Configuring Windows for Performance, Usability and Security


This document applies to Windows 95, 98 and Me.
Related documents: Configuring System BIOS, Windows 95 software installation, Windows 98 software installation.

Contents

1. Introduction

2. Hard Disk Partitioning

3. Booting MS-DOS

4. The Windows Operating System

5. Disaster Prevention

6. Further Windows Housekeeping

7. Clearing Out Unnecessary Files To Make Space And Increase Performance

8. Functionality That Can Be Removed From Windows If You Don't Use It

9. various fixes / workarounds to common problems

10. Still to add to this document

11. Appendix

1. Introduction

You can configure Windows with all its user interface bells and whistles that have little functional value other than to slow the system down, and pay extra money for bigger, faster, hardware to compensate for your bad configuration; but why bother. This document details how to turn off all the extra fluff, and how to streamline it further so that the system runs at its fastest on the given hardware and saves you throwing away old equipment before its time is really up.

as far as performance goes, configuring a Windows system with the settings layed out in this document will really come-into-its-own on a computer with less resources than those you'd buy brand new now, yet it will enable any computer to run Windows faster and smoother. tuning the operating system for performance goes hand-in-hand with choosing lightweight software applications.

Use this document in conjunction with win-95-software-installation.html or win-98-software-installation.html ; those documents deal with the software worth loading onto a Windows sytem, this document deals with how to configure the underlying operating system that exists before you begin loading software onto it.
There are also details of settings worth making in many of the individual programs that make up a Windows system, in documents which can be found via software.html.

Thanks to David L. Farquhar for his book 'Optimizing Windows (for Games, Graphics and Multimedia)' (recently out of print), 2000, O'Reilly; which initially helped fill some of the holes.

Key

    %username% defines the Windows system variable %username%, when this is used in the text it indicates that you should type these exact cxharacters and the NT system will substitute it with the current username

    'username' indicates that you should type the actual name yourself

2. Hard Disk Partitioning

Stand-alone Windows 95/98/Me

Drive

Function

Volume Name

Directories

Size(MB)

File System (95,98,Me)

Cluster Size

Partition Type

C:

Windows operating system(+/-MB) + virtual memory

WINDOWS

\windows

Win9x, min: 600
advised: 1000 + (1.5/2 X max physical (incl. foreseeable) RAM for virtual memory)

FAT16

32k

primary

D:

program files(+/-MB)

PROGRAMS

\

min: 600
advised: 1500+

FAT16

32k

extended/
logical

E:

1. Windows' temporary files (+/- MB)
2. applications' (incl. browsers') temporary files / scratch space (+/- MB)

TEMP

1. \temp
2. \program-name

min: 400
advised: 1000
(2000+ for audio / still image / video editing)

FAT16

32k

extended/
logical

F:

users' Home space for their data; Windows installer (CAB) files (120MB) and various other uses (+/- MB)

HOME

\files\'username'
\mail
\software
\drivers
\freedb
\backup
\win98se.cab

rest of available space; or leave some for GNU/Linux

FAT16 or FAT32

??k

extended/
logical

G:

CD-ROM / CD-RW / etcetera

.

.

.

.

.

.

backup partitions (optional):

n/a

invisible partition for 'WINDOWS' backup

PROG-BAK

n/a

=

FAT16

32k


n/a

invisible partition for 'PROGRAMS' backup

WIN-BAK

n/a

=

FAT16

32k


partitions of an additional dual booting GNU/Linux system (optional):

hd#

root

n/a

?

100

EXT2 (83)

?

primary/logical

hd#

swap

n/a

?

= or 2x physical RAM size (and between 128MB and 2GB)

LINUX-SWAP (82)

?

logical

hd#

everything else

?

?

min: 800+
advised: 2000+

EXT2 (83)

?

logical

Advantages of spreading operating system functionality over multiple partitions:

    limits fragmentation (one of the main areas of system performance loss)

    limits possible damage from some virii

    limits damage from user error

    the more partitions that can be given a dedicated physical hard disk, or shared with as fewer other partitions as possible, the faster the system will run if partitioning themes are followed by users/administrators of the system (i.e. installing programs to the PROGRAMS partition, saving personal data to the HOME partition) then administration is made simpler because as the system fills up over time, space for Windows to function properly such as its virtual memory and temporary space won't be eaten up and the whole sytsem grind to a halt anywhere near as quickly, as those areas have been assigned their space and other functions shouldn't impinge upon that space (conversly, as a set amount of space has been assigned to, for example, the TEMP partition, if programs don't delete their temporary files it can fill up sooner than expected and slow the system down, so you must pay attention to that-however, when investigating a problem atleast all the different programs' temporary directories are located in the same area rather than potentially anywhere in the file system and are thus easier to find and delete)

    with Windows' virtual memory on its own disk drive, it doesn't need disabling whilst the file system is defragmented for it to be succesfully defragmented.

If you have a second hard disk, depending on how often its being accessed by programs, you can improve performance by locating Windows' virtual memory on that disk. This saves the virtual memory file from fragmenting the Windows partition. We used to also advise locating Windows' virtual memory on its own partition in a single disk system but it transpires that though this reduces fragmentation (a major performance hindrance), it forces the disk heads to move back and forwards too much between the Windows system files and the virtual memory, reducing the performance boost gained from the lack of fragmentation; where-as with the virtual memory on a separate disk the disk heads remain constantly around the same position on the disk where the virtual memory file is located

TEMP wants to be larger (i.e. by an extra 1GB) if an image manipulation (i.e. GIMP, Photoshop) or audio editing software (i.e. Audacity, CoolEdit) is using it

If you wish to have the GNU/Linux operating system installed concurrently with Windows, install Windows first, leave some partition space free (use something like Ranish Partition Manager or FIPS and Partition Resizer or Partition Magic or FDISK), and the GNU/Linux installer should prompt you to allow it to install in the free space and should then insert an operating system loader (LILO/GRUB/etc) in the hard disk's Master Boot Record (MBR) (the first sectors of the disk, that previously had Windows' operating system loader that took you into Windows automatically) which instead will ask you each time you switch on which operating system you'd like to run

the minimum and maximum partition sizes in the following table are based on a system presumed to be heavily used for a typical set of popular contemporary desktop uses, such as office suite applications (word processing, spreadsheet, database), various Internet applications (web, email) and graphics editing (i.e. GIMP/Photoshop) and other general uses; and assumes you have generous amounts of disk space to use (minimum of 3GB but for full flexibility its advisable to have 5.5GB or more). More leniant partition sizes could be used instead, for a system not intended for such a variety of applications and/or with smaller hard disk(s) (see further on)

if you're trying to cram this into a smaller hard disk, remember this:
WINDOWS wants enough to fit Windows, the Windows default Program Files, the program files for some applications that don't give you a choice where they get installed (most often device drivers).
PROGRAMS wants enough to cover all programs you can imagine needing to ever have installed.
SWAP wants enough space for the Windows virtual memory (the total RAM required, minus the physical RAM available)
TEMP wants enough to cover web browser cache (if you download files they'll be stored in here whilst they download) and all other applications' use of temporary space (some applications use large amounts of temporary/swap/scratch space)
LIBRARY wants to cover the Windows setup files (allthough these could live on a seperate CD) and any other software installers you want to keep on the hard disk at all times

for example, a system using Windows 98 could fit into:
WINDOWS: a very minimum of 300MB
PROGRAMS: 400MB
SWAP: 200MB+
TEMP: 200MB+
LIBRARY: 150MB (minimum for complete Windows installer and about 30MB for device drivers)
HOME: the rest of available space

How much larger is the WINDOWS partition likely to grow over time?
Occasionally there are applications (usually small hardware drivers) which will completely install their program files to C: without asking. Some applications (Quicktime, some Macromedia products) will install parts of their installation into %WINDIR%\SYSTEM32 (Windows NT) and this could be as much as 5 to 10MB.
Windows 2000 out-of-the-box (without adding extra language capabilities) could be perhaps 580MB; Service Packs save their files (SP2 is 150MB) in %WINDIR%\ServicePackFiles (so even currently unused updated system files are available when they're needed). The %WINDIR%\SYSTEM32 directory could easily grow to 500MB

3. Booting MS-DOS

MSDOS.SYS

[Win95,98,Me]
location: C:\MSDOS.SYS
download a copy that matches these settings, either for Windows 95 or for Windows 98 (at this point they're the same file)
file type: plain text
turn off its file attributes for Read-Only and Hidden before editing, and (preferably) restore them afterward

  • AutoScan=2 (after an impromptu shutdown, run SCANDISK without asking)

  • BootDelay=0 (set startup delay to 0 seconds)

  • BootGUI=1 (the default, load Windows)

  • DblSpace=0 (prevents automatic loading of DBLSPACE.BIN, if present, and subsequent unloading of it if not required)

  • DoubleBuffer=0 (unless you have an ISA SCSI controller card and play DOS games in the Windows GUI)

  • DrvSpace=0 (prevents automatic loading of DRVSPACE.BIN, if present, and subsequent unloading of it if not required)

  • Logo=0 (don't display the Windows splash screen. small performance gain. this is also dealt with in TweakUI -> Boot)

  • Network=1 (load networking components. remove this line if networking components aren't installed)

  • SystemReg=0(disables scanning the registry for hardware profiles. note: can cause some systems to hang. may be inappropriate for laptops that dock with a mother ship)

  • display the boot menu for 1 second
    (far from essential but useful for aquainting people with this menu that they will undoubtedly find useful someday but whose existance will otherwise likely have been obscurred from them. but this method can confuse people)
    BootMenu=1
    BootMenuDelay=1

CONFIG.SYS

location: C:\CONFIG.SYS
file type: plain text
Windows doesn't need SETVER, HIMEM.SYS or EMM386.EXE to be run from CONFIG.SYS, but some specific DOS programs might

  • device = c:\%WINDIR%\command\display.sys con=(ega,,1) ?

  • country = 044,850,c:\%WINDIR%\command\country.sys

  • files=99 (Windows 95/98's default is 30 which is too low for multitasking. Windows more stable with 99)

  • buffers=13 (Windows 95/98's default is 20. buffers are no longer a relevant aspect but 13 solves obscure memory configuration problems)

AUTOEXEC.BAT

[Win95,98,Me]
location: C:\AUTOEXEC.BAT
file type: plain text

  • prevent AUTOEXEC.BAT's contents from displaying on the screen as they're run:
    @echo off

  • keyboard driver:
    keyb uk,,c:\windows\command\keyboard.sys
    (amend 'c:' and 'windows' to suit your system)

  • remove the line for the DOS sound card driver, if present, and if you don't use the sound card in DOS (i.e. for games), e.g.
    SBINIT
    set blaster=...

  • set the Windows' default location for storing temporary files:
    [Win95,98,Me]
    @set temp=x:\windows
    @set tmp=x:\windows
    (where 'x' is the drive letter of your TEMP partition, if you have one (otherwise use C:\TEMP)

4. The Windows Operating System

SYSTEM.INI

[Win95,98,Me]
location: %WINDIR%\SYSTEM.INI
file type: plain text

  • tune the Windows disk cache for best performance
    [vcache]
    MinFileCache=1/8 of total RAM or 1024, whichever is lower
    MaxFileCache=1/4 of total RAM or 16384, whichever is lower

    for example, use the values in brackets for the following total RAM sizes: 16MB (1024/4096), 32MB (1024/8192), 64MB or greater (1024/16384)

    (If setting this on an old computer with a 386 or 486 cpu, set a fixed disk cache by making these values the same, either 1/4 total RAM if you have 16MB, or 1/8 if you have less)
    There are situations with high performance computing applications where you'd want to tune this cache differently, more on that when we get around to it

System Properties: Device Manager

  • turn off CD or DVD Auto Insert Notification
    with this on, Windows constantly polls the drive to see if a disc has been inserted (which consumes resources) and if it has, it follows the commands, if present, in the file \AUTORUN.INF, which invariably loads an application setup program (but could also load malicious code, making this a large security risk with unknown discs). With this disabled, you'll have to run setup programs manually, using something like Start -> Run -> Browse... and looking for the setup program (often SETUP.EXE if its the kind of program that uses AIN) on the disc drive
    System Properties -> CD-ROM or DVD -> Properties -> auto insert notification - disable

  • disable USB error detection (only if motherboard has VIA Apollo chipset, for fixing problems with it)

  • enable Direct Memory Access (DMA) data transfer on all ATA drives (i.e. hard disk, CD, DVD) (increases performance):

    • hard disk (beware, operating system may hang on some older systems)

    • optical discs (CD-ROM / CD-R / CD-RW / DVD / DVD-ROM / etcetera)

  • properly installed IRQ Steering (essential to proper USB connectivity):
    System Properties -> Device Manager -> System Devices -> PCI bus -> Settings -> Use Hardware
    System Properties -> Device Manager -> System Devices -> PCI bus -> IRQ Steering ->

    • Use IRQ Steering - on

    • Get IRQ table using ACPI BIOS - on

    • Get IRQ table using MS Specification table - on

    • Get IRQ table from Protected mode PCIBIOS 2.1 call - off

    • Get IRQ table from Real Mode PCIBIOS 2.1 call - on

    • IRQ Routing Status:

        IRQ Steering Enabled

        IRQ Table read from MS IRQ Routing Specification

        IRQ Miniport Data processed succesfully

        IRQ Miniport loaded succesfully

System Properties: Performance

  • File System

    • optimize hard disk cacheing : Hard Disk -> Settings -> Tyical role of this computer: network server (don't change this on ?most versions of Windows 95? as they wrongly configure it)

    • Hard Disk -> Settings -> Read-ahead optimization: Full

    • ? Floppy Disk -> Settings: don't 'search ahead...'

    • Floppy Disk -> Settings: search for new floppy disk drives each time your computer starts - off (Windows starts quicker)

    • Tune your CD-ROM cacheing (useful if have no CD-ROM or not enough RAM to run Windows in, as it frees up RAM, but progressively slows CD access down to a crawl. if have plenty of RAM then can even add more by editing the registry):
      control panel -> system -> performance -> file system -> CD-ROM ->

      • if have >16MB RAM and make heavy use of the CD-ROM:
        supplemental cache size: all the way to the right (and this can be increased further with a registry edit)

      • if no CD-ROM or you use it just for installing software and playing music:
        supplemental cache size: all the way to the left
        Optimize Access Patterns: 'No read-ahead'

  • only if you are able, move Windows' virtual memory to a second hard disk drive (if ATA, then also on a second controller). Consider how often the second disk drive is being accessed by programs, as this will affect the performance of the virtual memory:
    Virtual Memory -> Let me specify my own virtual memory settings -> choose the second hard disk (if Windows doesn't delete the old virtual memory, do so by hand, its called: %WINDIR%\WIN386.SWP)

  • Graphics

    • hardware acceleration: Full (unless having problems with graphics, in which case try turning it down)

sounds

  • turn off sound scheme
    the operating system making sounds in various situations consumes resources
    Control Panel -> Sounds -> Scheme -> No Sounds

multimedia

  • Control Panel -> Multimedia -> Devices -> Media Control Devices
    the following can be removed (using Properties -> Remove):

    • PIONEER LaserDisc Device - remove

    • VISCA VCR Device - remove

    • CD Audio Device - remove (only if don't have a CD-ROM)

    • MIDI Sequencer Device - remove (only if don't have a sound card)

    • Wave Audio Device- remove (only if don't have a sound card)

Networking

  • Install only those networking components, clients and services you need, remove those you do not. you'll need a networking adaptor installed before you're able to add these (either a network card physically fitted and recognised in Network Configuration, or the 'dial-up adaptor', usually associated with modems but is actually a catch-all phrase for a few networking techniques, so can be added regardless of whether you have a modem or not)
    For example, for Internet access you need only the 'TCP/IP' protocol; if you want access to files/printers on other computers, made available using Windows Shares, you'll need the 'TCP/IP' or 'NetBEUI' protocol, and the 'Client for Microsoft Networks' client; and the 'File and printer sharing for Microsoft networks' service if you additionally want to share your files/printers with others. A default Windows installation will install excess protocols such as VPN and IPX/SPX which should usually be removed.
    If connecting to the Internet, be careful not to enable 'NetBIOS over TCP/IP' (there are good instructions at http://grc.com/su-bondage.htm) (basically, bind 'Client for Microsoft Networks' and 'File and printer sharing for Microsoft networks' to the un-routable NetBEUI instead of the routable TCP/IP)
    Tune such settings in these places:

    • for an ethernet connection with a network card:

      • Control Panel -> Network -> pick network card -> Properties -> Bindings -> check only that which you need (see above)

      • for private TCP/IP based networks, if you have control of the IP addressing range, use the 10.0.0.x range (its an easier number sequence than 192.168.x.x for general users to remember)

    • for a dial-up connection using Windows' dial-up software (Dial-Up Networking or DUN):

      • Start -> Programs -> Accessories -> Communications -> Dial-Up Networking -> right-click on the desired connection -> Properties -> Server Type -> set the properties for each connection here (this menu sequence probably differs between versions of Windows)

        • set the analog telephone line protocol for between your computer and the ISP (probably PPP)

        • As above, enable only the networking protocols you need (probably only TCP/IP) (this also speeds up the time to connect)

        • ...
        • ...
        • ...
      • Control Panel -> Network -> TCP/IP -> Properties -> these are global settings, TCP/IP settings are best configured seperately for each connection in Dial-Up Networking, so everything in here wants to be turned off or set to automatic, othewise they over-ride the Dial-Up Networking settings, so:

        • enable assigning of an IP address automatically

        • turn DNS off

        • ...
        • ...
        • ...
      • Control Panel -> Network -> Dial-Up Adaptor -> Properties -> Bindings -> check only that which you need (see above)

    • for broadband Internet connections in general (ethernet, cable, DSL, etcetera):

      • improve performance by setting TCP to attempt to discover MTU automatically over the path to a remote host. otherwise MTU defaults to 576, which reduces overall performance over high-speed connections.

    furthermore...choosing a domain name / workgroup name / DNS host name that matches your postcode, or some other such personal indicator, could compromise privacy

Network Card (hardware)

  • configure for maximum throughout:
    Control Panel -> Network -> pick the adapter -> Properties -> Advanced ->
    (these options may or may not exist for you, depending on the particular card)

    • Connection Type

    • Link Speed & Duplex - 'Auto Detect' - the best means of configuring Full Duplex mode if it is available on a 10/100 twisted pair network card

    • Speed

    • Transmit Threshold - ?

    • Burst Length - ?

  • ? Control Panel -> Network -> pick the adapter -> Properties -> Driver Type

Modem (hardware)

  • once you've configured Dial-up Networking for a particular connection, create a shorcut to it on the Windows desktop:
    in Dial-up Networking, right-click on the appropriate connection and choose 'create shortcut' (if you were to drag it to the desktop it wouldn't create a shortcut but instead an INI file containing all settings relating to this connection, which wouldn't be as elegant)

  • set the port speed to the maximum:
    Dial-up Networking -> ? -> ?maximum connection speed? -> 115,200baud
    or is it in Control Panel -> Modems...?

  • Change the MTU and RWIN settings: http://www.annoyances.org/exec/show/article04-006 and see to-do list at the bottom of this document (also here)

  • enable logging of information of how this Internet connection is used:
    Dial-up Networking -> Server Types -> Advanced options -> Record a log for this connection

  • enable logging of information about the use of the modem device:
    Control Panel -> Network -> Dial-up adaptor -> Properties -> Advanced -> Record a log file: yes

    Control Panel -> modems -> pick the modem -> Properties -> Connection -> Advanced -> Append to log
    the log file is %WINDIR%\modem-name.log

Taskbar & Start Menu

  • if the monitor isn't large, reduce the size of 'Start menu' icons, as usually this menu is too large
    Windows95: Start -> Settings -> Taskbar -> Show small icons in Start menu - enabled
    Windows98: Start -> Settings -> Taskbar & Start Menu...-> Show small icons in Start menu - enabled

  • further tweaking of the menus:
    WindowsMe: Start -> Settings -> Taskbar & Start Menu...-> Advanced -> Start Menu Settings

    • Display Administrative Tools - on

    • Expand Control Panel - on

    • Expand Network and Dial-Up Connections - on

    • Expand Printers - on

  • disable the clock from showing in the System Tray
    unless you need it, it consumes resources
    Windows95: Start -> Settings -> Taskbar -> Show clock - off
    Windows98: Start -> Settings -> Taskbar & Start Menu... -> Show clock - off
    Windows2000: Start -> Settings -> Taskbar & Start Menu... -> Show clock - off

Internet Explorer

These are Internet Explorer (IE) settings (integrated with the operating system from Windows 95c onwards, unless you use 98Lite so as to not install it in the first place). as IE is installed by default and is an integral part of Windows these changes are worth making in case anyone or anything chooses to use IE or its components). We recommend you lock down Internet Explorer as tight as you can and use something like Netscape (or another Gecko-based browser such as Mozilla or K-Meleon) instead. Or, if you do really need to use IE, loosen off those insecure parts of it that you need in browsing and for only those security zones which are apply. It is not advised using IE on the open Internet because of its many security vulnerabilities.

it's probably worth running IERadicator (unless Windows was initially installed Windows using 98Lite) to remove a greater proportion of Internet Explorer (but I haven't used it in a while and need to check what it does and doesn't remove)

'control panel -> Internet Options' or 'Internet Explorer -> Tools -> Options' or right click on Internet Explorer desktop icon and choose Properties

Options for the IE that comes with Win95 OSR2.5 (is this version 3.x?):

  • Security

    • Active content

      • Allow downloading of active content

      • Enable ActiveX controls and plug-ins

      • Run ActiveX scripts

      • Enable Java programs

      • Safety Level -> Active content security -> Medium

  • Advanced
    temporary Internet files -> Settings -> move folder to TEMP partition (if running a system with multiple partitions) (e:\%username%\ie\Temporary Internet Files - if you set it this way it'll choose 'Temporary Internet Files' automatically and create the directory; if you set it directly in the registry it won't; so we've set our registry setting to use the cumbersome 'Temporary Internet Files' for consistency)
    (there are more settings in here but they're dimmed, how do they get undimmed?)


Options for other versions of IE (applicable product version number(s) are in square brackets afterward...
(Win98 1st edn comes with IE4.01SP1?, Win98 2nd edn IE5.0, Win2k IE5.0, WinXP IE6.0)

  • General

    • Home page -> Use Blank

    • temporary internet files -> settings -> temporary internet files folder -> move folder to TEMP partition if running a system with multiple partitions [5.5,6.0]

  • Programs

    • internet explorer should check to see whether it is the default browser - off

    • Internet programs...

  • Security

    • 'High' will turn off all of the features (see Appendix) apart from these, all of which we recommend you disable (if a 'Custom Level' has already been chosen you will have to restore the button for choosing 'High' by choosing 'Default Level...')

      • 'Script ActiveX controls marked safe for scripting' (defaults to 'Enable')

      • 'Font download' (defaults to Prompt)

      • 'Java permissions' (defaults to 'High safety') [5.5]

    • Internet - set the security level to 'High'

    • Local intranet - the higher you set this the more obstructive Windows is to your moving around and running files. we're currently trying this at a 'Medium-low' security level

    • Trusted sites - set the security level to 'High'

    • Restricted sites - set the security level to 'High'

  • Content -> Personal information -> AutoComplete -> Use AutoComplete for

    • 'Web addresses' - off

    • 'User names and passwords on forms'- off
      (Prevent IE saving personal information (such as visited URIs) in the registry)

  • Privacy -> Privacy Preferences (5.5,6.0)

  • Advanced

    • Browsing

      • Automatically check for Internet Explorer Updates - off [5.0,5.5,6.0]

      • Enable Install On Demand - off [5.0,5.5,6.0]

      • Enable page hit counting - off [5.0]

      • Enable page transitions - off [5.5,6.0]

      • Launch browser windows in a seperate process - on [5.0] / Reuse windows for launching shortcuts - off [5.5]

      • Show Internet Explorer on the desktop - off (don't encourage its use) [5.0,5.5,6.0]

      • Use inline AutoComplete [for Web addresses] - off (this also applies to Start Menu -> Run commands)[5.0,5.5]

      • ...automatically suggest used addresses - on (this also applies to Start Menu -> Run commands)

      • use smooth scrolling - off [5.0,5.5] (makes the page scroll in annoying jumps)

    • Multimedia

      • Always show Internet Explorer Radio bar - off [5.0,5.5]

      • Play animations - off (do not animate animated GIFs)

      • Show image download placeholders - on [5.0,5.5]

    • Java (Sun)
      If you've installed and set Sun's Java to be the default for Internet Explorer then it will have a setting here
      Use Javax vx.x.x for "<"applet">" (requires restart)

    • Java VM

      • Java console enabled - on (displays Java messages in View -> Java Console) [4.?,5.0,5.5,6.0]

      • Java Logging enabled - on [4.?,5.0,5.5,6.0]
        (logs to %WINDIR%\JAVA\JAVALOG.TXT)

      • JIT compiler for virtual machine enabled - off [5.0,5.5,6.0]

    • Search from the Address bar
      When searching: Just display the results in the main window [5.0,5.5]

    • Security

      • Check for publisher's certificate revocation [5.0,5.5,6.0]

      • Check for server certificate revocation [5.0,5.5,6.0]

      • Do not save encrypted pages to disk - on [5.0,5.5,6.0]

      • Enable Profile Assistant - off [5.0,5.5]

      • Use Fortezza - off [5.0,5.5,6.0]

      • Warn about invalid site certificates [5.0,5.5,6.0]

      • Warn if changing between secure and not secure mode - on [5.0,5.5,6.0]

      • Warn if forms submittal is being redirected [5.0,5.5,6.0]

  • customise toolbar for increased screen real estate:
    right-click on 'Standard Buttons' toolbar -> Customize...

    • Text options -> 'Selective text on right' or 'No text labels' (but this depends on user preference)

    • Icon options -> Small icons (but this depends on user preference)

  • specify an alternate search URL for the 'Search' toolbar button:
    for all users: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
    for individual users: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
    Value Name: Search Bar; Data Type: REG_SZ (String Value); Value Data: Search URL

is it worth removing all security certificates that come with the default installation?
what about updating the 'cipher strength'? (56bit to 128bit?)

Display (settings)

  • Background -> Wallpaper -> (None) (improves performance)

  • Screen Saver -> Screen Saver - none (a screen saver was once necessary to save the still image burning into the screen, now it just prevents the monitor from ever resting (which is good for it) and (as is common with screen savers that didn't come with the operating system) can crash the system)

  • Screen Saver -> Energy saving features of monitor -> Settings / Control Panel -> Power Management - 10 mins for the monitor; 20 mins for the hard disk; 30 mins for standby (but test the standby as not all systems will wake up from it)

  • Screen Saver -> Energy saving features of monitor -> Settings -> Advanced -> Power buttons -> when I press the power button on my computer: standby/sleep
    Tell me if I'm wrong, but you wouldn't want to press the power-off button on the front of the computer whilst Windows is running anyway, with the intention of cutting the power, unless something was wrong (in which case you can press the reset button); let-alone mistakenly pressing the keyboard power-off button and Windows just dropping to the ground without shutting itself down properly. Sending the computer to sleep can also be useful in saving energy and in making for a quieter environment (especially if you also have a quiet fan or can set in the BIOS setup to turn the fan off in standby/sleep). However, be aware that many people aren't accustomed to a sleeping computer and can be confused by it, especially if the BIOS settings are such that moving the mouse or pressing keys on the keyboard will not wake it.

  • Screen Saver -> Energy saving features of monitor -> Settings -> Advanced -> Power buttons -> when I press the sleep button on my computer: standby/sleep

  • Appearance -> Scheme - Windows standard - or whatever your preference

  • Appearance -> Color - black - or whatever your preference

  • Effects -> Desktop icons -> Hide icons when the desktop is viewed as a web page - off

  • Effects -> Visual effects -> Use large icons - off (is this the default?)

  • Effects -> Visual effects -> Show icons using all possible colors - on?

  • Effects -> Visual effects -> Animate windows, menus and lists - off (these are also individually dealt with in TweakUI -> General)

  • Effects -> Visual effects -> Smooth edges of screen fonts - on (otherwise known as 'anti-aliasing' - you probably don't want this on if you use image manipulation software (i.e. GIMP, Photoshop)

  • Effects -> Visual effects ->Show window contents while dragging - off - {performance}

  • Web -> View my Active Desktop as a web page - off

  • Settings -> set optimum 'Screen area' (resolution) and 'Colors' settings for you and your video card. (You can also use these settings to affect performance, which is dependant on whether the card is built predominantly for games or general use. checkout page 28 of David L. Farquhar's 'Optimizing Windows (for Games, Graphics and Multimedia)

  • Settings -> Advanced -> General -> Compatibility -> Apply the new color settings without restarting - on

  • Settings -> Advanced -> Adapter -> Refresh rate - set to the maximum permissable for the monitor and display adaptor so that it doesn't noticeably flicker (and give you brain strain - you want white backgrounds to appear as solid a white as possible). A setting higher than that supported by the monitor can damage it. Too high a rate may affect performance (if unsure, 75Hz is a good balance).

  • Settings -> Advanced -> Monitor -> Automatically detect Plug & Play monitors - on (set differently in Win95)

  • Settings -> Advanced -> Color Management - ?

Windows Explorer

  • View -> Details

  • View -> as Web Page - off (this option won't be available if you've removed Internet Explorer with IERadicator)

  • View -> Status Bar - on (is this on by default?)

  • View -> Toolbars -> Radio - off

  • View -> Toolbars -> Links - off

  • [win95][Win98] View -> Folder Options -> General -> Windows Desktop Update -> Classic style

  • [win95][Win98] View -> Folder views -> You can make all your folders look the same : Like current folder (but be sure the current folder is how you want them all to be!)

  • [Win98] View -> Folder options -> View -> Files and Folders -> Hidden files:Show all files
    [Win95] View -> Options -> Hide files of these types - off

  • [Win98] View -> Folder options -> View -> Files and Folders -> Hide file extensions for known file types
    [Win95] View -> Options -> View -> Hide MS-DOS file extensions for file types that are registered - off 

  • [Win98] View -> Folder options -> View -> Files and Folders -> Remember each folders view settings - off

  • [Win95] View -> Options -> View -> Include description bar for right and left panes - off

  • [Win98] View -> Folder options -> View -> Visual Settings -> Hide icons when desktop is viewed as Web page - ?

  • [Win98] View -> Folder options -> View -> Visual Settings -> Show window contents while dragging - off (improves performance massively when copying files)

  • [Win98] View -> Folder options -> View -> Visual Settings -> Smooth edges of screen fonts - off (improves performance)

  • [win95][Win98] View -> Folder options -> File Types - is there a way to configure these manually? there is in NT

Desktop Aesthetic and Usability Improvements

(depending on how you use them, these can be either per-user or per-machine settings)

  • organise the Start menu (when everythings installed)

    • get rid of icons that have been rudely put in prominant places that you don't want there, such as on the same level as the 'Start' button

    • group 'Programs' into logical sections defined by their subject area

    • when installing programs, if you've chosen the often given hierarchy, of company name then application name, get rid of the company names

  • organise desktop icons

    • remove icons to things that you don't need desktop icons cluttering things up for (useful to make sure they're represented on the Start Menu though)

  • set Quick Launch bar to be on left hand side of the Windows Taskbar, minimised/background applications on the right

  • organise Quick Launch bar
    some people find it useful to have often used programs on the Quick Launch bar. whether they intend to use it or not its best to remove the Outlook Express icon that is placed there, if its not going to be used, and any other icons that are put there when their applications are installed. because there exist non-standard pages on the web, designed to only work with Internet Explorer in particular, it can be worth leaving its icon for the rare occasions people need to use that browser to work around a broken page. [?%USERPROFILE%? or ?%APPDATA%? [Application Data/Microsoft/Internet Explorer/Quick Launch]

  • organise 'Send To'
    for applications that don't automatically do this for themselves, add shortcuts to useful applications or functions in 'SendTo'. (this can be especially useful for WordPad (if you don't have a preferred plain text editor), IrfanView, BinText, your email program, etcetera). the easy way to add to 'Send To' is:
    right-click on the program executable -> choose 'Create Shortcut' -> cut and paste the shortcut to %WINDIR%\SendTo\

    remove unnecessary items from the 'Send To' list

  • organise Favorites
    otherwise known as 'bookmarks', these are available from the Start Menu, Windows Explorer and Internet Explorer. They can be useful for making shortcuts to directories / folders on your hard disk as well as web sites (though though they won't be dynamically available to choose from within web browsers other than Internet Explorer).

    • (haven't checked which bookmarks are used in Windows 95 and 98)

  • right-click context sensitive menu

    • plain text editor

    • ?

    • ?

    • ?

    • (this is done with something like...
      HKEY_CLASSES_ROOT\*\
      HKEY_CLASSES_ROOT\filename extension\
      HKEY_CLASSES_ROOT\Applications\program name\

      may need to be backed-up with the following: HKEY_CLASSES_ROOT\Unknown\program name\shell\edit\command\

      and for each there can be settings for:
      shell
      shellex
      OpenWithList

      and:
      shell\Open with
      shell\Open as

  • depending on personal preference, it can be a good idea to name desktop icons by that of the functionality they perform rather than the name of the actual program offering that functionality, as this can be more descriptive to less-aware people and enable the software to change but the desktop remain consistant

Miscellaneous

  • set Regional Settings to your geographical region:
    'Start -> Settings -> Control Panel -> Regional Settings -> Regional Settings' - set this to the region you want

  • disable the pseudo login process for individual desktop customisation:
    Win98: 'Start -> Settings -> Control Panel -> Passwords -> User profiles -> All users of this PC use the same preferences and desktop settings' (only available in Windows 95 if more than one country loaded, whereas it is perhaps an option in Windows 98 with only the one)
    Win95: 'Start -> Settings -> Control Panel -> Passwords -> All users of this PC use the same preferences and desktop settings' - on

  • if still present, delete: 'Online Services'; ‘Inbox’ (perhaps with TweakUI, under the ‘desktop’ section) and 'Internet Explorer' icons from the desktop

  • set keyboard layout for relevant language(s):
    'Control Panel -> Keyboard -> Language'

  • if you use multiple written languages and want to switch easily between them: 'Enable indicator on taskbar', but this does use up some RAM

  • disable active scripting (the Windows Scripting Host) (unless you know that you need it)
    the only way we know to disable it is to uninstall it using Control Panel -> Add/Remove Programs -> ? -> Windows Scripting Host and/or, if these files exist (they all seem to exist even if you haven't chosen Add/Remove Programs -> Accessories -> Windows Scripting Host), to move them to somewhere out of the way, i.e. %WINDIR%\quarantined:

    • Windows Scripting Host (GUI version)
      [win95,98]: %WINDIR%\WSCRIPT.EXE

    • Windows Scripting Host (command-line version)
      [win95,98]: %WINDIR%\COMMAND\CSCRIPT.EXE

    • Windows Scripting Host (command-line version) DLL
      (doesn't always appear to be present)
      %WINDIR%\COMMAND\CSCRIPT.DLL

    • Windows Scripting Host runtime library / ActiveX control
      %WINDIR%\System32\WSHOM.OCX

    • JScript scripting engine
      (this file is re-installed by a fresh installation of Internet Explorer or Microsoft Office)
      [win95,98]: %WINDIR%\SYSTEM\JSCRIPT.DLL

      NOTE: we used to advise quarantining this but its begun to break the Add/Remove Programs window, atleast in Windows 2000, causing it to display almost a blank window!

    • VBScript scripting engine
      [win95,98]: %WINDIR%\SYSTEM\VBSCRIPT.DLL

    • registry settings:
      Windows 98 supposedly has [HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\]

  • scandisk
    [win95,98,Me]
    SCANDSKW.EXE -> Advanced

    • Display summary - Always (the default)

    • Log file - Append to log

    • Cross-linked files - Make copies (the default)

    • Lost file fragments - Convert to files (the default)

    • Check files for
      Invalid file names - enabled (the default)
      Invalid dates and times - enabled
      Duplicate names - ? [Win98]

    • Check host drive first - ?

    • Report MS-DOS mode name length errors - ? [Win98]

  • Disk Defragmenter
    [win95,98,Me]
    defrag.exe -> Settings [Win98]

    • When defragmenting my hard drive:
      Rearrange program files so my programs start faster - enabled (the default)
      Check the drive for errors - enabled (the default)

    • I want to use these options - 'Every time I defragment my hard drive' (the default)

Add/Remove Programs -> Windows setup

none of these settings are necessary (unless you know you already use and need any of them). other than these few, everything else is a security risk or can be replaced with something far better for free.
some can be useful:

  • System Tools: Character Map; system monitor; defragmenter (on some versions of Windows95, later versions load it automatically)

  • Multilanguage Support: Baltic, Central European, Cyrillic, Greek and Turkish Language Support

  • Multimedia: Volume Control

  • Networking: Dial-up Networking

  • some can be worthwhile to have around:

    • Accessories: Imaging (if have a scanner, to use as a backup if your scanning software breaks); WordPad;

    • Multimedia: CD Player; Sound Recorder; Volume Control

    • Networking: Direct Cable Connection

    some can be dangerous and we warn you against using them:

    • Internet Explorer; Outlook Express

    The Registry

    • As a Windows system grows old, its registry becomes bloated with unnecessary space. it can be can be compacted to save RAM and speed things up. You can download a copy of these registry compacting batch files: RCOMPACT.BAT, RRESTORE.BAT and their instructions)

    • set x:\windows-version.CAB (where x is the drive letter where the Windows installation files are kept and windows-version is the directory, named after the respective version of Windows, i.e. L:\WIN98SE.CAB) to be the only directory to look in when updating Windows components:
      set HKEY_USERS\.Default\InstallLocationsMRU\a = x:\windows-version.CAB
      You may also have to edit the MRUList setting which is a simple list which appears to define the order the directories are listed in
      You will also have to set this for other users, if they exist, under HKEY_USERS section

    TweakUI

    Control Panel -> TweakUI
    TweakUI (Tweak User Interface) is part of the Microsoft Power Toys collection of utilities for Windows and as such needs to be installed seperately. it is available from http://www.microsoft.com/ntworkstation/downloads/PowerToys/Networking/NTTweakUI.asp or http://www.annoyances.org/exec/show/tweakui

    worthwhile settings (currently this deals only with settings worth changing from the default):

    • Mouse

      • Menu speed : fastest is our preferred but play around between fast and slow to find whats best for the intended user - slower will snap out menus slower which can be painful but will also enable them to linger longer which is helpful to some people. the default is so slow as to be annoying to many people

    • General (turn off the fancy interface acrobatics to improve performance/prevent the system focusing any resources on functionally pointless tasks)
      Combo box animation - off (this is also dealt with in Display Properties -> Effects)
      List box animation - off (this is also dealt with in Display Properties -> Effects ?)
      Menu animation - off (this is also dealt with in Display Properties -> Effects)
      Smooth scrolling - off (makes the page scroll in annoying jumps, and affects performance)
      Window animation - off (this is also dealt with in Display Properties -> Effects)

    • Explorer

      • Prefix "Shortcut to" on new shortcuts - off

      • Save Explorer window settings - off (change the way one view is set and all remember it)

    • IE

      • Allow Active Desktop to be turned on/off - off (remove the 'Active Desktop' option from the desktop context sesitive menu so that there's less chance it'll ever be turned on)

      • Allow changes to Active Desktop - off (meaningless if above is off, otherwise prevent previously set Active Desktop options from being changed)

      • Clear document, run, typed-URL history on exit - depends on personal preference and/or security policy

      • Shell enhancements - on/off - IE integration. turn the feature off to save resources (atleast saves a little RAM) but some of it may be useful to people.
        This setting enables or disables Active Desktop, Web View, folder customization, the Quick Launch bar, the ability to right-click the taskbar - the Quick Launch bar and taskbar right-clicking are useful, the rest aren't.

      • Show Documents on Start Menu - on

      • Show Help on Start Menu - on (is this on by default?)

      • Show Links on Start Menu - off

    • Boot
      [Win95,98,Me]
      General -> Display splash screen while booting (this is also dealt with in MSDOS.SYS)
      Boot -> Always show boot menu -> Continue booting after [1] seconds (can also be enabled by settings in MSDOS.SYS(far from essential but useful for aquainting people with this menu that they will undoubtedly fuind useful someday but whose existance will otherwise likely have been obscurred from them)

    • New
      these are types of document that will appear in the list when the right-mouse button is clicked and you choose 'New', too many of them can be counter-productive so remove those you're unlikely to use

    • Paranoia
      Clear Last User at logon - on (if are turning on Logon -> Logon automatically at system startup, then you need this)
      play data CDs automatically - off (tie up security loophole of programs automatically running, and prevent Windows wasting resources by constantly polling the CD drive)
      play audio CDs automatically - off (prevent Windows wasting resources by constantly polling the CD drive)
      Log application errors to FAULTLOG.TXT (saves an incremental log of reports given when Windows crashes, which saves typing and can be extremely useful when troubleshooting)

    • Logon
      Log on automatically at system startup - on (if you're using 'Client for Microsoft Windows'. no password required)

    • My Computer
      [Win95,98,Me]
      Folder -> Program Files ->

      • PROGRAMS:\ (if using multiple partitions for different functions; replace 'PROGRAMS' with the drive letter of your PROGRAMS partition)

      • c:\programs (if using one partition)

    • hide partitions/drives that most people don't need to be aware of most of the time - C:, D: and E: - then they just see their HOME partition (F:), which makes things simpler:
      TweakUI -> My Computer -> remove the check mark from C:, D: and E:

    Thin Out Critical Directories For Performance Gain

    • anything unnecessary in \

    • anything unnecessary in %WINDIR%

    • move all *.txt that don't have the word 'log' in their name from %windir% to %windir%\docs (you'll need to create the directory) or delete altogether (Windows 98 has script.doc, htmlhelp.jtm, readme.htm, config.txt, display.txt, faq.txt, general.txt, hardware.txt, license.txt, mouse.txt, msdosdrv.txt, network.txt, printers.txt, programs.txt, recover.txt, services.txt, support.txt, tips.txt

    • move *.doc from %windir% to %windir%\docs or delete altogether

    • move *.htm from %windir% to %windir%\docs or delete altogether

    • move *.bmp from %windir% to %windir%\wallpaper or delete altogether

    • move *.gif from %windir% to %windir%\web\wallpaper or delete altogether

    • delete *.scr (screen savers) from %WINDIR%

    5. Disaster Prevention

    6. Further Windows Housekeeping

    • clean out ghost devices in device manager whilst in safe mode

    • keep an eye on JavaScript left in the browser cache, these can be huge programs, some of which could be malicious, perhaps left there to be run in future

    • use the Windows Desktop to store shortcuts (to programs, data, directories, drives, etc), rather than the actual item

    7. Clearing Out Unnecessary Files To Make Space And Increase Performance

    • to make space

      feel happy to delete these files other than those with question marks beside them (unless you know more than we do you might be better off waiting till we can confirm these as deletable or not)

      • %windir%\*.~mp

      • any file with numeric extension from %windir%

      • Windows needs system.dat, user.dat, system.ini and win.ini but files with the same names yet differing extensions can be deleted

      • %windir%\*.scr and %WINDIR%\SYSTEM32\*.scr - screen savers. they can contain malicious code

      • *.tmp

      • ~*.* (probably)

      • *.bak

      • %windir%\*.txt

      • .old

      • *.gid

      • da0 - last known good copy of Windows registry?

      • \config.??? - any of them other than config.sys

      • \autoexec.??? - any of them other than autoexec.bat

      • \bootlog.prv

      these directories hold temporary information that can all be deleted unless anyone has inadvertantly stored files there they wouldn't want to lose:

      • %temp%

      • \windows\temp

      • \windows\temporary internet files (best deleted with Internet Explorer's General -> Temporary Internet files -> Delete Files)

      remove from 'Add/Remove Programs -> Windows Setup' anything you don't require.
      however, note these dependencies:

      • 'Windows Messaging' is required for MAPI 1.0

      • 'dialup networking' is required for 'direct cable connection

      • 'Microsoft Fax' [Win95] requires 'imaging' and 'windows messaging'

    • to increase performance

      • anything unnecessary in \

      • anything unnecessary in %WINDIR%

    8. Functionality That Can Be Removed From Windows If You Don't Use It

    (dont delete the directories, just the files)

    • \windows\*.hlp (other applications might put further things such as ATI putting %WINDIR%\SYSTEM32\ATMxxxXX.HLP where xxx is a spoken language reference)

    • \windows\fonts\ - just those that neither you nor Windows uses

    • \windows\help\

    • \windows\winfile.exe - Windows 3's file manager

    • \windows\media\ - audio files

    • \windows\Sysbckup\ - ??

    • \windows\system\dcom95\oldole\*.* ??

    • \windows\system\oldmapi\*.* - left after Pegasus Mail updates MAPI, should contain mapi32.dll

    • \windows\system\Cfgwiz32.exe - ??

    • \windows\system\QTJava.zip - ??

    9. various fixes / workarounds to common problems


    10. Still to add to this document

    • RAM for contemporary computers is cheap, so write-up an alternative configuration making use of a RAM drive cache. can then set to use it all or some of: operating system's TEMP/TMP and virtual memory; applications' TEMP (incl browser (disk?) cache); applications' swap. there's info on how to configure it at http://www.speedcorp.net/guides/ramdrive/. you'd want to have a stable system before really giving over to this

    • modem - Windows 95, 98, Me registry settings tuned for PPP rather than the default tuning for ethernet:
      the maximum packet size that can be transferred over a network without fragmentation. The Internet "standard" for MTU is 576, however most ISP's use MTU's larger than this. The Windows 95 default setting for MTU is 1500, which is the LAN standard. If a packet is sent across a network that has an MTU smaller than the size of the packet, fragmentation will occur. This will reduce data throughput, as fragments need to be reassembled. If you connect to a remote site there is a reasonable chance that your data go through a router with an MTU of 576. Note: After installation of the Dial-Up Networking 1.3 upgrade the MTU size will be automatically set to 576 for dial-up connections. MSS = Maximum Segment Size of TCP data. MSS = MTU - 40. The 40 bytes is the size of header and trailer information of one packet. RWIN = Reveive Window, the size of the buffer that is filled before the received data is acknowledged. Usually RWIN is set to 4 times MSS
      MaxMTU software: http://www.mjs.u-net.com/mtuspeed.htm

    • modem - MTU (Maximum Transmission Unit): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Net\xxxx\TCP/IP\DriverDesc MaxMTU = 1500 [String Value] this is the default, even when they key isn't set, optimized for ethernet (LAN/WAN, xDSL, cable, satellite modems), not analog modems
      (If you are experiencing problems such as your browser stopping in the middle of a page, an MTU value of 576 might fix the problem)
      DUN 1.3 automatically adjusts the IP packet (MaxMTU ) size for dial-up connections depending on the connection speed. The setting toggles between small (576) for Dial-Up connections and large (1500) for LAN connections. One can also manually set the MTU size under the advanced properties for the Dial-Up Adapter. Select IP Packet Size and set to small (576), medium (1000) or large (1500)

    • modem - RWIN (TCP Receive WINdow): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP DefaultRcvWindow = 2144 [String Value]

    • modem - maximum MSS (Maxmum Segment Size)

    • modem - default TTL

    • disable password caching - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network\DisablePwdCaching =1 [DWORD] and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network and delete all .PWL files (tho this might be annoying for some people and not worth it if their passwords aren't important enough to warrant it)

    • ?SYSTEM.INI? non aggressive cache registry setting for systems with more RAM

    • on a laptop, save resources by disabling:
      InfraRed system tray icon
      the beeping to indicate PCMCIA card insertion and removal
      the power management indicator for mains or battery power (you can set Windows to still warn when power is low) (this battery indicator may have been what on one system was taking upto 20% CPU cycles whilst at idle)

    • in each area, enable logging, except where it contravenes personal privacy: FAULTLOG.TXT; Dial-up Networking; anti-virus

    • software needs to be able to work in this partitioned environment, and to do that it needs to be configurable, for example it needs to have a user configurable cache directory.
      this is all the more important from the wider perspective of needing the software to play well in a multi-user Windows NT environment

    • new document layout:
      The technical summary of what the setting/change does
      The non-technical summary of what the setting/change does
      Why set the setting or make the change (security, performance, usability)
      Windows 95
      Menu sequence to make it happen
      And/or respective registry setting / INI file setting to make it happen

      Windows 98
      Menu sequence to make it happen
      And/or respective registry setting / INI file setting to make it happen

      Windows NT 4
      Menu sequence to make it happen
      And/or respective registry setting / INI file setting to make it happen

      Windows 2000
      Menu sequence to make it happen
      And/or respective registry setting / INI file setting to make it happen

      Windows XP
      Menu sequence to make it happen
      And/or respective registry setting / INI file setting to make it happen

    • further points for increased security in very security conscious environments... hide away all parts of Windows considered unnecessary in daily life that could potentially be used maliciously: FORMAT.COM, FDISK.COM, DEBUG.EXE. there are many more points to this topic

    • Windows NT can be configured for complete and secure independence between multiple users. Windows 95 and 98 have a limited ability to be configured for multiple users (areas include desktop, etc, etc). though not especially useful, if you want to configure Windows 95 so that users can configure these aspects for themselves, then attend to the following areas: Control Panel/Users; Control Panel/Passwords; and more...

    • Network/Identification

    • Network/Access Control

    • ICC profile

    • Windows Explorer, Win95: View -> Folder Options -> View -> Folder views -> You can make all your folders look the same. Like Current Folder

    • turning off 'Shell Enhancements' appears to atleast save a little RAM (Shell Enhancements are IE integration, one enhancement is Quick Launch icons: Windows -> Application Data -> Microsoft -> Internet Explorer -> Quick Launch)

    • does System Monitor save its open windows to a file that we can save and offer for download?

    • CHM - install the updated MS version or the slimmed-down version by its original author?

    • how does JScript relate to ActiveX? is it a sub-set (Microsoft JScript is supposed to be less secure than Netscape's JavaScript)

    • display properties - small fonts (so that web pages aren't distorted compared to what their designer intended. and instead how should people change the font size?)

    • E:\TEMP renamed E:\WINDOWS

    • SYSTEM.INI: [386enh] COM1FIFO=1 gets put in by fax software

    • configure 'mail recipient'

    • tune Windows' virtual memory

    • make the Windows 'path' more useful than the default:
      add a \utils directory and keep useful system utilities there
      Windows 95, 98: add path = D:\utils to \AUTOEXEC.BAT

    • read this: http://www.sohointer.net/howto/tweak_tcp.htm

    • though its advised to use the Windows Desktop to store shortcuts (to programs, data, directories, drives, etc), rather than the actual item, you can make a workaround for people who aren't aware of this and will store large files on the Desktop and it potentially fill up the WINDOWS partition (C:) by:

      for multi-user systems (this will need to be set for each user seperately):
      - create a F:\%username%\desktop directory
      - Start -> Settings -> Control Panel -> TweakUI -> My Computer -> Special Folders -> Desktop -> and set it to F:\'username'\Desktop

    • when making drive mappings from Windows 98 to Windows shares, to save Windows checking at boot and complaining loudly if the shares aren't available, it can just display them as if they were connected and check when you try to use them: client for Microsoft networks -> Properties -> network logon options -> Quick logon.

    • Scheduled Tasks / Task Scheduler - "For example, there are a few tools (the Maintenance Wizard, for one) that automate the creation of scheduled tasks to complete various automated functions"
      Maintenance Wizard: Start -> Programs -> Accessories -> System Tools -> Maintenance Wizard - use Disk Cleanup thru this or stand-alone to delete obsolete temporary files
      Start -> Programs -> Accessories -> System Tools -> Disk Cleanup or run cleanmgr.exe

    • sound playback and record properties

    11. Appendix

    breakdown of Internet Explorer's Security settings

    • ActiveX controls and plug-ins (Microsoft's ActiveX (.OCX) is similar to Netscape's JavaScript (.JS) and ECMA's ECMAScript)
      Download signed ActiveX controls [5.5,6.0]
      Download unsigned ActiveX controls [5.5,6.0]
      Initialize and script ActiveX controls not marked as safe [5.5,6.0]
      Run ActiveX controls and plug-ins [5.5,6.0] (enabled by default in the High setting)
      Script ActiveX controls marked safe for scripting [5.5,6.0] (enabled by default in the High setting)

    • Cookies
      Allow cookies that are stored on your computer [5.5]
      Allow per-session cookies (not stored) [5.5]

    • Downloads

      • File download [5.5,6.0]

      • Font download [5.5,6.0]

    • Java
      Java permissions [5.5,6.0] - change from 'high safety' to 'disable Java'
      (are these all the MSJava files themselves?: JAVART.DLL (Runtime Library), %WINDIR%\SYSTEM32\JVIEW.EXE (VM command line interpreter), %WINDIR%\SYSTEM32\MSJAVA.DLL (VM). under Windows 2000 these filed will be mirrored in %WINDIR%\SYSTEM32\DLLCACHE and perhaps %WINDIR%\ServicePackFiles)

    • Miscellaneous

      • Access data sources across domains [5.5,6.0]

      • Allow META REFRESH [6.0]

      • Don't prompt for client certificate selection when no certificates or only one certificate exists [5.5,6.0]

      • Drag and drop or copy and paste files [5.5,6.0]

      • Installation of desktop items [5.5,6.0]

      • Launching programs and files in an IFRAME [5.5,6.0]

      • Navigage sub-frames across different domains [5.5,6.0]

      • Software channel permissions [5.5,6.0]

      • Submit nonencrypted form data [5.5,6.0]

      • Userdata persistance [5.5,6.0]

    • Scripting

      • Active scripting [5.5,6.0]

      • Allow paste operations via script [5.5,6.0]

      • Scripting of Java applets [5.5,6.0]

    • User Authentication

      • Logon [5.5,6.0]



    Version: 1.14.8 | Licence: GNU General Public License version 2.0 | Copyright: (C) 2001-2004 The Golden Ear | Email: inkwire-at-thegoldenear-dot-org | Web: http://thegoldenear.org/.

    This document built using HTML 4.01 / XHTML 1.0 (Transitional) and CSS 1. If your browser doesn't support these techniques this page may not appear as intended. For best results, use a browser that supports open Standards.

    at:  http://thegoldenear.org/toolbox/windows/docs/windows/win-config.html