Samba 3 and Windows Vista Clients
- Overview of Windows Vista's Changes
- Working with User Profiles & Folder Redirection
- Working Around the Lack of System Policies
- Making Vista not Suck (as a Workstation)
- An Example Samba-Vista Deployment
Windows Vista's Annoyances
The following sections will show you how you can bypass or change various features within Windows Vista by applying policies or writing certain registry keys. These settings are listed as:
Group Policy - Location within the Local Group Policy Editor where you will find the appropriate Setting. I include both the User and Computer Policies when available.
Computer Registry Key - This is the HKLM registry value that will set the specified policy/preference. This will apply the policy/preference to all the Users logging into the workstation.
User Registry Key - This is the HKCU registry value that will set the specified Policy/Preference. This will only be set for the current User, making this key pretty much worthless. These are only listed if I could not find an appropriate HKLM key.
Non-Admin User Editable Registry Key - This registry key can be written by any user regardless if they are an Administrator or not. These preferences are best used within a Logon Script of some kind.
Dealing with User Access Control
One of the biggest complaints people have been having with Windows Vista is the fact that you will recieve prompts when attempt to do something that requires Administrative privileges. Apple has even created commercials criticizing this feature (when they themselves have a similar feature).
This feature (in my opinion) is actually a decent feature for Home Users and once programmers write their programs to run without Adminstrative Rights (which has plagued Windows for years) the annoying popups will decrease.
However, User Access Control should probably not be implemented on Networked Workstations. For instance:
* Even non-administrators will get a prompt asking for a Username and Password to continue. This has the detrimental effect of people stealing other peoples usernames/passwords (with Admin privileges) in order to sidestep the network's security. If you don't think this happens, implement an Internet Filter on your network that provides a bypass username/password and see how quickly your Users will learn the username/password.
* Everything that requires Admin Rights will prompt the user (regardless if they are in the Adminstrator's group or not). This alone will destroy the chance of using any type of scripting to get around the lack of System Policies with Vista.
So I recommend simply disabling UAC on all Vista workstations
Disable UAC completely
Computer Registry Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System - EnableLUA - 0 (DWORD)
Working with the Logon Screen
In case you haven't yet deployed Vista within a Domain or Active Directory, I have to tell you that whoever designed the new logon screen should be fired. Not only is it NOT user friendly, you also cannot go back to the old logon screen (which has been around since NT 3.5).
The biggest drawback of this new logon screen is the fact that after you hit CTL-ALT-DEL, you must click on a picture to switch the user, then you must click on another picture to specify "Another User", then finally you can enter your Username and Password to logon.
The only way that I have found to combat this idiocity is to simply have the logon screen forget who was previously logged in. This way, you simply hit CTL-ALT-DEL, then you are only prompted for your username and password. The downside of this, of course, are those that are used to using the same computer over and over must now remember their username ;-)
Always Use Classic Logon - not really helpful since if you are on a Domain this logon screen will be shown anyway (BTW- it is not "classic")
Local Computer Group Policy Comp Config - Admin Templ - System - Logon - Always Use Classic Logon Computer Registry Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System - LogonType - 1 (DWORD)
Display Information About Previous Logons During Logon - here is where you specify to forget the previous logon username.
Local Computer Group Policy Comp Config - Admin Templ - Windows Components - Windows Logon Options Computer Registry Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System - dontdisplaylastusername - 1 (DWORD)
Various Explorer Annoyances
Turn off Windows Sidebar - recommended to simply remove sidebar from the startup programs, some users may complain about not be able to access the Sidebar.
Local Computer Group Policy Comp Config - Admin Templ - Windows Components - Windows Sidebar - Turn off Windows Sidebar Local Machine RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar - TurnOffSidebar - 1 (DWORD) Non-Admin User Editable Registry - Delete the following User's Key Software\Microsoft\Windows\CurrentVersion\Run\Sidebar
Disable the Welcome Center - Not sure if this policy actually works, it is best to simply delete the WelcomeCenter from the User's Startup using a Logon Script.
Local Group Policy Comp Conf - Admin Templ - Windows Components - Windows Explorer - Do not display the Welcome Center at user logon Local Machine RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - RestrictWelcomeCenter - 1 (DWORD) Non-Admin User Editable Registry - Delete the following User's Key Software\Microsoft\Windows\CurrentVersion\Run\WindowsWelcomeCenter
Disable Desktop Cleanup Wizard
Local Group Policy (User Policy Only) User Conf - Admin Templates - Desktop - Remove the Desktop Cleanup Wizard Non-Admin User Editable Key Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz - NoRun - 1
Disable Thumbnail Cache
Local Group Policy (User policy Only User - Windows Components - Windows Explorer - Turn off the caching of thumbnails in hidden thumbs.db files Non-Admin User Editable Key Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced - DisableThumbnailCache - 1 (REG_SZ)
Disable Web Search for File Types
Local Group Policy (Both User and CPU Polices) Internet Communication Settings - Turn off Internet File Association Service Local Computer RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoInternetOpenWith - 1 (REG_SZ)
Always Show File Extension
Non-Admin User Editable Key Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced - HideFileExt - 0 (DWORD)
Remove Set Default Programs from Start Menu
Local Group Policy User - Start Menu & Taskbar - Remove Default Programs Link from the Start Menu Local Computer RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoSMConfigurePrograms - 1 (DWORD)
Do Not Automatically Search for Network Folders and Printers
Non-Admin User Editable Key Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced - NoNetCrawling - 1 (REG_SZ)
Turn Off Notification Area Cleanup
Local Group Policy User - Start Menu & Taskbar - Turn off notification area cleanup Local Computer RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoAutoTrayNotify - 1 (DWORD)
Disable the Language Bar
Non-Admin User Editable Key Software\Microsoft\CTF\LangBar - ShowStatus - 3 (DWORD)
Turn Off Balloon Notifications - test hklm key
Local Group Policy User - Start Menu & Taskbar - Turn off all balloon notifications Local Computer RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - TaskbarNoNotification - 1 (DWORD) Non-Admin User Editable Key Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced - EnableBalloonTips - 0 (DWORD)
Don't Save Settings on Logout
Local Group Policy User - Desktop - Don't Save Settings on Exit Local Machine RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoSaveSettings - 1 (REG_SZ)
Turn Off AutoPlay
Local Group Policy User and CPU - Windows Components - AutoPlay Policies - Turn Off Autoplay Local Machine RegKey HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoDriveTypeAutoRun - 1 (REG_SZ)
