Sourceforge description ======================= Sourceforge information: Project Descriptive Name: TWEAK for Windows Project UNIX Name: tweak Project Description: Tweaks the Windows 2000 user interface and system; configures applications; manages icons, file permissions and associations, applying such changes in convenient chunks, for better performance, usability and security Registration Description: The Windows Environment and Application Konfigurator (TWEAK) Windows' default configuration can be much improved upon in terms of performance, usability and security. Configuring Windows and software applications can be time consuming, especially if you manage a lot of computers. This program tweaks the Windows user interface and system configuration; configures applications; and manages icons, file permissions and associations by making automated changes to the Windows registry and file system, in accordance with our document on Configuring Windows 2000 for Performance, Usability and Security (http://thegoldenear.org/toolbox/windows/docs/windows/win-nt-config.html), applying settings in convenient chunks defined by subject and context. The major features included in the software: - Windows configuration - Application configuration - Icon management - Backup and recovery - Driver configuration - file and directory permissions (ACLs) for mail-server The Windows configuration section in particular includes these options: - System file cleanup - remove, re-organise and quarantine files - Create new system directory structure on D:,E:,F: - Configure Windows to use new directory structure on D:,E:,F: - Configure general Windows system and interface on this machine - Replace %SYSTEMDRIVE%\BOOT.INI (assumes ATA/IDE HDD, Windows on partition 1!) - per-machine manual settings we haven't been able to automate yet - Clean up current user's file and directory structure - Create a new directory structure for current user on D:,E:,F: - Configure current user's Windows system to use D:,E:,F: - Configure current user's Windows interface - Configure current user's Internet Explorer interface and security - per-user manual settings we haven't been able to automate yet Among the many items we want to add, important ones are increasing Windows' security and adding full Windows XP compatibility. Perl syntax =========== Use \Q and \E to backslash all nonalphanumeric characters between them. i.e. perl -pi.bak -e "s/\Q$ENV{TEMP}\E/PUT_USER_TEMP_LOCATION_HERE/gi" but note the potential problem doing this in Windows XP Home Reg.exe syntax ============== [-HKEY_CLASSES_ROOT\.abc] key .abc will be removed and [HKEY_CLASSES_ROOT\.abcd\Test] "Testing"=- value Testing will be removed but not the key ------------------------------ different syntax when using inserting an environment variable into the registry, rather than the translated variable, with REG ADD, where from the command-line E:\%"USERNAME"%\WINNT would work, from within a batch file it inserts E:\\WINNT into the registry, so you have to use E:\%%USERNAME%%\WINNT rem for more extreme security, remove the ability to change the feature either way rem (requires a reboot) reg add HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU /v NoAutoUpdate /t REG_DWORD /d 00000001 /f reg add HK /v /t REG_ /d /f ------------------------------ "Entrée REG_SZ"="Bla bla bla" "Entrée REG_DWORD"=dword:00000040 "Entrée REG_BINARY"=hex:01,00,01,00 "Entrée REG_EXPAND_SZ"=hex(2):30,31,32,33,00 "Entrée REG_MULTI_SZ"=hex(7):30,31,32,33,00,00,00 hex(2) - REG_EXPAND_SZ hex(7) - REG_MULTI_SZ ------------------------------ It appears the only difference between .reg version 4 and version 5 files are the header: 'Windows Registry Editor Version 5.0' and 'REGEDIT4' and that version 4 is saved in ANSI, version 5 in Unicode. Presumably Windows 2000 will import version 4 'if exist' syntax ================= in some cases have to put ( and ) within "" if use them within an 'if ... ( ...' statement see win config's 'O' for example of both having to and not having to, but "" isn't the right character to escape a ( as it works but it prints the "" to the screen Setting file type associations - various notes ============================================== for information on setting file types, including resetting .bat, .exe, etc: http://personal.cfw.com/~tkprit/ui/re_types.html the RK's associate wipes out any open/view/etc present that you don't define the RK's associate should instead use a syntax like this, tho it doesn't add the "" around the program name; note that it adds the %1 itself, but again not within "" 'associate .doc ""%PROGRAMFILES%\Openoffice\program\soffice.exe" -o" /f' the RK book doesn't even describe Associate 0.2 - 11 April 2003 - changed all OpenOffice types to use new syntax - an original has options for open, new, print, etcetera and uses this syntax: "C:\programs\Openoffice\program\soffice.exe" -o "%1" with -n for new, -o for open, etcetera - %1 is applied without us specifying it. if you want the -o you have to add it with "" but it still doesn't come out looking like ...exe" -o "%1" - this method doesn't put a title in either Notes: - If an audio editor is installed, such as Audacity or Cool Edit, they should take .WAV - Leave images to load in IrfanView even if image editing software is installed - Quark files may want to load in the PageMaker Quark converter associated registry settings: User Key: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] Value Name: NoFileassociate Data Type: REG_DWORD (DWORD Value) Value Data: (0 = buttons enabled, 1 = buttons disabled) http://www.ultratech-llc.com/kb/asp/fileview.asp?file=/kb/assoc.txt http://www.xs4all.nl/~wstudios/Associate/ - but its a GUI tool HKEY_LOCAL_MACHINE\SOFTWARE\Classes - global file type associations HKEY_CURRENT_USER\SOFTWARE\Classes take precedence in the event of a duplication The user interface (UI) still points to the global settings in the HKEY_LOCAL_MACHINE\SOFTWARE\Classes Cannot Run Applications after Making File Association - http://support.microsoft.com/?KBID=163017 The setting of an application overrides the settings specified for the file type. File type and class settings are valid for all users of the workstation, the association between extension and application are only valid for the current user. The associations are stored in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts and the applications themselves are stored in the key HKEY_CLASSES_ROOT\Applications. Windows stores the extension in its registry in the key HKEY_CLASSES_ROOT\.extension, creates a file type and stores it with description, selected program and optional icon in the key HKEY_CLASSES_ROOT\GeneratedFileTypeName. From now on it tries to use this program when handling files with this extension. Setting System Environment Variables ==================================== use either: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v "PML" /t REG_EXPAND_SZ /d "\\mail-server\mail\distribution-lists" /f setx PML "\\mail-server\mail\distribution-lists" -m Setting ACLs / permissions ========================== We use SIDs to reference groups, such as: Administrators group: S-1-1-0 Everyone: S-1-1-0 See the list at: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q243330 where the mail ACLs are set using: SetACL -on "E:\mail" -ot file -rec cont_obj -actn ace -ace "n:S-1-5-32-544;p:full;s:y;m:grant;w:dacl" they could alternatively be set using: cacls "\mail" /e /g administrator:F cacls "\mail\*.*" /t /e /g administrator:F) and so: SetACL -on "E:\mail" -ot file -rec cont_obj -actn ace -ace "n:S-1-1-0;s:y;p:write;m:set;w:dacl" xcacls "E:\mail" /e /p everyone:W xcacls "E:\mail\*.*" /t /e /p everyone:W) SetACL -on "E:\mail\%user%" -ot file -rec cont_obj -actn ace -ace "n:%user%;p:full;m:set;w:dacl" xcacls "E:\mail\%user%" /e /g %user%:F) xcacls "E:\mail\%user%\*.*" /e /g %user%:F) Syntax for menu options when setting file type associations =========================================================== rem menu options translator: rem O__ - Ofice suite rem W__ - web rem I__ - image rem T__ - plain text rem A__ - audio rem V__ - video rem P__ - PDF/PS rem _O_ - Open (double-click) rem _E_ - Edit (right-click and edit) rem _P_ - Print (right-click and print) rem __O - OpenOffice rem __F - Firebird rem __M - Mozilla rem __I - IrfanView rem __N - NoteTab rem __Z - Zinf rem __V - VideoLan rem __G - GIMP rem __GS - Ghostscript rem __AU - Audacity rem __MO - Microsoft Office rem __AR - Acrobat Reader rem __AW - Acrobat rem __AA - Adobe Audition rem files can Open in one program and Edit in another. We use the icon for the Opening program unzip32 syntax ============== - '-o': overwrite without prompting; -d: extract to this directory - unzip32 can't use -v for verbocity as it then says its ignoring the -d. is this a bug? - unzip32 replaces \ with / but it still works - unzip32 can't use "" around file and directory name after -d as it literally includes the "" but must do around environment variables themselves - unzip32 needs "" around environment variables themselves in case they contain a space, which causes unzip32 to choke regfree ------- regfree -quiet -CheckKey "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" if "errorlevel" == "0" ( regfree -quiet -DeleteKey "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU" regfree -quiet -DeleteKey "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" ) Windows Automatic Updates options --------------------------------- AUOptions = 2 (Degree of user interaction) 1 = Disables AU (Same as disabling it through the standard controls) 2 = Notify Download and Install (Requires Administrator Privileges) 3 = Notify Install (Requires Administrator Privileges) 4 = Automaticly, no notification (Uses ScheduledInstallTime and ScheduledInstallDay) AUState = 2 (The state of AU for diagnostic) 0 = Initial 24 hour timeout after detecting Internet Connection 1 = Waiting for user to run AU wizard 2 = Detect pending (Looking for new patches) 3 = Download pending (waiting for user to accept pre-download prompt) 4 = Download in progress 5 = Install pending (Waiting for install of downloaded patches) 6 = Install complete 7 = Disabled (AUOptions will also be set to a value of 0x1) 8 = Reboot pending (Waiting for reboot required by installed patches)