Registry Keys for Tweaking Windows Update

Registry Keys for Tweaking Windows Update

In this article, I will show you some registry keys that are associated with Windows Update. As I do, I will show you the various settings that you can assign to those registry keys.

Although Windows Update and WSUS are both generally pretty simple to configure, you can sometimes gain a higher level of control over them by making a few minor modifications to the Windows registry. In this article, I will show you some registry keys that are associated with Windows Update. As I do, I will show you the various settings that you can assign to those registry keys.

Before We Begin

Before I get started, I need to keep the lawyers happy by telling you that modifying the Windows registry can be dangerous. Incorrectly modifying the registry can destroy Windows and / or your applications. I therefore strongly recommend that you perform a full system backup prior to attempting any of the techniques that I am about to show you.
Now that I’ve gotten the standard disclaimer out of the way, there is one more thing that I need to tell you before I get started. The registry tweaks that I am about to show you are intended for machines that are running Windows XP. You can apply the tweaks to individual machines directly, or you can apply modifications as a part of a login script. Also, some of the keys that I am going to be talking about may not exist by default. If you want to use a key that does not exist, you will have to create it. You should also keep in mind that Windows Update’s behavior can be controlled by a group policy, and that if a group policy is in effect, it can cause portions of the registry to be overwritten after you have made changes.

Elevation of Privileges

One of the problems with receiving updates from a WSUS server is that users are not allowed to approve or disapprove of updates unless they are a member of the local administrators group. However, you can use the registry to give users an elevation of privileges that will allow them to approve or disapprove of updates regardless of whether or not they are a local administrator. On the flip side, you could also deny end users the ability to approve updates, reserving that right for Admins.
The registry key that controls this behavior is: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateElevateNonAdmins
The ElevateNonAdmins key has two possible values. The default value of 1 allows non administrators to approve or deny updates. If you change this value to 0, then only administrators will be allowed to approve or deny updates.

Target Groups

One of the nice things about WSUS is that it allows you to use client side targeting. The idea behind client side targeting is that you can set up different computer groups, and you can roll out updates on a group basis. Client side targeting isn’t used by default, but if you decide to use it, then there are two different registry keys that you will have to create. One of these keys enables client side targeting, while the other specifies the name of the target group that the computer belongs to. Both of these registry keys must be created at:

HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate

The first key is a DWORD key named TargetGroupEnabled. You can assign this key a value of either 0, which disables client side targeting, or of 1, which enables client side targeting.
The other key that you will have to create is string value named TargetGroup. The value that you would assign to this key is the name of the target group that the computer should be assigned to.

Assigning a WSUS Server

If you have been involved in networking for a while, then you probably know that network designs tend to change over time. Things like company growth, new security requirements, and corporate restructurings often force the underlying network to change. So what does this have to do with Windows Update? Well, WSUS is scalable and can be deployed in a hierarchical manner. This means that an organization can have a multitude of WSUS servers deployed. If a PC is moved to a different part of the company, then the WSUS server that it was initially configured to use may no longer be appropriate for its new location. Fortunately, a couple of simple registry modifications can be used to change the WSUS server that the PC gets its updates from.
There are actually two registry keys that are used when specifying a WSUS server. Both of these keys are located at: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdate. The first key is named WUServer. This registry key holds a string value which should be entered as the WSUS server’s URL (example: http://servername).
The other key that you will have to change is a string value named WUStatusServer. The idea behind this key is that the PC must report its status to a WSUS server so that the WSUS server knows which updates have been applied to the PC. The WUStatusServer key normally holds the exact same value as the WUServer key (example: http://servername).

The Automatic Update Agent

So far I have talked about how to connect the PC to a specific WSUS server or to a specific target group, but this is only half of the process. Windows Update uses an update agent that actually installs the updates. There are a number of registry keys located at HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU that control the automatic update agent.

The first of these keys is the AUOptions key. This DWORD value can be assigned a value of either 2, 3, 4, or 5. A value of 2 indicates that the agent should notify the user prior to downloading updates. A value of 3 indicates that updates will be automatically downloaded and the user will be notified of installation. A value of 4 indicates that updates should be automatically downloaded and installed according to a schedule. For this option to work, the ScheduledInstallDay and ScheduledInstallTime keys must also be set. I will talk more about those keys later on. Finally, a value of 5 indicates that automatic updates are required, but can be configured by end users.

The next key that I want to talk about is the AutoInstallMinorUpdates key. This key can be set to a value of either 0 or 1. If the key is set to 0, then minor updates are treated just like any other update. If the key’s value is set to 1, then minor updates are silently installed in the background.

Another key related to the Automatic Update Agent is the DetectionFrequency key. This key allows you to specify how often the agent looks for updates. The key’s value must be a whole number between 1 and 22, and indicates the number of hours between each detection attempt.
A related registry key is the DetectionFrequencyEnabled key. As the name implies, this key either enables or disables the Detection Frequency function. Setting this key to a value of 0 causes the DetectionFrequency key to be ignored, while setting it to a value of 1 causes the agent to use the DetectionFrequency value.

The next key that I want to talk about is the NoAutoUpdate key. If this key is set to a value of 0, then automatic updates are enabled. If the key’s value is set to 1, then automatic updates are disabled.
The last registry key that I want to talk about is the NoAutoRebootWithLoggedOnUsers key. As you probably know, some updates simply cannot be applied without rebooting the system. If a user happens to be logged in, then a system mandated reboot can be very disruptive. This is especially true if the user has walked away from their desk without saving their work. This is where the NoAutoRebootWithLoggedOnUsers key comes into play. The key can be assigned either a value of 0 or 1. If the value is set to 0, then users will receive a five minute warning and then the system will reboot automatically. If the value is set to 1, then users will simply receive a message asking them to reboot their systems, but they can reboot at their leisure.

Conclusion
There are a whole lot more registry keys related to Windows.
update

Part 2:

In this article, I will continue the discussion where I left off in Part 1 by exploring the remaining Windows Update related registry keys.
In Part 1 of this article series, I explained that although Windows Update is self configuring for the most part, there are a large number of registry keys that you can use to tweak Windows Update’s behavior. This is especially useful if you are downloading updates from a WSUS server. In this article, I will continue the discussion where I left off in Part 1 by exploring the remaining Windows Update related registry keys.

Before We Begin:

Before I get started, I have to keep the lawyers happy by telling you that making modifications to the registry can be dangerous. Making an incorrect registry modification can destroy Windows and / or any applications that are running on the machine. You should therefore make a full system backup before attempting any of the registry tweaks that I am about to show you.
One other thing that I want to mention before I get started is that if you try some of these modifications and you don’t get the results that you are expecting, try checking to see if there is a group policy that mandates Windows update settings for the machine. Group policies can sometimes modify a registry key so that it follows the mandated behavior rather than using any modifications that might have been previously made.
Finally, I want to mention that I ended Part 1 of this article by discussing some of the registry keys found in the HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftwindowsWindows Update section of the registry. All of the registry keys that I will be discussing in this article are found in this section of the registry as well. None of the registry keys that I am about to show you exist by default, but you can create them to achieve the desired behavior. If you choose to create a registry key, then please keep in mind that the key names that I will be showing you are case sensitive and any of these keys that you create should be created as DWORD values.

Disabling Windows Update

The first key that I want to show you is the NoAutoUpdate key. You can use the NoAutoUpdate key to either enable or disable Windows update. Normally, this probably isn’t a key that you want to use, but it does have its place. If you happen to work in an environment with no Internet connection and you don’t have a WSUS server either, then you might disable Windows Update just to keep it from being a nuisance.
I don’t recommend creating this registry key unless you need to disable Windows Update. If you do need to disable Windows update, then you can create a key named NoAutoUpdate with a DWORD value of 1. Changing the value to 0 re-enables automatic updates.

Reboot Reminders

Have you ever applied an update to a server and then had Windows prompt you to reboot the server at a time that just wasn’t convenient? Personally, I’ve always found it annoying that Windows Update keeps prompting you to reboot your server every few minutes while you are trying to work. You can however change the reminder frequency. To do so, simply create a registry key named RebootRelaunchTimeout. The value that you assign to this registry key should reflect the number of minutes that you want Windows to wait between reminders. For example, if you wanted a reminder every half hour, then you would set the value to 30. You can set the RebootRelaunchTimeout registry key to use any positive integer from 1 to 1440.
Of course you also have the option of getting rid of reboot reminders completely. To do so, create a registry key named RebootRelaunchTimeoutEnabled, and set the value to 0. If you decide later that you want to re-enable reboot reminders then just change this key’s value to 1.
If you have ever worked with scheduled updates, you might have noticed that Windows can be configured so that the computer automatically reboots after an update requiring a reboot is applied. When automatic update is configured in this way, the user will receive a warning message before their computer reboots. The warning says something like “your computer will reboot in 5 minutes”. As you might have already guessed though, this reboot count down is controlled by the Windows registry. You can therefore tweak the registry to give users more or less warning prior to a reboot.
To create a custom reboot count down, simply create a registry key named RebootWarningTimeout. You can then assign this key a value that corresponds to the number of minutes that you want to give the user from the time that the warning is first displayed until the computer is rebooted. For example, setting this registry key to a value of 10 would give the users a ten minute warning. Valid values include positive integers ranging from 1 to 30.
If you plan on using the RebootWarningTimeout key to specify a custom reboot warning countdown, you will have to use the RebootWarningTimeoutEnabled registry key to enable it. To do so, create a registry key named RebootTimeoutWarningEnabled, and set its value to 1. Setting this value to 0 will cause Windows to use a five minute reboot countdown regardless of what has been set through the RebootWarningTimeout key.

Applying Missed Updates

Although Windows Update gives you the ability to schedule updates, things can happen that cause a computer to miss the scheduled update period. For example, the computer could be turned off at the scheduled update time. When a scheduled update is missed, Windows will attempt to install the update the next time that the computer is booted. However, it can be disruptive to the user to have updates installed as soon as their computer boots up. You can therefore set a timer to control the number of minutes that Windows should wait after the system boots to install missed scheduled updates.
Before I show you how to set the timer, I should mention that this only applies to missed scheduled updates, not updates with an expired deadline. With that said, you can create the timer by creating a registry key named RescheduleWaitTimer and assigning it a value that reflects the number of minutes that Windows should wait from the time that the system boots until missed updates are installed. Valid values are positive integers ranging from 1 to 60.
If you plan on using the RescheduleWaitTime registry key, you will have to use a second registry key to enable it. The name of the second required key is RescheduleWaitTimeEnabled. Assigning this key a value of 1 will enable the reschedule wait timer registry key, where as setting this key to a value of 0 will cause the wait timer to be ignored.

Scheduling Installations

I have talked a lot about scheduled installations, but I want to show you one last trick. You can use the registry to set the installation schedule. There are two registry keys that are used when scheduling an update. The first of these keys is ScheduledInstallDay. I recommend assigning this key a value of 0 which tells Windows that updates should be installed regardless of what day it is. You can however specify a day by specifying a positive integer ranging from 1 to 7. The number that you specify designates a day of the week. A value of 1 sets the installation day to Sunday. Setting the value to 2 sets installation day to Monday. If you are going to limit installations to one day a week, then I recommend using Wednesday since most Microsoft patches are released on Tuesday.
One thing that you need to know about the ScheduledInstallDay key is that it is ignored unless the HKEY_LOCAL_MACHINESSoftwarePoliciesMicrosoftWindowsWindowsUpdateAUAUOptions key is set to a value of 4. I discussed this key in Part 1.
The last key that I want to talk about is the ScheduledInstallTime key. This key tells Windows what time of day updates should be installed. Valid values for this key are positive integers ranging from 1 to 24, which reflect the hour of the day in military time. As such, a value of 3 would reflect a 3:00 AM installation time. A value of 13 would be a 1:00 PM installation time.

Conclusion
As you can see, there are a tremendous number of registry keys that can be used to configure Windows Update. If you are thinking about trying these keys out, I recommend testing your settings on a single PC before rolling out your changes on a large scale.

Follow @aleemxp

Running Windows Under Non-Admin Accounts - XP

Running Windows Under Non-Admin Accounts - XP


WINDOWS XP - Running Windows Under Non-Admin Accounts

Everyone knows that one of the most important principles of network security is least privilege: grant ordinary users only those rights and permissions they need to get their work done and no more. For example, if ordinary users don’t need access to sensitive data stored in the Accounting share, don’t give them any permissions on that share, either through shared folder permissions on the share itself or NTFS permissions on the folder underlying the share.

Least privilege is more than a security principle, it’s also a lifesaver as far as the day-to-day job of administrators is concerned. Reason is, users are curious creatures and tend to push the envelope of what company policies allow and forbid them to do. Give a user local administrator privileges on their computer and they’re likely to try all sorts of things like installing additional software, changing configuration settings, and even poking around the registry to see if they can “tune” their machine to make it run better. From an administrator’s point of view however, this can be disastrous since the wrong tweak might break some application or even render their machine unusable. The user then cries for help and as an administrator you pretty much have two choices: wipe their machine and re-image it from your standard desktop image or spend useless hours trying to troubleshoot their problem. The second choice is usually a waste of time unless, contrary to company policy, the user has been saving important files on their machine instead of on the network. And the first choice is almost like spitting in the wind—you re-image the user’s machine and he just goes and fools around with it again.

Group Policy is one way of locking down what a user can and cannot do on their computers and using their credentials. But what if company policies (or culture or politics or on the job realities) mean that your users need to have the ability to install their own software and configure settings on their machines? If this is the case, you have two choices: give your users local admin privileges, or don’t. Since the first option causes the troubles I’ve described above, let’s explore the feasibility of the second option.

The Pain of Running As Non-Admin

If you choose not to make a user’s domain account a member of the local Administrators group on their machine, the user is likely to complain loudly for a number of reasons including the following:

When they try and install software on their machine, the install will usually fail with an error of some sort.

When they try to adjust the Date and Time in Control Panel, they get a dialog box saying they don’t have sufficient privileges to do so.

When they try and configure Power Options in Control Panel, they can change the setting in the GUI but when they click OK to apply changes they get an Access Denied message.

When they want to share a folder on their machine so another user can access their files, they can’t because there is no Share tab on the properties sheet for the folder they want to share.

Working around the last three complaints is fairly straightforward (I’ll show you how in a moment), but the problem of not being able to install software is a complex issue for several reasons. First, most software (including many of Microsoft’s own applications) requires local administrator privileges in order to install under any version of Microsoft Windows. On the face of it, this requirement is due to the fact that applications need to write to special areas of the file system and registry. But that’s not the real reason applications need admin privileges to install—the real reason is that developers are generally too lazy to bother creating Setup or Windows Installer packages that will work under non-admin privileges. This is because doing so involves going through a number of hoops as a developer, and that means extra work (which most developers want to avoid). But it also means developing these apps while running under non-admin privileges yourself, and again that involves lots of bother so most developers don’t bother—it’s much easier to develop an application if you are logged on as Administrator, so most apps are de facto designed to run under admin privileges as well.

Installing Software As Non-Admin

So how do you install software when you don’t have admin privileges on a machine? The tedious way is to log off, log on as Administrator, install your software, log off, log on again with your ordinary user account, and then start using the software as an ordinary user. The fancier way of course is to use the secondary logon feature (the Runas.exe command) of Windows 2000 and later. With .exe files (and .msc files or consoles) you can right-click on the icon and select “Run as…” and then specify local admin credentials for installing the program. Unfortunately the “Run as…” option doesn’t appear when you right-click on .msi files, but the workaround here is to use Runas to open a command prompt (cmd.exe) window using admin credentials and then run the .msi file to install the app.
Unfortunately, some programs after they’ve been installed with admin privileges using Runas still don’t work properly when you try and run them as an ordinary user. This is because when you use Runas to install something, any per-user settings that the install routine creates are written to the user profile for the local Administrator account instead of to the user profile of the currently logged-on ordinary user account. And of course that causes problems when you try and run the installed program later as an ordinary user. Once again, the developer who wrote the program could have worked around this issue, but why bother when everyone runs Windows as Administrator anyway?

I’ve experienced this kind of thing myself several times with both third-party Win32 apps and also .NET Framework applications, and it’s frustrating. For example, I recently wanted to take an e-learning course in ASP.NET application development from Microsoft. Unfortunately for some reason I couldn’t download the course (a .NET app itself) when logged on using my domain user account, so I opened an instance of Internet Explorer using local admin creds and successfully downloaded the course. But when I tried to run the course locally on my machine, it wouldn’t run when I was logged on as ordinary user. So I tried using Runas to run the course under admin privileges and it still wouldn’t run. In the end I had to log off, log on as Administrator, download the course, and run it while logged on as Administrator in order to get it to work. Frustrating! Maybe if I investigated the problem further I might have discovered why it didn’t work the first time, but that just illustrates in the first place why most people run Windows under admin privileges all the time—if you aren’t running as admin, you can waste a whole lot of time trying to make things work.

The Least Privilege Red Herring

Furthermore—and this is something that’s only recently started being considered by security experts—it may be that this whole least privilege issue is something of a red herring in the first place. Sure, if you’re logged on as Administrator and you browse the web and come across some nasty site and download a virus, that virus gains control of your system using your own credentials i.e. administrator. And if you were an ordinary user and browsed that same site, the virus would only have limited access (the level of privileges of a domain user) on your system so the potential damage would be mitigated. But actually it’s more complex than this. After all, if the malware you download is a worm that exploits a weakness in a Windows service, then it really doesn’t matter what account you’re currently logged on as.
Furthermore, the smartest black hat hackers out there are already busy trying to figure out new ways to create malicious code that can own your system even if your logon privileges are minimal. Because of this, the upcoming and highly-touted Least-privilege User Account (LUA) feature of Longhorn (now Windows Vista) that will do away with the deprecated Power Users group and enable LUA-compatible apps to be installed and run using ordinary user credentials is really no panacea for the security issues surrounding the use of least privileges. You can bet your bottom dollar that the bad guys out there will find some way of circumventing LUA or even leveraging it to their advantage, opening up a whole new kettle of worms.
So while least privilege is still a good idea, it’s certainly not the be-all or end-all of network security. In other words, you still have to think defense-in-depth and consider least privilege (or LUA) as simply one more obstacle in the way of hackers owning your system.

Some Non-Admin Workarounds

Going back to our list of things ordinary users complain about, let’s look at some workarounds. Say you’re logged on as an ordinary user and want to share a folder on your system. If you open Windows Explorer (explorer.exe) and right-click on the folder, there’s no Sharing tab so you can’t do it. And Runas doesn’t work with explorer.exe because Explorer is already running as your shell, so you’re out of luck there as well. Fortunately there’s a workaround: use Runas to start Internet Explorer (iexplore.exe) instead of Windows Explorer (explorer.exe). Then once IE is open, type C:\ into the address bar and click the Folders button on the toolbar and suddenly it looks like you’re in Windows Explorer. Now navigate to the folder you want to share and right-click it and select Sharing and Security and you’re on your way.

And while we’re at it, note that the folder tree in IE displays a Control Panel node. Select this node and in the right-hand pane you see all the Control Panel applets. Try using Date and Time to change your system time—it works! Since IE is running under admin creds, all the apps you access in it including Control Panel applets also run with admin credentials. Same goes for Power Options, Network Connections, System, and other applets that have reduced functionality when run as non-admin.
There’s an even easier way however (the IE method works but is a bit messy since iexplore.exe is not in the system path) and that’s to do the following:

Log off and then log on as Administrator.

Open Windows Explorer

Select Tools, then Folder Options, then View, and select the checkbox labeled “Launch folder windows in a separate process”

Close Windows Explorer and log off.

Now when you log on again as an ordinary user, you can right-click on explorer.exe (or its shortcut), select “Run as…”, specify the local Administrator account credentials, and Windows Explorer now opens running with admin privileges.

Conclusion

Running Windows as non-admin is challenging, and while there are some security benefits to doing so, the hoops you have to jump through to make things work can be daunting. Furthermore, these security benefits are not as great as many security people tout them to be, and it won’t be long until the bad guys figure out ways to install serious malware on Windows even when users are running as non-admins.

Follow @aleemxp

15 tips and tricks for enhancing your Vista experience.

1. If you hate the look of Aero, click Start/Control Panel/Themes and you can choose a non-Aero theme, such as Windows Classic.

2. Windows Vista's installer can detect serial-ATA (SATA) drives without the need to provide a driver diskette. Don't bother creating a diskette for your SATA drives before you install Vista.

3. If, for some reason, the Vista installation gets interrupted due to an unintentional shutdown or reboot, start the computer without booting the Vista DVD. Windows Vista's installer should pick up where it left off. If it does-n't, then restart the installation over from scratch.

4. When you perform a search with Vista's new, instant search feature, you can save the search in a special folder. This powerful feature allows you to create a virtual folder which, by default, is saved in your \Searches folder. Every time you open such a folder, the search results are updated.

5. In Windows Vista, you can add additional clocks to the system tray. Click the clock, and then click Date and Time Settings. Click the Additional Clocks tab. You can add one or two additional clocks to the tray and select their time zones.

6. You can save your progress in most of the games included with Windows Vista—even the carry-overs from earlier versions of Windows.

7. You can create XML documents, which are more secure than regular text files or even word processor docs. Just create a document in a word processor, print it via the options menu, and select the XPS printer.

8. If you upgrade your graphics card in preparation for Windows Vista, be sure to get a new card with as much local memory as possible. Since Windows Vista renders everything—even the desktop and windows them-selves—as 3D surfaces, local 3D memory greatly improves performance...sometimes even more than a more powerful GPU.

9. Windows Vista games deposit their saves into a special directory, called Saved Games, in your personal folder. In theory, that will make upgrading to a new system much easier for gamers, who like to migrate their game saves.

10. When using the Help system, it's usually advantageous to include Microsoft's online database in your search. The online/offline status of your search is located on the bottom right of the Help window. You can click it to toggle.

11. The Games folder is a powerful repository of all things gaming. From within, you launch games, update games with the latest patches, enable parental controls to protect younger users from harmful content, and more. Invoke it by clicking Start/Games.

12. Several applications are available to help you tweak Windows Vista for maximum performance. They in-clude TweakVI , TweakVista and VistaBootPRO (www.vistabootpro.org). And don't forget about Windows ReadyBoost, which lets you use a removable flash memory drive to boost system memory.

13. Do you use the icon in the upper left corner of system and application windows? A quick double-click closes the window (instead of a single click on the X at the upper right). Though Microsoft left the icon out in Vista, the function remains.

14. In Microsoft Windows Explorer, you can use column headers (Name, Size, and so on) to sort files. Savvy users may right-click on a column head to remove items or add some—say, Dimensions for images. There are around 45 such columns available in Windows XP. Windows Vista has well over 250, covering a multitude of metadata.

15. If you've become used to surfing your Program Menu to get to applications, you'll be in for a shock when you first use Microsoft Windows Vista. The new Program Menu shows you only recently used applications and requires extra clicks to navigate to submenus. This can be very frustrating but, thankfully, the Search box Microsoft has added to the Start menu is a great replacement—as long as you're an accurate typist. As quickly as you can type, it returns intelligent results in apps, files, even e-mail messages.

Follow @aleemxp

VISTA TIPS & TRICKS

VISTA TIPS & TRICKS


1. Command Authority
Like a scene straight out of Kramer vs. Kramer or Mad Magazine's Spy vs. Spy, Vista has two types of administrators. What gives? First, understand that there are two kinds of user accounts, Administrator and Standard. This refers to the level of privileges—the things you're allowed to do. In addition, and separately, there is an account named Administrator. It's typically used to sort out problems that keep you from logging on to your normal account. As in Windows XP, you should rename the Administrator account for security purposes (just don't forget what you've changed it to). Right-click Computer and click Manage. Under Local Users and Groups, open Users, right-click the one named Administrator, and choose Rename. Then right-click it and choose Properties to delete its telltale description as well.

2. Improve Your Network
There are two types of wireless networks known to Vista: public and private. Public networks are less secure, so the OS disables discovery of other devices when connected to one. But by default, Vista makes your network public. Go private instead, enabling a much more comprehensive view of the network behind your router using a new protocol called Link Layer Topology Discovery. In the Network and Sharing Center, click Customize under the picture of your network at top. Switch to Private and click Next. While you're optimizing things, note the various sharing options listed; it's easy to give all of your PCs access to your printer here.

3. Truly Secure Your Files
Password-protecting your laptop is good overall security, but for added protection, start encrypting. Vista Enterprise and Ultimate editions come with BitLocker Drive Encryption, a tool that relies on a Trusted Platform Module to secure access—check your manual to see if your notebook has one and update your BIOS if needed. To make the magic happen, you'll need an extra partition on your hard drive that you can create with the Vista partitioning tool on your installation disc or with the BitLocker Drive Preparation Tool, a Vista Ultimate Extra. You'll create one small partition for essential OS files, and the rest of the drive will hold encrypted files. Format the partition as NTFS, not FAT32.

4. Run Two Operating Systems
Apple's Boot Camp software lets you run the Microsoft Windows XP operating system on an Intel-based Macintosh, but it doesn't support Vista—and it's still in beta, almost a year after its release. To run Microsoft's newest OS on your Apple, get Parallels Desktop for Mac. This virtualization software lets you run two operating systems simultaneously by taking advantage of the Intel Core Duo's built-in virtualization technology. To get Vista running smoothly in a window on your OS X desktop, be sure to boost the program's memory requirements to 2GB; Vista won't run well with only 1GB of memory for the subsystem.

5. Beautify Your Boot
The boot screen built into Windows is functionally useless. Why not make it look prettier? Microsoft designed a built-in boot screen that replaces the animated start-up bar (you'll see it if you awaken your PC from hibernation); it provides just as little information, but it looks a whole lot better. To enable it, run MSConfig from the Start menu, and under the Boot tab, select No GUI Boot.

6. Be a Mobile Power User
Windows Mobile devices are handy, but are crippled off the bat. The new operating system comes with a Sync Center that lets you sync only media files, not your PIM info. Before plugging your device in for the first time, go to the Download Center at Microsoft.com and search the Mobile Devices category for the Windows Mobile Device Center, which powers up support for syncing e-mail, calendar data, and contact info. Once you've used the Device Center to transfer your calendar to your handheld, right-click it in My Computer to see the gadget's charge state, and you'll always be fully powered.

7. Find Your Router
To add encryption to your network, boost the speed, control access, and manipulate your bits in other ways, you'll probably need to log on to your wireless router, often via a built-in Web page served from the device. This Web page is usually given a difficult-to-remember IP address, such as 192.168.2.1. Find your router's home page easily via the Network and Sharing Center; first click View full map at top right, then right-click your router or wireless access device and select Go to Device Home Page.

8. Enable Concurrent Sessions
Server versions of Windows let multiple users log on to a PC simultaneously; this is handy for home-theater enthusiasts who want to perform remote maintenance on a system that others might be using to watch TV, for example. To get this working under Vista Business or Ultimate editions, you'll need to replace the Termsrv.dll file with a hacked version. You can find the complete instructions and a link to the new DLL at the Missing Remote Web site, www.missingremote.com.

9. Be The Boss
In order to limit the havoc that rogue programs can cause, administrator accounts aren't totally in charge. To gain complete control (to install antispyware, for example), log on as the Administrator—but not all the time, or you'll negate this account's raison d'être. The Administrator account won't show up in the User Accounts control panel, however: It's disabled by default. In Vista Ultimate or Business editions, right-click it in the Management Console (as described in the first tip) and select Properties. Uncheck Account is disabled and it'll show up in the control panel. That's the super-mega-ultimate account. Don't have Ultimate? Click Start, type cmd, right-click the cmd.exe item at top, and choose Run as administrator. Type net user administrator /active:yes and log off. The Administrator account now shows up on the welcome screen.

10. Install From an Upgrade Disc
Past Windows versions have let you prove upgrade-readiness by inserting a CD of the previous OS during the install process. Vista doesn't; Microsoft specifically says "Windows Vista does not check upgrade compliance. Therefore, you cannot use an upgrade disc to perform a clean installation of Windows Vista." To work around this problem, insert your CD into your clean computer. Don't enter the code when Vista asks for your license key, simply click Next. You'll create a system sans activation code that's active for 30 days. Then reboot from the CD; you'll be able to install the OS as an update to your Vista installation. Now use the activation code.


11. Save Your Music!
We've all been buying audio and video files wrapped in DRMs from Microsoft, Apple, and others. What happens to that content when you upgrade to Vista? If you've bought digital media from stores running Windows Media Player 10, you'll be asked to reauthorize the content. With stuff from Apple's iTunes, deauthorize your PC before upgrading to Vista. Simply sign in to the iTunes store, and, from the Store menu, select Deauthorize Computer. After upgrading, reverse the process to re-enable access to your files. If you've authorized the maximum five PCs, select View My Account from that same menu, where you can "Clear all authorizations" once a year.

12. Extend Activation
Are you testing out Vista's features and compatibility but not sure if you want to go ahead and activate it? Microsoft understands. It has built a software licensing manager into the new OS that lets you extend the activation period. At the Start menu's search bar, simply type slmgr -rearm to get another 30 days. You can do this a maximum of three times before Microsoft blocks further extension periods. And once you're locked out, that's it.

13. Prevent Vertigo on Vista
The new 3D desktop is a tremendous improvement, but not all of the features are handy, and some of the settings are downright disconcerting. Control your own 3D experience! First, right-click Computer and choose Properties to get the System Properties page. Click Advanced system settings. On the Advanced tab, click Settings in the Performance section. The Visual Effects field is where you can choose to Adjust for best appearance, Adjust for best performance, Let Windows choose, or go wild with your own choices.

14. Snip at Will
Power users are comfortable using the PrintScr key to capture screen shots, but there's a better way in Vista. You can use the integrated Snipping Tool to capture any object on your screen and then annotate, save, or share the image. Simply use the mouse to capture free-form shapes, rectangles, whole windows, or full screens. After you capture a snip, it's automatically copied to the markup window, where you can annotate, save, or share it. Bonus: If you've clipped from an Internet Explorer window (not Firefox or Opera) and save the snip as an HTML file, the URL is automatically appended to your image. Neat!

15. Play Six Degrees of Kevin Bacon
Love him or hate him, Kevin Bacon is a name you'll never forget. Now you can play "find the actor" anytime (not officially, that is, but bear with us) using Windows Vista. First, launch Windows Media Center from the Start menu. Navigate to TV + Movies and select Recorded TV. Select the movie you are interested in (Vista comes with snippets from Apollo 13 and Vertigo, just to get you started). Select Cast + More, pick a cast member, and repeat until you find Mr. Bacon.

16. Work With The SideShow
Vista supports a secondary display (ideally on your laptop's lid, as on the cool Asus W5FE) for you to get quick access to e-mail, photos, calendar info, and music files. And that's just scratching the surface. SideShow info can be stored and accessed in two ways: either from the hard drive, which takes longer and involves caching, or directly from a flash component in your system—quicker, but space is limited. The flash component shows up as a separate drive in Windows Vista that you can drag and drop MP3s and photos to. Some gadgets require use of the hard drive; you won't be able to access them if the system is off. Instead, put it to sleep, and set Vista to wake every 5 minutes, updating e-mail, calendar, and other gadgets that rely on an Internet connection.

17. Pick Your Feeds
The Sidebar's RSS Feed Reader is handy, but by default it picks up feeds only directly from Microsoft. Making it work for you is a two-stage process. First, find a Web page with an RSS feed on it using Internet Explorer—the orange feed icon at the right of the status bar lights up to indicate the feed's presence. Click it, and select Subscribe to this feed. Then right-click on the module and select Options; you'll be able to choose which feeds and how many items are displayed. Want to find feeds using Firefox instead? Download the Common Feed List tool from www.netcrucible.com/blog.

18. Be a Better Parent
Kids need structure, otherwise they'll spend hours browsing the Web for dirty limericks. Turn to Vista's parental controls for a quick and easy way to monitor how long they're online—and who goes where. First, create an account for each child in the User Accounts control panel. Then click Set Up Parental Controls to create and set limits. Don't forget to enable activity monitoring as well. It's okay—you're Dad, not Big Brother. You can view them later by visiting the same section of the control panel. But be forewarned: Parental controls are available only to PCs on a workgroup, not those on a domain.

19. Reduce Power Consumption
As laptops became more popular, consumers became aware of Win XP's power settings. Standby left your computer running at low power; hibernate saved all memory to disk and then shut down your system—but often balked at problem programs. With Vista, Microsoft redrew the rules, adding an "away mode" and defaulting to "sleep" rather than off. Sleep mode starts off like standby but saves memory like hibernate. Then after 15 minutes it just shuts off, with no back talk from programs. Nicely done, Microsoft! To shut down completely, skip the Start menu's orange power button in favor of the right arrow next to it.

20. Get help
The Help and Support Center built into Windows XP was a good start but far from ideal. Though it appears similar to Win XP's, Vista's Support Center is much improved. Besides the usual documentation on core OS functionality, Vista's integrated system can get the latest help info from the Web, allow a friend to help by remote assistance, or search in "Windows communities." Type a word or phrase into the main search field and hit enter. At the bottom of your returned results is a useful link to these other sources of assistance.

21. Boost Your System Speed
Hybrid hard drives, which embed a cache of flash memory inside a hard drive's 3.5-inch shell to improve its performance, aren't on the market yet. But they're just one way Vista uses flash memory; ordinary thumb drives can, cheaply and easily, let your PC read small, random bits of frequently accessed data, a Vista feature called ReadyBoost. Here's the thing: To maximize its efficiency, a ReadyBoost thumb drive should have the same amount of memory as is built into your system. In other words, match your 2GB of RAM with a 2GB flash drive for best performance.

22. Uncover Send To
The Send To menu is a handy way to quickly move files into frequently accessed locations. The default locations are Microsoft's favorites, however, and they might not be yours. In Windows XP it was possible to add to the Send To menu by putting a shortcut in the SendTo folder. But try that trick with the SendTo folder in your Personal folder and you'll be hit with an "access denied" message. That's because it's just a pointer to the real one, which you will find at C:\Users\username\AppData\Roaming\Microsoft\Windows\SendTo. You can add shortcuts to that one.

23. Launch Apps Faster
When you place items in the Quick Launch bar (the little icon bar next to the Start button), Windows Vista automatically assigns shortcut key combinations to them—well, it assigns keys to the first ten, anyway. Just hit the Windows key plus a number key corresponding to the icon's position in the bar. For instance, to launch the third application in the Quick Launch bar, press Windows-3. Don't see the bar? Right-click an empty part of the Taskbar and select it under the Toolbars menu.

24. Add 3D Sound
If you're having trouble getting full 3D sound in Windows XP games from your SoundBlaster sound card, use Creative's ALchemy tool. Windows Vista uses an audio API called OpenAL for its game audio, and some DirectSound games won't use anything beyond two stereo speakers, ignoring EAX and other APIs. Download the Creative ALchemy beta from preview.creativelabs.com/alchemy, install it, and run it. The ALchemy tool will cause Windows XP games that lack OpenAL support to pipe their DirectSound calls through OpenAL, giving you full 3D audio support.

25. Restore Your Menus
Vista's own windows and many new applications lack the familiar File, Edit, and View menus. But we've gotten used to them after all these years! You can enable them through each application—if they're included at all. To turn them on in Vista proper, open any window (such as Computer, or Documents), click Organize, and click Folder and Search Options. Select the View tab and fill in the check box next to Always Show Menus. Click Apply and then OK. Alternatively, to show the menus temporarily, just hit the Alt key with any given window in the foreground.

26. Eliminate That Warning
Windows Vista hates it when you don't use an antivirus program, a firewall, or some other security feature. But if you don't need one part of the built-in security, you also don't need the Security Center shield icon to pop up constantly in the system tray. Right-click the icon and click Open Security Center. Then, in Security Center, click Change the Way Security Center Alerts Me. You want to select Don't Notify Me and Don't Display the Icon (even though Windows tells you it's "Not Recommended").



27. Add Photos Faster
Most digital cameras come with proprietary software for importing pictures into Windows and cleaning off the camera's memory card, generally a two-stage process. You can do it all in one step with Windows Photo Gallery, which has an auto-erase feature. It lets you dump photos and erase your camera's memory card with one click, preserving a bit of battery life and simplifying yours. Select Options from the File menu, and under the Import tab, select Always erase from camera after importing. Good? Maybe. Potentially dangerous? Definitely. Proceed with caution.



28. Get The Power Prompt
The Command Prompt, though buried in the Start menu, is an enduringly versatile application. Too bad it's hampered by User Account Control, which will prevent certain apps from running properly because of a lack of permissions. To upgrade its capabilities, navigate to the Accessories folder in the Start menu, right-click on Command Prompt, and select Run as Administrator. If you find yourself doing this frequently, try this shortcut: The search box in Vista's Start menu can serve the same function. Simply enter a command, hold the Shift and Ctrl keys, and press Enter.



29. Be An Icon Artist
You may have noticed that by simply holding down the Ctrl key you can use your mouse's scroll wheel to resize a folder's icon. But you may not have noticed that this works on the desktop itself. You can resize from standard 48-by-48-pixel icons to full 256-by-256 photo quality renditions. Power users: Go to Computer and click the arrow to the right of the View menu, where you'll find a slider with an endless selection of icon sizes.



30. Know Your Velocity
Everyone knows about the Windows Experience score, but a power user won't find the information there as comprehensive or useful as one could wish. Skip it in favor of Microsoft's Management Console. Right-click on Computer and select Manage. Then select Reliability and Performance and take a look at your system's Reliability Monitor in the collection of monitoring tools. This system stability index gives a weighted value of how stable your PC is based on data collected over its lifetime. Little red X's show where specific failures occurred. It's a great troubleshooting tool.

31. Create an XPS Document
XPS (which stands for XML Paper Specification) can be very useful; it's effectively an open-standard version of the popular-but proprietary Adobe Acrobat format. What does it all mean? You can create, edit, print, and save the documents without paying Adobe for a license. To create an XPS document, create a file in any word processor (Notepad, WordPad, Word, and so on) and click Print . . . . Then select the automatically installed XPS Printer to "print" the document to an XPS file.



32. Sync Everything!
Need to sync to something that's not supported? Say, to a digital camera, across folders, or even between different computers? SyncToy 1.4, a PowerToy from Microsoft, now supports Windows Vista and will let you sync a folder to a removable hard drive, a network share, and other things. You can pick up the tool for free from Microsoft's Download Center.



33. Set Affinity
Multitasking is an efficient way to spread resources across multiple CPUs—or the multiple cores of a dual-core CPU (or quad-, or octo-, or whatever!). But if you have a single application that consumes a large amount of the system's resources, such as Norton AntiVirus, bypass the multitasking and set it to run exclusively off a single core, potentially improving its efficiency. Bring up the Task Manager, find the resource-hogging process (for Norton, it's called nprotect.exe), right-click it, and select Set Affinity. Then deselect one of the cores, isolating the process and boosting its efficiency.



34. Move Your Stuff
Personal folders are handy, but they may not live where you want them to. Fortunately, you can relocate your own folders fairly easily. Click your username at the top right of the Start menu to open your profile. Right-click Documents and choose Properties. Then click Location | Move and select the new location, or even create it at this time. You'll be asked if you want to move your documents; hit Yes, of course. Don't try this with the Public folder, though: There's a Location tab, but no Move button.



35. Know your Autoplay
XP's Autoplay functionality was merely a thing the OS did, but Vista makes it useful with a control panel applet (including Blu-ray and HD DVD support!). Type Programs in the Start menu and hit Enter and you've got complete control.

36. Create zipped files (again)
Vista opens password-protected ZIP files, but it no longer creates them (Microsoft says passwords don't afford serious security). Your best bet: Download SecureZIP. It's a stable—and free!—alternative.

37. Restore your files
In XP, System Restore fixes OS problems but won't do squat if you accidentally save a file rather than quitting. In Vista, it creates "shadow copies" of your files daily; just right-click a Word, Notepad, or Wordpad file to roll it back to earlier versions.

38. Improve Windows Sidebar
Though the Sidebar is handy, an overcrowded Sidebar merely adds desktop clutter. For gadgets that don't provide "glanceable" data, right-click the gadget and set opacity to 40 percent. It'll fade out when not in use.

39. Go International
Need to know the time in Lima? Or Monaco? Searching for time zones in the control panel will reveal an option to add clocks for different time zones.

40. Gain Speed
Does Vista seem slower than XP to you? A default power setting in the "Power Saver" plan limits the CPU to 50 percent. Open the Power Options control panel and change it to "High Performance" to give it full throttle.

41. Search Elsewhere
Internet Explorer's default search engine is MSN.com. Boo! Click the drop-down menu next to IE's magnifying-glass icon and select "Find More Providers…" Adding Amazon, eBay, and MTV make searching much more fun.

42. Launch Apps Faster
Want to find that program? Don't search through all those menus on the Start button, just type the first couple of characters into the bar at the bottom and the name will appear.

43. Keep Personal Data Private
You can add titles, ratings, and more to songs and photos. But you want to share files, not your personal notes. Right-click a file, choose Properties, click the Details tab, and click the link at the bottom to "Remove Protection and Personal Information."

44. Search By Voice
Enable the built-in natural language search feature; it's on the Search tab in the Folder Options control panel. Now you can type, say, files created last month or music by Tom Lehrer.

45. Take a Meeting
Vista has a calendar that lets you share your schedule with others online. Type Calendar into the Start menu to launch it. Add a few appointments and click the Share menu and you're off!

46. Send Faxes
You may have a cable modem, but the odds are good that your PC has an integrated fax modem, too. Take advantage of it with Vista's built-in fax-center software.

47. Improve Compatibility
Stuck with an old program you love that just won't run in Vista? Search Help and Support for compatibility mode, and start the wizard to get that program going in the new OS.

48. Get a Digital Keyboard
Windows Vista comes with a virtual keyboard, handy if your real one breaks. Simply punch OSK into the Start menu's Search field and hit enter to bring up the on-screen keyboard and use your mouse to "key" in data.

49. Hire a Robot Secretary
Get CDYNE Corp.'s Phone Notify sidebar gadget from Microsoft's gadget gallery. Then type a sentence and a phone number into its sidebar field and the tool will instantly translate your text into speech and place the call. Cool!

50. Get Animated
Vista Ultimate users are privy to an Extra called DreamScene, which adds video desktop wallpapers. Buy Stardock's DESKScapes instead, which lets you set computer-generated animations as wallpapers too.

Follow @aleemxp

TIPS FOR VISTA

TIPS FOR VISTA

1. If you hate the look of Aero, click Start/Control Panel/Themes and you can choose a non-Aero theme, such as Windows Classic.

2. Windows Vista's installer can detect serial-ATA (SATA) drives without the need to provide a driver diskette. Don't bother creating a diskette for your SATA drives before you install Vista.


3. If, for some reason, the Vista installation gets interrupted due to an unintentional shutdown or reboot, start the computer without booting the Vista DVD. Windows Vista's installer should pick up where it left off. If it does-n't, then restart the installation over from scratch.

4. When you perform a search with Vista's new, instant search feature, you can save the search in a special folder. This powerful feature allows you to create a virtual folder which, by default, is saved in your \\Searches\ folder. Every time you open such a folder, the search results are updated.

5. In Windows Vista, you can add additional clocks to the system tray. Click the clock, and then click Date and Time Settings. Click the Additional Clocks tab. You can add one or two additional clocks to the tray and select their time zones.

6. You can save your progress in most of the games included with Windows Vista—even the carry-overs from earlier versions of Windows.

7. You can create XML documents, which are more secure than regular text files or even word processor docs. Just create a document in a word processor, print it via the options menu, and select the XPS printer.

8. If you upgrade your graphics card in preparation for Windows Vista, be sure to get a new card with as much local memory as possible. Since Windows Vista renders everything—even the desktop and windows them-selves—as 3D surfaces, local 3D memory greatly improves performance...sometimes even more than a more powerful GPU.

9. Windows Vista games deposit their saves into a special directory, called Saved Games, in your personal folder. In theory, that will make upgrading to a new system much easier for gamers, who like to migrate their game saves.

10. When using the Help system, it's usually advantageous to include Microsoft's online database in your search. The online/offline status of your search is located on the bottom right of the Help window. You can click it to toggle.

11. The Games folder is a powerful repository of all things gaming. From within, you launch games, update games with the latest patches, enable parental controls to protect younger users from harmful content, and more. Invoke it by clicking Start/Games.

12. Several applications are available to help you tweak Windows Vista for maximum performance. They in-clude TweakVI (www.totalidea.com), TweakVista (www.tweakvista.com/tweakvistautility), and VistaBootPRO (www.vistabootpro.org). And don't forget about Windows ReadyBoost, which lets you use a removable flash memory drive to boost system memory.

13. Do you use the icon in the upper left corner of system and application windows? A quick double-click closes the window (instead of a single click on the X at the upper right). Though Microsoft left the icon out in Vista, the function remains.

14. In Microsoft Windows Explorer, you can use column headers (Name, Size, and so on) to sort files. Savvy users may right-click on a column head to remove items or add some—say, Dimensions for images. There are around 45 such columns available in Windows XP. Windows Vista has well over 250, covering a multitude of metadata.

15. If you've become used to surfing your Program Menu to get to applications, you'll be in for a shock when you first use Microsoft Windows Vista. The new Program Menu shows you only recently used applications and requires extra clicks to navigate to submenus. This can be very frustrating but, thankfully, the Search box Microsoft has added to the Start menu is a great replacement—as long as you're an accurate typist. As quickly as you can type, it returns intelligent results in apps, files, even e-mail messages.

Follow @aleemxp