Windows XP and 2000 Tips & Tricks UPDATE, June 23, 2003, —brought to you by the Windows & .NET Magazine Network and the Windows 2000 FAQ site
http://www.windowsitpro.com


This Issue Sponsored By

NetIQ
http://www.netiq.com/f/form/form.asp?id=2258&origin=NSWinnetmag_tipstrcks_NSWinNetMag062303

Windows Scripting Solutions
http://www.winscriptingsolutions.com/rd.cfm?code=fsep263xup


1. Commentary

2. FAQs

  • Q. How can I remove the Manage context-menu option for My Computer in Windows 2000?
  • Q. How can I change the label name that Windows Explorer displays for a removable drive in Windows 2000 or later?
  • Q. How can I enable advanced file-system and sharing security for a Windows XP machine in a workgroup?
  • Q. What's causing my Windows XP Service Pack 1 (SP1) machine to ignore the connection order of my wireless networking devices and connect to an Access Point (AP) that broadcasts its Service Set Identifier (SSID)?
  • Q. How can I prevent Windows XP from reminding me to enter Microsoft .NET Passport details?

3. Announcements

  • Guide to Securing Your Web Site For Business
  • New Active Directory Web Seminar!

4. Event

  • Storage Road Show Event Archived!

5. Contact Us

  • See this section for a list of ways to contact us.

Sponsor: NetIQ

CIO eBook for Managing and Securing the Enterprise - Need in-depth best practices for systems and security management? Register now for the FREE ebook, "From Chaos to Control: The CIO's Executive Guide to Managing and Securing the Enterprise," brought to you by NetIQ and Realtimepublishers.com. Topics covered include: Top 10 Corporate Manageability Policies; Top 10 Overlooked Vulnerabilities; Top 10 Corporate Security Breaches. Take your enterprise systems and applications from chaos to control now.
http://www.netiq.com/f/form/form.asp?id=2258&origin=NSWinnetmag_tipstrcks_NSWinNetMag062303


1. Commentary
by John Savill, FAQ Editor, jsavill@winnetmag.com

This week, I tell you how to remove the Manage context-menu option for My Computer in Windows 2000, how to change the label name that Windows Explorer displays for a removable drive in Win2K and later, and how to enable advanced file-system and sharing security in an XP workgroup. I also explain what causes XP to ignore the wireless networking connection order and how to prevent XP from reminding you to enter Microsoft .NET Passport details.

Around the industry this week, Winternals has released ERD Commander 2003, which is available at http://www.winternals.com. The new version has a host of new features that I'll discuss in next week's UPDATE. GFI Software has launched GFI FAXmaker for Exchange 10, the latest version of its market-leading fax connector for Microsoft Exchange Server. Version 10 lets network users send Short Message Service (SMS) messages from their desktop. More information about GFI FAXmaker is available at http://www.gfi.com.


Sponsor: Windows Scripting Solutions

Windows Scripting Solutions for the Systems Administrator
You may not be a programmer, but that doesn't mean you can't learn to create and deploy timesaving, problem-solving scripts. Discover Windows Scripting Solutions, the monthly print publication that helps you tackle common problems and automate everyday tasks with simple tools, tricks, and scripts. Try a sample issue today at:
http://www.winscriptingsolutions.com/rd.cfm?code=fsep263xup


2. FAQs

Q. How can I remove the Manage context-menu option for My Computer in Windows 2000?

A. By default, when you right-click My Computer, you'll see a Manage option on the context menu. Selecting this option starts the Microsoft Management Console (MMC) Computer Management snap-in. If you don't want the OS to display this option, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).
  2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer registry subkey.
  3. From the Edit menu, select New, DWORD Value.
  4. Enter the name NoManageMyComputerVerb, then press Enter.
  5. Double-click the new value, then set it to 1.
  6. Log off and log back on for the change to take effect.

Even after you remove the Manage option from the My Computer context menu, you can still use the Administrative Tools folder under the Start menu to access the Computer Management snap-in.

Q. How can I change the label name that Windows Explorer displays for a removable drive in Windows 2000 or later?

A. In the FAQ titled "How can I change the icon for drive letters?", I explained how to modify the icons for drives that appear in Windows Explorer. To change the description that appears for removable drives when no media is present in the drive, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).
  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer registry subkey.
  3. From the Edit menu, select New, Key, then enter the name DriveIcons.
  4. Select the new key; from the Edit menu, select New, Key; then enter the drive name (e.g., B).
  5. Select the created key; from the Edit menu, select New, Key; then enter the name DefaultLabel.
  6. Navigate to DefaultLabel, then double-click the (default) value.
  7. Enter the text you want to appear for the drive, then click OK.
  8. Close the registry editor.
  9. Restart the computer for the change to take effect.

The figure below shows an example label for the B drive with and without media present in the drive. Notice at the top of the figure that the B drive is labeled ZIP250 Drive but the disk label changes to DATA when I insert a disk, as shown at the bottom of the figure.

The registry file that I created for this example is

Windows Registry Editor Version 5.00

\[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\B\]

\[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\B\DefaultIcon\]
@="%systemroot%\\system32\\shell32.dll,189"

\[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\B\DefaultLabel\]
@="ZIP250 Drive"

You can use this registry setting only on removable media drives. If you attempt to change the label for a fixed drive (e.g., the C drive), the new setting won't have any effect because the physical drive has a volume label in the registry that overrides the disk label setting.

Q. How can I enable advanced file-system and sharing security for a Windows XP machine in a workgroup?

A. When an XP machine belongs to a domain with shared resources, a Security tab appears on the Properties dialog box for the file, folder, or share. You can use this tab to assign advanced sharing permissions. However, this tab is missing for XP machines that belong to a workgroup.

A new feature in XP effectively logs all remote logons in a workgroup as Guest, regardless of the account and password credentials that the remote computer passes. (This approach avoids the need for different machines in a workgroup to replicate local accounts, which is the method Windows 2000 uses to enable transparent sharing.) XP locks down the Everyone group (of which Guest belongs) permissions, which cuts down on the security problems that existed in Win2K as a result of enabling the Guest account. Because all machines in a workgroup are effectively Guest connections, the advanced security features aren't very useful, which is why Microsoft disabled them in XP.

If you want to enable advanced file-system and sharing security, you must disable the ForceGuest registry setting by performing the following steps:

  1. Start a registry editor (e.g., regedit.exe).
  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa registry subkey.
  3. Double-click forceguest, set it to 0, then click OK.
  4. Restart the computer for the change to take effect.

If you disable the Guest account but enable the ForceGuest setting, remote connections will fail, regardless of what username and password the user passes in--even if these credentials are valid.

Q. What's causing my Windows XP Service Pack 1 (SP1) machine to ignore the connection order of my wireless networking devices and connect to an Access Point (AP) that broadcasts its Service Set Identifier (SSID)?

A. For computers connecting to multiple wireless networks, you can use XP's Preferred Network list to establish an order in which the computer will connect to those networks. Each wireless AP can optionally broadcast its SSID, which identifies the network name. Many security guides advise you to turn off the SSID broadcast because hackers can use this information to see your network.

Imagine that you want to connect to a wireless network in XP's Preferred Network list that isn't broadcasting its SSID. If you're in a location serviced by that network as well as another network that does publish its SSID but is lower down on the Preferred Network list, XP will connect to the SSID-broadcasting network instead of the network that isn't broadcasting. Microsoft says this behavior is by design and that all APs should publish their SSIDs, despite what many manufactures advise. Currently no workaround exists to overcome this behavior.

Q. How can I prevent Windows XP from reminding me to enter Microsoft .NET Passport details?

A. After you install XP, the OS prompts you to enter a Microsoft .NET Passport account to enable access to certain Internet communication features. To turn off this reminder, perform the following steps:

  1. Start a registry editor (e.g., regedit.exe).
  2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\MessengerService registry subkey.
  3. If the PassportBalloon registry value doesn't already exist, go to the Edit menu; select New, Binary Value; enter a name of PassportBalloon; then press Enter.
  4. Double-click the PassportBalloon value, set it to 0A 00 00 00, then click OK.
  5. Close the registry editor.

3. Announcements
(from Windows & .NET Magazine and its partners)

  • Guide to Securing Your Web Site For Business

  • Download VeriSign's new whitepaper, "Guide to Securing Your Web Site For Business," and discover the practical business benefits of securing your Web site. You'll also learn more about the innovative processes and technologies VeriSign uses to address Internet security issues. Download your free copy now!
    http://www.verisign.com/resources/gd/secureBusiness/index.html

  • New Active Directory Web Seminar!

  • Discover how to securely managing Active Directory in a multiforest environment, establish attribute-level auditing without affecting AD performance, enhance secure permission management with “Roles," and more! There’s no charge for this event but space is limited--register today!
    http://www.winnetmag.com/seminars/securead/

    4. Event
    (brought to you by Windows & .NET Magazine)

  • Storage Road Show Event Archived!

  • Couldn’t make the HP & Microsoft Network Storage Solutions Road Show? View the taped event archives from your Web browser!
    http://www.winnetmag.com/roadshows/nas

    Sponsored Link

  • FaxBack Integrate FAX into Exchange/Outlook (Whitepaper, ROI, Trial)

  • http://www.faxback.com/w2ksponorlink

    5. Contact Us
    Here's how to reach us with your comments and questions:

    This weekly email newsletter is brought to you by Windows & .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.winnetmag.com/sub.cfm?code=wswi201x1z

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email