Win2K FAT-to-NTFS Conversion Permission Problem
I suspect that many of you are installing and testing Windows 2000 (Win2K) on systems with FAT boot partitions. When you’re confident that the Win2K system is running properly, you can change the FAT partition to NTFS with the Convert utility. However, be aware that Win2K’s Convert utility doesn’t properly apply default NTFS file permissions. Check out Microsoft Support Online article Q237399 for two Secedit commands you can run to apply the default permissions for Windows 2000 Professional (Win2K Pro) and Windows 2000 Server (Win2K Server).
Disabling the Windows Logo Key
Administrators commonly disable browsing on public terminals by defining a system policy that revokes user access to Windows Explorer, the Run command, and the Find command. But even after you’ve removed Explorer, users can access disabled features using shortcuts with the Microsoft Windows logo key (e.g., logo key+E). Here’s a quick script you can use with the Microsoft Windows NT Server 4.0 Resource Kit utility regini.exe to disable the right and left Windows logo keys and lock down your public or high-security systems.
Create a file with an .ini extension, enter the commands below, and run the script by entering its full name (e.g., nologoskey.ini) at a command prompt. You must reboot the system to disable the Windows logo keys. Of course, you can also make these modifications manually with a Registry editor and reboot.
Scancode Map = REG_BINARY 24 \
0x00000000 0x00000000 3 \
0xE05B0000 0xE05C0000 \
See Microsoft Support Online article Q181348 for an explanation of the binary values that appear in the script. The article states that if you encounter problems, you can delete the Registry key this script creates (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\KeyboardLayout\Scancode Map) with a Registry editor running locally or over the network. If you delete the key, you need to reboot the system to restore access to the Windows logos keys.
Automatic Logon in Win2K and NT 4.0
When you’re debugging code such as a device driver that takes down a system, you’ll appreciate knowing how to enable an automatic system logon. The Registry’s Winlogon key contains many entries that control how the logon process works. Two of these entries let you set up a system for automatic logon after a system restart or a logoff so that you can use the extra time to focus on cleaning up your code. Go to the following Registry key:
Enter a valid account name in the DefaultUserName (type REG_SZ) entry and the password for the account in the DefaultPassword (type REG_SZ) entry. If either entry doesn’t appear in the Winlogon key, create it with a Registry editor.
If you forget to enter a DefaultPassword, the OS automatically changes the AutoAdminLogon key value from 1 (true) to 0 (false), which disables the AutoAdminLogon feature. If the AutoAdminLogon entry disappears, you can recreate it manually—it has a data type of REG_SZ . A value of 1 enables AutoAdminLogon and a value of 0 disables the feature. Reboot the system to activate the changes.
When automatic logon is enabled and you want to log on to the system as a different user, hold down the Shift key after logging off or restarting and you’ll see the regular logon dialog box—a technique that works with Windows NT 4.0 and Windows 2000 (Win2K). Keep in mind that if you configure a system for automatic logon, anyone can restart the system and log on, so making this change exposes a potential security vulnerability. See Microsoft Support Online article Q97597 for details.
Keeping RAS Connections Active After Logoff
The KeepRasConnections value entry in the Registry’s Winlogon key controls whether RAS maintains active connections after a user logs off. If you want your dial-up or VPN connections to remain live, go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, add the value entry KeepRasConnections: REG_SZ: 1, and reboot. This entry doesn’t typically appear in the Winlogon key; you must create it with a Registry editor. See Microsoft Online Article Q158909 for more information.