Re: Should programs install to All Users, Default User, or Me?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: David Candy (david_at_mvps.org)
Date: 03/31/04 

Date: Thu, 1 Apr 2004 02:59:09 +1000

The first time a user logs on windows creates some things.

EG
rundll32 mydocs.dll,PerUserInit
creates My Docs and the shortcut in Sendto. 

-- 
----------------------------------------------------------
http://www.g2mil.com/Dec2003.htm
"woody" <pine@spamsfree.net> wrote in message news:ulybT8zFEHA.2404@TK2MSFTNGP11.phx.gbl...
> "cquirke (MVP Win9x)" wrote in message
> news:qa8k60td5pqodhbp68q4a8jcd30icbnj6e@4ax.com
> > On Tue, 30 Mar 2004 17:43:33 -0500, "woody"
> >>"cquirke (MVP Win9x)"  wrote in message
> >
> >>> AllUsers will apply to all users only in *some* parts of the UI...
> >>>   - Start Menui
> >>>   - Desktop
> >>> ...but not in others...
> >>>   - SendTo
> >>>   - QuickLaunch
> >>> ...where you have to duplicate settings to each account by hand.
> >
> >>Yes I hear you!  A royal pita.  <g>
> >
> >>I logged on as Administrator only to find all my ascetic Desktop & Folder
> >>settings from Woody were not there ..luckily as I went in further I could
> >>see all my special Services, Performance, etc settings I made were still
> >>in tact.  Just not sure how far I wanted or should go with setting it up
> >>double, but what's perplexing is that I want all the same programs, and,
> >>well - - - everything visible in Admin as I have in woody!  Heck it's all
> >>me anyway!
> 
> 
> > I know; one resents having an identity-based security model suited to
> > the workplace foisted on one as a single user.
> >
> > Some settings will be system-wide, held in the system registry hives
> > that live in the OS subtree.  These correspond to HKLM, and aliases.
> >
> > Others will be per-user, held in the NTUSER.* within the account's
> > subtree on the local PC, or as a 'roving profile" on a server.
> >
> > Some branches of the registry show a fusion of these, so you don't
> > really know what's going on (e.g. HKCR in XP).
> >
> > Some global settings are set at the system level but others are set
> > via the AllUsers profile.  New user accounts are built from the
> > Default User, but some stuff apparently comes from somewhere else.
> 
> 
> Okay understood, very nice helpful info.
> 
> >>For now I reset the basics and log'd out of admin and back into woody,
> >>but I have a good mind to delete or just forget the other users and just
> >>always log on as admin - this may not be good for normal folk, but being
> >>the sole user and behind a router and firewall - -  why not -  it's no
> >>different than W9x is once secured and I don't want to play with dual
> >>personalities.
> 
> > That's what I've retreated to doing.  It's prolly not best practice,
> > if XP's design expects user account rights to play a meaningful role
> > in risk management, but it seems too impractical to do anything else
> > unless one is prepared to accept a lower standard of overall control.
> >
> > When it comes to the UI, I populate AllUsers desktop and Start Menu
> > only, stripping the per-user equivalents bare.  For SendTo and
> > QuickLaunch, I populate each account's locations by hand - because you
> > don't know in advance what accounts will exist, it's hard to automate.
> 
> 
> Gosh, that's a pita...  I wish there was an easier way.
> 
> 
> >>>>How can I make it so that when I make any computer settings changes..
> >>>>let's say a Folder View setting change or any change whatever - I would
> >>>>like it to apply to All system wide?
> >
> >>> That is an eternal question.  Let me know if you find an answer, as
> >>> well as how to preset the "new account" prototype so that
> >>> newly-created accounts don't start off with awful duhfaults.
> >
> >>awful duhfaults is right!  Thank goodness it has the ClassicView etc so
> >>that I can have it back looking like a real OS instead of a candy striped
> >>whipcreamed chocolate sprinkles desktop screen and buttons!
> 
> 
> > The killers for me are:
> >   - hiding system files, extensions, full paths
> >   - duhfault IE cache
> >   - duhfault shell folder locations
> >   - certain per-user risks e.g. NoDriveTypeAutoRun
> 
> uggghhh
> 
> >>> So far, I've been directed to an article that covers how to copy
> >>> everything other than NTUSER.* from the account you've set up that no
> >>> longer sucks, to the Default User account from which new user accounts
> >>> are created.  That's all very well, but the guts of what I want to
> >>> carry over are held in the per-user registry that is NTUSER.*
> >
> >>Yes I saw that article too, but that's does not help my mindset of what I
> >>want to do.  Coming from a long time 9x I'm still set in my ways
> 
> 
> > The UI's against one, and there are "can't get to there from here"
> 
> ..did you mean here Three UI's against one?
> 
> > issues.  The new account prototype is the key here; if you can preset
> > that the way you want it, you'd have a lot less reason to shun
> > multiple accounts.  Then all you'd need is a way to lockstep the
> > application of settings, e.g. fixing NoDriveTypeAutoRun after some
> > dumb game has reverted it back to 95 00 00 00
> 
> gosh again..  What is needed is on the pro version, or any wxp version, have
> a simple one click button in Options, and that's to have the OS be used
> exclusively, totally, system wide, for a single user eliminating all the
> extra folders, profiles, etc ..everything!
> 
> Do you have any pull to make that happen  -:)
> 
> 
> >>> Finally, the other issue that IMO kills the accounts rights concept
> >>> stone dead is that whenever I've tried dropping a properly setup
> >>> account from Admin to anything lower, a number of settings fall back
> >>> to awful MS duhfaults (e.g. Hide extensions etc.).
> >
> >><vbg> heh, I know exactly what you mean, after you get things set up like
> >>you want and go to change one setting back to try it out, plonk, you're
> >>back to the frilliness screen again.
> 
> 
> > It's not just the look of it, it's the risk - how can users assess
> > risk and thus apply "safe hex" if they can't see what things are?
> 
> I don't know..
> 
> >>I found out if you set all the Services settings
> 
> > Those are system-level, AFAIK... aren't they?  I'm pretty sure most if
> > not all of them run from one of the "system" accounts.
> 
> Yes they are made system wide, at least what I have seen so far.
> 
> 
> >>> What would be neat is a Regedit view that lets you bang settings
> >>> across user accounts (both existing and New prototype) under
> >>> checkbox control, e.g...
> >>>
> >>> Apply these changes to:
> >>>   [x]  Administrator
> >>>   [x]  Valued Customer
> >>>   [x]  Freddy
> >>>   [x[  Sophie
> >>>   [_]  Guest
> >>>   [x]  New account prototype
> >>>
> >>> Until that day, I avoid multiple accounts and fiddling with
> >>> per-account user rights.  The benefits aren't worth it IMO.
> >
> >>Agreed, and all this is not needed for a Single user who wants to use
> >>XPro.
> 
> 
> > I know - though in fairness, that's really what makes Pro "pro"; the
> 
> yes agreed, and in that function it has it good points.
> 
> > ability to apply stronger security on a per-user basis.  When the same
> > unavoidable model is applied in Home, that's when I get annoyed.
> 
> agreed again.  Also like I said it needs an option for a one click button to
> make the entire OS behave like a single user machine.
> 
> 
> >>I think I will also let it auto logon instead of typing a pass everytime I
> >>reboot!  In essence, once you lock the open doors on it down, and you're
> >>sitting behind a Firewall and Router, why not let it autolog on ?
> 
> 
> > You need to download and use the TweakUI power toy for XP.  This lets
> > you set a password for your account (which is required if you want
> > Tasks to run) and then have the system autologin using that password.
> 
> Yes it's already installed and was the second thing I did after I shut off
> most  of the unwanted services.  I just was toying with the idea of whether
> to let it log on automatically or not - so I just made it so now.  When will
> I need I even to enter in the pass then?  I've got the admin icon showing up
> alongside woody.
> 
> 
> > It also gives you a "front door" to relocate shell folders, which is a
> 
> ...I'll have to contemplate what you mean in the above line?
> 
> > must if you want to keep data and bloated wads of music, pics and
> > videos off C: (on some other HD volume, IOW).
> 
> >>Heck, for that matter why not just Log on as Admin and keep one
> >>account..
> 
> > We are supposed to pretend to be a(n un)trusted employee, so that when
> > malware gains control during our sessions, it will be limited to the
> > rights you allowed yourself.  Makes as much sense to me as leaving the
> > house front door open and needing a key card to enter particular rooms
> > in the house, but as you say - makes perfect sense in an office block.
> >
> > When I started with XP, I really wanted to "do things the right way"
> > and learn the XP way of doing things - but while each version of NT is
> > more complete than the one before, there are still too many things one
> > needs to be able to do that don't seem possible.
> 
> wow, things you've mentioned are well said - and so much to think about!
> 
> I'm inclined to agree with everything, but in no way am I putting down wxp
> - it's just that I think there should be an option as mentioned to make it a
> totally single user OS too, or click the button to make it as it is now for
> real corp admins.
> 
> How does W2000 compare to WXP then because from the little I've seen it
> seems like basically all the same setup?
> 
> If you come back to answer this message, if you want - feel free to snip the
> excess so it's not so long - I'll know what is what.
> 
> 
> >
> >
> >>-------------------- ----- ---- --- -- - -  -    -
> >   Tip Of The Day:
> >   To disable the 'Tip of the Day' feature...
> >>-------------------- ----- ---- --- -- - -  -    -
> 
> 
> 
> 
> 
>

Relevant Pages

  • Re: Should programs install to All Users, Default User, or Me?
    ... >>settings from Woody were not there ..luckily as I went in further I could ... >>see all my special Services, Performance, etc settings I made were still ... > the workplace foisted on one as a single user. ... > don't know in advance what accounts will exist, ...
    (microsoft.public.windowsxp.general)
  • Re: Which Settings MUST be assigned to a User?
    ... specifically applied only to user accounts or computer accounts. ... HKEY_LOCAL_MASHINE values and user configuration modiefies the ... the settings in the User Configuration part ... GPO, with User Configuration settings in it, is applied. ...
    (microsoft.public.windows.group_policy)
  • Re: Summary (Re: XP: Cool feature with a weakness)
    ... since it affected other accounts than the one rotating the ... settings are stored on a user-by-user basis. ... Yes, Steve *wanted* to claim that, and even did... ... Funny how Snit allows himself to point to posts (that are even way out ...
    (comp.sys.mac.advocacy)
  • Re: Outlook - can receive message but not send messages
    ... You could also use the TEst Account Settings feature found further in this ... Milly Staples [MVP - Outlook] ... | (2 accounts) and everything worked okay. ... Therefore I deleted both my email accounts, ...
    (microsoft.public.office.misc)
  • Re: Should programs install to All Users, Default User, or Me?
    ... >> ...where you have to duplicate settings to each account by hand. ... don't know in advance what accounts will exist, ... to the Default User account from which new user accounts ... It's not just the look of it, it's the risk - how can users assess ...
    (microsoft.public.windowsxp.general)