mhc

You can remove the parentheses, but as mentioned above, it would require editing the resource string table in a core Windows system file (SHELL32.DLL). That's probably not a good idea in your situation, but if you're interested anyway, I can point you to what requires editing in SHELL32.DLL.

Your .VBS file will add the .lnk extension to items in the Start Menu folder. It will not add extensions to other types of shortcuts, nor will it add extensions to items in the Send To folder. The following file, if imported into the registry via RegEdit, will add all those extensions as well as a couple others: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}] "NeverShowExt"=- [HKEY_CLASSES_ROOT\CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}] "NeverShowExt"=- [HKEY_CLASSES_ROOT\CLSID\{ECF03A32-103D-11d2-854D-006008059367}] "NeverShowExt"=- [HKEY_CLASSES_ROOT\DocShortcut] "NeverShowExt"=- [HKEY_CLASSES_ROOT\InternetShortcut] "NeverShowExt"=- [HKEY_CLASSES_ROOT\lnkfile] "NeverShowExt"=- [HKEY_CLASSES_ROOT\piffile] "NeverShowExt"=- [HKEY_CLASSES_ROOT\SHCmdFile] "NeverShowExt"=- [HKEY_CLASSES_ROOT\ShellScrap] "NeverShowExt"=- And here's an "undo" file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}] "NeverShowExt"="" [HKEY_CLASSES_ROOT\CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}] "NeverShowExt"="" [HKEY_CLASSES_ROOT\CLSID\{ECF03A32-103D-11d2-854D-006008059367}] "NeverShowExt"="" [HKEY_CLASSES_ROOT\DocShortcut] "NeverShowExt"="" [HKEY_CLASSES_ROOT\InternetShortcut] "NeverShowExt"="" [HKEY_CLASSES_ROOT\lnkfile] "NeverShowExt"="" [HKEY_CLASSES_ROOT\piffile] "NeverShowExt"="" [HKEY_CLASSES_ROOT\SHCmdFile] "NeverShowExt"="" [HKEY_CLASSES_ROOT\ShellScrap] "NeverShowExt"=""

Wow. Where do I begin. Oh yeah, I know. Have you ever looked at the hex code in RSHX32.DLL or SFC_OS.DLL? I have, and what I did above is a FAR better way to hack these programs than, for example, finding the mysterious "-63" check in SFC_OS.DLL. Are you aware that SFC_OS.DLL does a simple check for safe mode just like it does a simple check for -63? And that RSHX32.DLL checks for safe mode for the sole reason to determine whether to display the Security tab in XP Home? And that for these reasons, the above patches affect no other operation in XP? Geez, these patches aren't like eliminating core XP components that can break the most popular programs sold in the marketplace...it's just altering simple checks in two DLLs! I would be reacting differently if you actually TRIED the hacks and found problems with them. Right now you're shooting from the hip with statements that IMO have no basis in reality. Oh, FWIW, what I did above is hex editing. And what you call hex editing is also fooling the operating system as much as what I did above. The difference is that the above way is a better solution, period, than attempting to hack actual code since it is version-independent. And since the registry value set by NTOSKRNL.EXE to signify safe mode is checked by so many DLLs when they are loaded, that value will not change at this point in XP, so hacking that location in SFC-OS.DLL and RSHX32.DLL will remain valid for the remainder of XP's life.

Please read your post again...my name was never mentioned, and that, combined with the lack of a link, was why I reacted as I did. So for the record, here is the link to my post on Neowin which was "quoted" above. http://www.neowin.net/forum/index.php?showtopic=600928

Since I was the "Neowinian" who originally posted the above patches, I'm wondering why the OP didn't put a link to my post (don't care about credit per se, but this seems like "ripping"). Anyway, to GrofLuigi...note that this patch moves "OptionValue" in the two DLLs to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot from HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option and effectively gives the user control over operation of the Security tab and WFP. By setting OptionValue to 1, you see the Security tab and WFP is disabled. By setting it to 0, WFP is enabled and the Security tab disappears. The possible downside is that the patched OptionValue now takes precedence over Safe Mode for these two functions -- which for my purposes is no downside whatsoever, but it might be a problem for others. I also documented this possible downside in the patch posted above. All other DLLs will respect the OptionValue that XP puts in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option when it loads in Safe Mode.

Paste the following into Notepad, save it as UNTERMDD.REG, import the file into RegEdit, then reboot your system. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server] "TSEnabled"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD] "Start"=dword:00000004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService] "Start"=dword:00000004

I learned stuff like this by snooping on my own. If you're running XP Home edition, here's another hack of mine that you can also do.

You can't use the normal methods to restore icons changed by Foxit, because it resets them in the registry to its own icons every time the program loads. Firefox is like this as well, as is Spybot S&D. Truly insidious, needless, and disgusting programming! HOWEVER...you can use a hex editor to hack Foxit so it leaves your icon settings alone. Just search for "DefaultIcon" in the executable and change every occurance to another 11-character word. I use "GotchaSucka". Now use the procedure mentioned above to reset the PDF icon to what you want. The next time you load Foxit, it will leave your selected icon settings alone. Note that this hack works for every program that is written in this awful fashion, except SpyBot S&D, which performs an internal hacking check when it loads. For this reason I no longer use Spybot S&D, and I recommend that others not use it as well...when it comes to anti-virus and anti-spyware programs, I refuse to use or recommend one written so poorly.

I'm using a circa-1990 keyboard from an IBM PS/2 Model 70. Young 'uns don't know how great these old and durable "clickety-clack" keyboards are! As for drivers, the generic 101-key PS/2 keyboard driver was installed and it works just fine. Since the keyboard obviously doesn't have a Windows key, I used the following registry hack to give it one: Windows Registry Editor Version 5.00 ;Map Scroll Lock key to Windows key (IBM PS/2 Keyboard) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout] "Scancode Map"=hex:00,00,00,00,00,00,00,00,02,00,00,00,5B,E0,46,00,00,00,00,00

I just noticed that I forgot an important step in the registry hack I suggested... It's been edited to add the important step of rebooting.

Add the subkey cmd.exe to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options You don't need anything else except the cmd.exe subkey. NOTE: You must reboot your system before this registry change will work!

If you have disabled WFP, replace your current SFCFILES.DLL with the one in the .ZIP file in the attachment. If you have not disabled WFP, replace the SFCFILES.DLL in the DLLCACHE directory with the one in the .ZIP file in the attachment, and then go to the command prompt and rename the SFCFILES.DLL in the SYSTEM32 directory to SFCFILES.OLD. WFP will then replace SFCFILES.DLL with your copy in the DLLCACHE directory. In either case, reboot your system, and the directories you listed can be permanently deleted. Please note that this "hack" will disable WFP if you previously had it enabled, and SFC /SCANNOW will not work because there will no longer be any files to scan. SFCFILES.ZIP

Nice list! A few comments... Workstation can be disabled if the system is not connected to a network. Windows Image Acquisition can be disabled if you're using devices which came with their own software to download images. In addition to checking digital signing of drivers, Cryptographic Services is the part of Windows File Protection that automatically replaces protected files when you attempt to delete or rename them. For that reason alone I keep the service disabled! There is no need to have Logical Disk Manager or Windows Installer set to Automatic. If set to manual, Windows will start the services when they are needed, and stop them when they are no longer needed. Disabling Windows Management Instrumentation WILL NOT break your system!!! I've been running without it for years...the only thing I notice is that my hard disk is quiet most of the time because it's not collecting useless (to me) performance data and writing them to countless logs!

Sounds like you're running DOS (CMD.EXE) in full-screen mode. If you're accessing DOS through a shortcut, right-click on the shortcut, select properties, click the Options tab, and make sure the Display Option is set to Window and not Full Screen. mhc

I'm sure there's a better way to do it, but you can create zero-length files using the DEBUG program. To automate the process you'll first need to create a file (we'll call it TEST.DBG) containing two lines, as follows: w q The first line will tell DEBUG to write a file, the second will end DEBUG. You can now use the TEST.DBG file to create a zero-length file. Here's an example: DEBUG ZEROLEN.TXT <TEST.DBG The above command will create a zero-length file of the name ZEROLEN.TXT. A possible limitation is that DEBUG is a DOS program and only understands 8-dot-3 names for files and directories. You can use this method to change the size of any file to zero bytes, but the TEST.DBG file would be six lines: rbx 0 rcx 0 w q The above is limited to files whose original size was 512K or smaller. It also will not work on .EXE files, or on those which cannot be modified due to lack of permission or read-only status. mhc

The mention of the EULA is pretty funny, what with a "sticky" Important Topic in this section named "SP2 needed hacked files list"... Hmm...maybe it's not funny. Maybe it's the solution to a problem. It's obvious that Microsoft's legal team has done an excellent job of putting the fear of god into owners of sites like this. But Microsoft's implicit condoning of people breaking the EULA with themes, file protection, etc means that any action MS takes against breaking the EULA in any other fashion is unenforceable. Basically, one cannot write an agreement and say "It's OK to break it if it helps us sell product", and that's exactly what Microsoft is doing! There is a group called the Electronic Frontier Foundation which deals with things like this, perhaps some site owners should get in touch with them... mhc

I suppose it's personal preference, but I would rather remove the entry (though keeping a backup!) than set it as disabled. mhc

Not true...removing the key: HKLM\SYSTEM\CurrentControlSet\Services\wuauserv will take precedence over everything. You can put whatever you want in a policy, if the Automatic Updates service isn't in the registry, it HAS no policy! If the above key is removed, any/all keys associated with Automatic Updates can be removed as well. Oh, it would probably be a good idea to save a backup of the above key, just in case you want to re-install Automatic Updates in the future. And don't worry about the other Automatic Updates keys you delete, if you re-enable the service, it will re-create the keys for you. mhc

The reason you cannot access the ntuser.dat file is because Windows loads all active profile hives when it starts. If you have Windows installed on another disk/partition on your system, start Windows from there and you will have full access to both ntuser.dat files. Otherwise, your only hope is to run the recovery console while logged in from someplace other than the C:\WINDOWS directory. mhc

I know it's blasphemous in many circles, but if you want to rid yourself of most (and on my system, ALL) of the hard disk thrashing when your system is idle, disable the Windows Management Instrumentation service. I've had mine off for more than a year, and it would appear that those who say the service is vital or required on all systems have never turned it off for any length of time to check for themselves! You won't break your system if you disable WMI, so give it a try. If you find that something doesn't work quite right (doubtful, but certainly possible), you can always re-enable the service. Mark

Set up the shortcut to run minimized...that should do the trick. mhc