to files. (Default: %SystemRoot%\system32\drivers\etc)

Notes: This controls the path to TCP\IP’s database files, Hosts, Lmhosts, Network, Protocols, Services.  Sometimes changed by malware to bypass restrictions on the hosts file.

Default Time To Live

Key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Value Name: DefaultTTL

Value Type: REG_DWORD

Set To: 0~0xFF (0~255 Decimal, 128 Default)

Notes: Adjusts the TTL of outgoing IP packets.  Raising TTL can cause larger broadcast storms if routing loops are formed in network topology.

Disable Offloading to Network Card

Key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Value Name: DisableTaskOffload

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 by default)

Notes: Allows functions in the TCP\IP stack to be performed by the hardware in the network card.  Disabling this will cause greater load onto the CPU as the system must handle all functions.  This is used for troubleshooting only.

Enable Detect Dead Gateway

Key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Value Name: EnableDeadGWDetect

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (1 by default)

Notes: This causes TCP to detect if the main gateway has went down, and will switch to any secondary gateways configured in TCP\IP properties.

Enable Multicast Forwarding

Key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Value Name: EnableMulticastForwarding

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (0 by default)

Notes: This controls if the computer will forward Multicasts across other networks.  This is only used when the computer is running as a Routing and Remote Access Server (RRAS). 

Enable Path MTU Discovery

Key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Value Name: EnablePMTUDetect

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (1 by default)

Notes: Controls if windows will try to discover the Maximum Transmission Unit (MTU) over the path to a remote host.  If the MTU used is larger then what is supported, then the packet will become fragmented in transport.  Fragmentation can cause network congestion and excess load on networking devices as they assemble the packets back into whole units of data.

Syn Attack Protection

Key: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Value Name: SynAttackProtect

Value Type: REG_DWORD

Set To: 1 to enable, 0 to disable (1 by default on Windows 2K3 with SP1, 0 by default on 2K3 with SP0)

Notes: Enables the SYN attack protection in SYN-ACK floods.  Please see the Windows 2003 TCP\IP Implementation in the References section for more information.  It is recommended that it is set to 1 on all SP0 configurations, if SP1 can not be installed for some reason.

This entry was posted in Computers and networking, Microsoft Windows. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>