Re: Should programs install to All Users, Default User, or Me?

From: David Candy (david_at_mvps.org)
Date: 03/31/04 

Date: Thu, 1 Apr 2004 02:59:09 +1000

The first time a user logs on windows creates some things.

EG
rundll32 mydocs.dll,PerUserInit
creates My Docs and the shortcut in Sendto. 

-- 
----------------------------------------------------------
http://www.g2mil.com/Dec2003.htm
"woody" <pine@spamsfree.net> wrote in message news:ulybT8zFEHA.2404@TK2MSFTNGP11.phx.gbl...
> "cquirke (MVP Win9x)" wrote in message
> news:qa8k60td5pqodhbp68q4a8jcd30icbnj6e@4ax.com
> > On Tue, 30 Mar 2004 17:43:33 -0500, "woody"
> >>"cquirke (MVP Win9x)"  wrote in message
> >
> >>> AllUsers will apply to all users only in *some* parts of the UI...
> >>>   - Start Menui
> >>>   - Desktop
> >>> ...but not in others...
> >>>   - SendTo
> >>>   - QuickLaunch
> >>> ...where you have to duplicate settings to each account by hand.
> >
> >>Yes I hear you!  A royal pita.  <g>
> >
> >>I logged on as Administrator only to find all my ascetic Desktop & Folder
> >>settings from Woody were not there ..luckily as I went in further I could
> >>see all my special Services, Performance, etc settings I made were still
> >>in tact.  Just not sure how far I wanted or should go with setting it up
> >>double, but what's perplexing is that I want all the same programs, and,
> >>well - - - everything visible in Admin as I have in woody!  Heck it's all
> >>me anyway!
> 
> 
> > I know; one resents having an identity-based security model suited to
> > the workplace foisted on one as a single user.
> >
> > Some settings will be system-wide, held in the system registry hives
> > that live in the OS subtree.  These correspond to HKLM, and aliases.
> >
> > Others will be per-user, held in the NTUSER.* within the account's
> > subtree on the local PC, or as a 'roving profile" on a server.
> >
> > Some branches of the registry show a fusion of these, so you don't
> > really know what's going on (e.g. HKCR in XP).
> >
> > Some global settings are set at the system level but others are set
> > via the AllUsers profile.  New user accounts are built from the
> > Default User, but some stuff apparently comes from somewhere else.
> 
> 
> Okay understood, very nice helpful info.
> 
> >>For now I reset the basics and log'd out of admin and back into woody,
> >>but I have a good mind to delete or just forget the other users and just
> >>always log on as admin - this may not be good for normal folk, but being
> >>the sole user and behind a router and firewall - -  why not -  it's no
> >>different than W9x is once secured and I don't want to play with dual
> >>personalities.
> 
> > That's what I've retreated to doing.  It's prolly not best practice,
> > if XP's design expects user account rights to play a meaningful role
> > in risk management, but it seems too impractical to do anything else
> > unless one is prepared to accept a lower standard of overall control.
> >
> > When it comes to the UI, I populate AllUsers desktop and Start Menu
> > only, stripping the per-user equivalents bare.  For SendTo and
> > QuickLaunch, I populate each account's locations by hand - because you
> > don't know in advance what accounts will exist, it's hard to automate.
> 
> 
> Gosh, that's a pita...  I wish there was an easier way.
> 
> 
> >>>>How can I make it so that when I make any computer settings changes..
> >>>>let's say a Folder View setting change or any change whatever - I would
> >>>>like it to apply to All system wide?
> >
> >>> That is an eternal question.  Let me know if you find an answer, as
> >>> well as how to preset the "new account" prototype so that
> >>> newly-created accounts don't start off with awful duhfaults.
> >
> >>awful duhfaults is right!  Thank goodness it has the ClassicView etc so
> >>that I can have it back looking like a real OS instead of a candy striped
> >>whipcreamed chocolate sprinkles desktop screen and buttons!
> 
> 
> > The killers for me are:
> >   - hiding system files, extensions, full paths
> >   - duhfault IE cache
> >   - duhfault shell folder locations
> >   - certain per-user risks e.g. NoDriveTypeAutoRun
> 
> uggghhh
> 
> >>> So far, I've been directed to an article that covers how to copy
> >>> everything other than NTUSER.* from the account you've set up that no
> >>> longer sucks, to the Default User account from which new user accounts
> >>> are created.  That's all very well, but the guts of what I want to
> >>> carry over are held in the per-user registry that is NTUSER.*
> >
> >>Yes I saw that article too, but that's does not help my mindset of what I
> >>want to do.  Coming from a long time 9x I'm still set in my ways
> 
> 
> > The UI's against one, and there are "can't get to there from here"
> 
> ..did you mean here Three UI's against one?
> 
> > issues.  The new account prototype is the key here; if you can preset
> > that the way you want it, you'd have a lot less reason to shun
> > multiple accounts.  Then all you'd need is a way to lockstep the
> > application of settings, e.g. fixing NoDriveTypeAutoRun after some
> > dumb game has reverted it back to 95 00 00 00
> 
> gosh again..  What is needed is on the pro version, or any wxp version, have
> a simple one click button in Options, and that's to have the OS be used
> exclusively, totally, system wide, for a single user eliminating all the
> extra folders, profiles, etc ..everything!
> 
> Do you have any pull to make that happen  -:)
> 
> 
> >>> Finally, the other issue that IMO kills the accounts rights concept
> >>> stone dead is that whenever I've tried dropping a properly setup
> >>> account from Admin to anything lower, a number of settings fall back
> >>> to awful MS duhfaults (e.g. Hide extensions etc.).
> >
> >><vbg> heh, I know exactly what you mean, after you get things set up like
> >>you want and go to change one setting back to try it out, plonk, you're
> >>back to the frilliness screen again.
> 
> 
> > It's not just the look of it, it's the risk - how can users assess
> > risk and thus apply "safe hex" if they can't see what things are?
> 
> I don't know..
> 
> >>I found out if you set all the Services settings
> 
> > Those are system-level, AFAIK... aren't they?  I'm pretty sure most if
> > not all of them run from one of the "system" accounts.
> 
> Yes they are made system wide, at least what I have seen so far.
> 
> 
> >>> What would be neat is a Regedit view that lets you bang settings
> >>> across user accounts (both existing and New prototype) under
> >>> checkbox control, e.g...
> >>>
> >>> Apply these changes to:
> >>>   [x]  Administrator
> >>>   [x]  Valued Customer
> >>>   [x]  Freddy
> >>>   [x[  Sophie
> >>>   [_]  Guest
> >>>   [x]  New account prototype
> >>>
> >>> Until that day, I avoid multiple accounts and fiddling with
> >>> per-account user rights.  The benefits aren't worth it IMO.
> >
> >>Agreed, and all this is not needed for a Single user who wants to use
> >>XPro.
> 
> 
> > I know - though in fairness, that's really what makes Pro "pro"; the
> 
> yes agreed, and in that function it has it good points.
> 
> > ability to apply stronger security on a per-user basis.  When the same
> > unavoidable model is applied in Home, that's when I get annoyed.
> 
> agreed again.  Also like I said it needs an option for a one click button to
> make the entire OS behave like a single user machine.
> 
> 
> >>I think I will also let it auto logon instead of typing a pass everytime I
> >>reboot!  In essence, once you lock the open doors on it down, and you're
> >>sitting behind a Firewall and Router, why not let it autolog on ?
> 
> 
> > You need to download and use the TweakUI power toy for XP.  This lets
> > you set a password for your account (which is required if you want
> > Tasks to run) and then have the system autologin using that password.
> 
> Yes it's already installed and was the second thing I did after I shut off
> most  of the unwanted services.  I just was toying with the idea of whether
> to let it log on automatically or not - so I just made it so now.  When will
> I need I even to enter in the pass then?  I've got the admin icon showing up
> alongside woody.
> 
> 
> > It also gives you a "front door" to relocate shell folders, which is a
> 
> ...I'll have to contemplate what you mean in the above line?
> 
> > must if you want to keep data and bloated wads of music, pics and
> > videos off C: (on some other HD volume, IOW).
> 
> >>Heck, for that matter why not just Log on as Admin and keep one
> >>account..
> 
> > We are supposed to pretend to be a(n un)trusted employee, so that when
> > malware gains control during our sessions, it will be limited to the
> > rights you allowed yourself.  Makes as much sense to me as leaving the
> > house front door open and needing a key card to enter particular rooms
> > in the house, but as you say - makes perfect sense in an office block.
> >
> > When I started with XP, I really wanted to "do things the right way"
> > and learn the XP way of doing things - but while each version of NT is
> > more complete than the one before, there are still too many things one
> > needs to be able to do that don't seem possible.
> 
> wow, things you've mentioned are well said - and so much to think about!
> 
> I'm inclined to agree with everything, but in no way am I putting down wxp
> - it's just that I think there should be an option as mentioned to make it a
> totally single user OS too, or click the button to make it as it is now for
> real corp admins.
> 
> How does W2000 compare to WXP then because from the little I've seen it
> seems like basically all the same setup?
> 
> If you come back to answer this message, if you want - feel free to snip the
> excess so it's not so long - I'll know what is what.
> 
> 
> >
> >
> >>-------------------- ----- ---- --- -- - -  -    -
> >   Tip Of The Day:
> >   To disable the 'Tip of the Day' feature...
> >>-------------------- ----- ---- --- -- - -  -    -
> 
> 
> 
> 
> 
>
Quantcast