Default user tweaks - Current or .Default?

Windows XP Professional Update Pack discussion.
Post Reply
User avatar
SymSpaceT
Posts: 114
Joined: Thu Jan 24, 2008 5:56 pm

Default user tweaks - Current or .Default?

Post by SymSpaceT » Fri Jul 24, 2009 8:30 pm

Hello folks,

I have some default user registry tweaks I'd like to add at cmdlines.txt.

The simple question is: Which hive should it go to?

the HKEY_USERS\.DEFAULT

or the

HKEY_CURRENT_USER

hive?

User avatar
crashfly
Posts: 789
Joined: Thu Mar 13, 2008 11:39 pm
Location: Arkansas, USA

Post by crashfly » Sat Jul 25, 2009 2:18 am

Set it to the "Current User" hive as *that* will be redirected to the "Default User" hive --during-- setup. After setup is completed, the 'first' user that gets logged in will set the "Current User" hive.
A mind is like a parachute, it only functions when it is open.
--Anonymous

How to Ask Questions the Smart Way

User avatar
SymSpaceT
Posts: 114
Joined: Thu Jan 24, 2008 5:56 pm

Post by SymSpaceT » Sat Jul 25, 2009 7:06 am

Thank you.

User avatar
code65536
Posts: 735
Joined: Wed Mar 14, 2007 2:58 pm
Location: .us
Contact:

Post by code65536 » Sat Jul 25, 2009 8:24 am

The ".DEFAULT" hive is used for the logon screen.

The "Default User" hive is just a regular user hive, except for one special property: when a new user's profile is first created, the "Default User" hive is copied over to the new user's profile.

The "Current User" hive is just which ever user's hive happens to be loaded at the moment; it changes depending on who is logged on, and during setup, the hive that is loaded as the "Current User" hive is the "Default User" hive.

So any changes to "Current User" during setup will change the "Default User". After setup, any changes to "Default User" will require that you first load the default user hive.
My addons: CmdOpen - HashCheck - Notepad2 - MS Runtimes - DirectX

Into the breach, meatbags!

User avatar
SymSpaceT
Posts: 114
Joined: Thu Jan 24, 2008 5:56 pm

Post by SymSpaceT » Sun Jul 26, 2009 8:16 am

Hello folks,

Thanks for the clear explanation!

Let me summarize with a question:

1. During Installation:

The Current User hive is used. Registry keys for this hive get imported here. At the end of the installation (GUI part), whatever is here gets written into the .Default hive subsequently serving as a template for new users as they are created.


2. During normal run of the os

The .Default hive is used for two purposes:

- to use it at the Welcome screen (before any user logs on) inasmuch it is applicable
- to use it as a template when a new user is created

The Current User hive is loaded from each user's individual hive at logon and changes are saved accordingly.
If I want to edit the default user hive after installation, I have to first load it and import the keys.

Now I have the following question:

During installation, a natural need would be to actually tweak at least TWO very different users: the "limited" user and the built-in administrator user. Obviously different thing apply to each of these. Question: How can this be done?

Thanks:

SST

User avatar
crashfly
Posts: 789
Joined: Thu Mar 13, 2008 11:39 pm
Location: Arkansas, USA

Post by crashfly » Sun Jul 26, 2009 12:43 pm

SymSpaceT wrote:Hello folks,

Thanks for the clear explanation!

Let me summarize with a question:

1. During Installation:

The Current User hive is used. Registry keys for this hive get imported here. At the end of the installation (GUI part), whatever is here gets written into the .Default hive subsequently serving as a template for new users as they are created.
Not exactly. The Current User hive *points* the the .Defualt User hive. No copying is done. A change to CU gets written to .Default immediately.
SymSpaceT wrote:2. During normal run of the os

The .Default hive is used for two purposes:

- to use it at the Welcome screen (before any user logs on) inasmuch it is applicable
- to use it as a template when a new user is created

The Current User hive is loaded from each user's individual hive at logon and changes are saved accordingly.
This requires a bit of clearing up. Windows by default, loads the .Default user hive when arriving at the log in prompt. When someone enters their login information, their 'hives' become the Current User hive.
SymSpaceT wrote:If I want to edit the default user hive after installation, I have to first load it and import the keys.

Now I have the following question:

During installation, a natural need would be to actually tweak at least TWO very different users: the "limited" user and the built-in administrator user. Obviously different thing apply to each of these. Question: How can this be done?

Thanks:

SST
Windows does not differentiate users when creating them from the .Default user hive. Administrators *and* limited accounts are different by what security settings they get. Administrators can see/change everything, where as a limited account cannot.
A mind is like a parachute, it only functions when it is open.
--Anonymous

How to Ask Questions the Smart Way

User avatar
SymSpaceT
Posts: 114
Joined: Thu Jan 24, 2008 5:56 pm

Post by SymSpaceT » Sun Jul 26, 2009 3:24 pm

Thanks for taking the time to point out those inaccuracies in my description!

Yes, I understand that the major difference between administrators and limited users is in the privileges they have in accessing the computer. This is built into Windows. However, one natural consequence (manifestation) of this difference would be that an administrator's "user interface" looks and works differently. A simple example: administrators should view hidden and superhidden files, while limited users should not. There are several other "tweaks" of this nature that I am talking about and what I am trying to implement right from installation.

It seems that the ability to implement such "user interface" difference between these two user types was not built into the installation procedure by Microsoft, despite that it seem (to me) like a rather basic thing to do.

I guess there is an incidental way to implement this difference. IF the first user to log on is the built-in administrator (this very much likely as there are some post -installation errands to do anyway) then I guess the thing to do is to use guirunonce and import the administrator-like tweaks (registry) at that point.

So I guess the "solution" is to

- tweak the default user account during installation as the limited user account at cmdlines.txt (if it works..)
and then
- further tweak/modify the built-in administrator account to provide administrator-like user inerface and options at first logon via guirunonce

The only problem with this is that administrator-type accounts, other than the built-in one, in turn will have the limited user -type interface (which was tweaket at cmdlines.txt during installation). But I guess normally you'd have only limited users and the built-in administrator.

If you have a better idea, please let me know.

Cheers:

SST
Last edited by SymSpaceT on Mon Jul 27, 2009 8:10 am, edited 2 times in total.

User avatar
crashfly
Posts: 789
Joined: Thu Mar 13, 2008 11:39 pm
Location: Arkansas, USA

Post by crashfly » Sun Jul 26, 2009 5:24 pm

Honestly, I could not tell you how windows would interpret those tweaks. That would be something to test and try out.

However, from my 'limited' knowledge on this, I believe you could set the tweaks for the administrator. Yet the nature of the limited account should automatically keep those super-hidden files still hidden, unless the security part just keeps them from being accessed (not necessarily hidden).
A mind is like a parachute, it only functions when it is open.
--Anonymous

How to Ask Questions the Smart Way

User avatar
code65536
Posts: 735
Joined: Wed Mar 14, 2007 2:58 pm
Location: .us
Contact:

Post by code65536 » Sun Jul 26, 2009 9:31 pm

SymSpaceT wrote:The .Default hive is used for two purposes:
No. The ".default" hive (which Microsoft misnamed) is used for one and only one purpose: for the logon screen (and other UI that is not specific to any particular user). It is not the "Default User" hive.

Second, HKEY_CURRENT_USER (and HKEY_CLASSES_ROOT) are not real. Technically, there is no "Current User" hive. HKCR is just an alias that maps to a node under HKU.

This is how the initial setup works...

1) During setup, there is only one user hive*. It is loaded somewhere under HKU (don't know what name it is given, except that it is not ".DEFAULT") and mapped to HKCR. Any changes to HKCR during setup will go into this user hive.

2) After setup, this hive is unloaded and becomes the "template" hive for any new user hives that are subsequently created. Once setup completes, this hive is never again loaded, is never again changed, and will never show up in the registry editor. After setup has completed, the only way to view or modify the template hive is if you manually load the hive.

3) A user's profile is created when the user first logs in, not when the user is first created. When the profile is created, the entire profile for "Default User" becomes the template for the new profile. This would also include the registry hive, since each user's registry hive is stored in the user's profile. This also means that any files saved to the user profile during setup will be a part of the template for any new user profiles created on the system.

4) Each time a user logs in, that user's own hive (stored in that user's profile) is loaded under HKU and HKCR then becomes an shorthand alias for that.


So you see, this has several implications. First, during setup, any changes to the user profile, whether it be a registry change or a file that is saved in the profile, becomes a template for any user profile that is created, regardless of whether it is an Administrator or a limited user. Second, there is no Administrator profile during setup. In fact, if you never log in as the Administrator user, there will never be an Administrator profile. Because even though the Administrator account is a built-in account, it only gets a profile when you first log in as the Administrator after setup. This means that you can't make any changes to the default Administrator account until setup has completed and you have logged into that account for the first time.

And to address your final question, no, there is no way to say "this setting should apply only to limited users" or "this is only for admin users". There are several problems with this: first, there are legitimate reasons why a limited user might want to view these files and legitimate reasons why an administrator might not want to view these files. Second, there is no such thing as "hiding" files, as far as the file system and operating system are concerned. The "hiding" happens by simply flagging the file as "hidden", which is just a message to any program that happens to come across the file, "hey, I'm supposed to be hidden, so if you want, you could hide me". As far as applications are concerned, "hidden" files are no different than regular files, and they can "see" hidden files just fine. If a file appears "hidden", it is only because the application actively chose to honor the hide flag and actively hid the file in its UI. Basically, "hiding" is nothing more than an unenforceable convention and has nothing to do with user priv level. Third, user privledge levels are mutable. You can grant someone Administrator (or Power User) rights and you can strip them away. Or you can create your own custom level user type, with a custom mix of admin and limited powers, and you can grant and revoke these powers at will. So it doesn't make sense for MSFT to support doing weird things with the profile or registry based on which user class someone is in because it's all very fluid and mutable and it would just be one huge poorly-defined mess if they did something like that.

So no, there is no existing framework to do what you want to do because it doesn't make sense to do that. But if you still want to, you can, by doing this:
1) Create a custom program (doesn't have to be too complicated; could even be a VB script, I guess) that can detect the level of the user and set certain keys based on that.
2) Make this thing run for each user the first time that user is logged on.

But really, it's not worth the effort and the hassle. It's far easier to just write your various admin-only tweaks into a .reg file and just remember to load that the first time the admin logs in.

* if you ignore the system hives and the special pseudo-user hives, like the one for the logon screen or the one for the "network user"
My addons: CmdOpen - HashCheck - Notepad2 - MS Runtimes - DirectX

Into the breach, meatbags!

User avatar
ENU_user
Posts: 1253
Joined: Wed Jan 25, 2006 1:42 pm

Post by ENU_user » Mon Jul 27, 2009 1:38 am

removed
Last edited by ENU_user on Sat Jun 19, 2010 5:19 pm, edited 1 time in total.

User avatar
SymSpaceT
Posts: 114
Joined: Thu Jan 24, 2008 5:56 pm

Post by SymSpaceT » Mon Jul 27, 2009 10:04 am

Just one question for now, more reaction later:

Code wrote:
This also means that any files saved to the user profile during setup will be a part of the template for any new user profiles created on the system.
Where are the default user profile-files during installation? Are they under the usual DocsandSettings\Default User folder (where they are after installation) already?
If I wanted to change some files/folder structure here, I do it with a script which runs at setup and also make the corresponding changes in the registry referencing these paths? (which works well in an already installed os).


Thanks:

SST

User avatar
code65536
Posts: 735
Joined: Wed Mar 14, 2007 2:58 pm
Location: .us
Contact:

Post by code65536 » Mon Jul 27, 2009 9:11 pm

SymSpaceT wrote:Where are the default user profile-files during installation?
I don't know the exact location because I never bothered to check what it is. And you don't need to know: you should avoid hard-coding paths and use environment variables whenever possible. For example, %AppData%\Notepad2\Notepad2.ini or %UserProfile%\Desktop\foo.bar

Remember, during setup, the "default user" profile is active--it's not just the registry hive, but the entire profile, so anything done to the profile of the current user is done to the profile of the default user.
My addons: CmdOpen - HashCheck - Notepad2 - MS Runtimes - DirectX

Into the breach, meatbags!

User avatar
SymSpaceT
Posts: 114
Joined: Thu Jan 24, 2008 5:56 pm

Post by SymSpaceT » Mon Aug 03, 2009 6:47 pm

Hello folks,

By experimentation, I have the following:

1. At the beginning of the GUI setup, the "Default" and the "All Users" files are on the hard disk where the user profile files were defined to be.

2. Sometime during GUI setup the LocalService account's files are also created

3. The NetworkService and the SystemProfile files are created only at first boot after gui setup finishes.

Question:

I had this silly (?) preconception that there should be an environment variable in WinXP pointing to the users' directory (i.e.: usually the "C:\Documents and Setting" directory and not the currently logged in user's directory within this)
Seems that this is not so, correct? There are only the %USERPROFILE% and the %ALLUSERSPROFILE% variables pointing to the currently logged in user's and the shared stuff respectively.

SST

User avatar
SymSpaceT
Posts: 114
Joined: Thu Jan 24, 2008 5:56 pm

Post by SymSpaceT » Mon Aug 03, 2009 6:59 pm

Code wrote:
2) After setup, this hive is unloaded and becomes the "template" hive for any new user hives that are subsequently created. Once setup completes, this hive is never again loaded, is never again changed, and will never show up in the registry editor. After setup has completed, the only way to view or modify the template hive is if you manually load the hive.
I'm trying to understand how to tweak the default(?) user hive in a running os (or at first logon after setup, there is a reason for that). How should I load this "mysterious" hive? I'm a bit confused as to whether this is the .Default hive or some other hive as per the explanation of Code65536. The .Default hive is loaded in the Windows registry editor.

Thanks:

SST

User avatar
SymSpaceT
Posts: 114
Joined: Thu Jan 24, 2008 5:56 pm

Post by SymSpaceT » Wed Aug 05, 2009 2:51 pm

Okay, folks, I am still trying to get to the bottom of this. I searched a bit and here is what I know so far:

We need to introduce a new name for the registry hive that is actually used as the template when a new user is created. I will call this TEMPLATE.

Both the TEMPLATE and the .DEFAULT hives are created during setup from the then-active user hive. The .DEFAULT is used when no other user is logged in, for example at the welcome screen (in this sense, it is actually not misnamed..) and it is loaded when the windows "Regedit" is started. The TEMPLATE hive, together with the physical files under the "Default User" directory, are used when a new user is created (and when that user actually logs in for the first time).

So my $60,000 question is: where is this "TEMPLATE" hive physically located on the hard drive, so I can manually load it?

Is it the 256KB ntuser.dat file residing in the "Default User" directory? If I load that, it seems empty..

Second: the "DOS" command to load this is REG LOAD (parameters) right?

Thanks:

SST

User avatar
Outbreaker
Posts: 703
Joined: Tue Aug 21, 2007 8:06 am

Post by Outbreaker » Thu Aug 06, 2009 3:40 pm

The "Default User" ntuser.dat file is already loaded and you will find it in the registry under "HKEY_USERS -> .DEFAULT"
And not all registry keys you are implemented in the "Default User" ntuser.dat file will also work because same programs like WMP11 or IE8 will implemented there default registry keys after the firts Users Account Login and you registry keys will be than overrided.

User avatar
galileo
Posts: 106
Joined: Sun Apr 22, 2007 8:11 pm
Location: Charlotte, NC USA

Post by galileo » Thu Aug 06, 2009 8:59 pm

@SymSpaceT

If you are looking for the hive associated with the profile (i.e. "template") for creating new user accounts then HKEY_USERS\.DEFAULT is not the "default user" hive. That hive is located under %systemdrive%\Documents and Settings\Default User\NTUSER.DAT. This is the "TEMPLATE" hive that you were referring to. This hive is NEVER loaded by the OS it must be manually loaded (opened) if you wish to edit/tweak it.

You can load and edit that hive: open the Registry Editor; select (left click on) HKEY_USERS; go the menu bar and click File > Load Hive - a dialog box will open - navigate to the path noted above and select NTUSER.DAT; a hive name dialog box will open - name the hive anything you want and click OK - you are only providing a temporary pseudo name that will be discarded when you close the hive - after clicking OK the "default user" hive will show up in the Registry Editor under the HKEY_USERS key.

You may edit to your heart's content. All the editing/tweaking that you perform will apply to ALL subsequently created (i.e. new) user accounts. This is in fact the "default user" hive template.

When you are done be sure to close the hive by executing File > Unload Hive.

Note that there is NO WAY to create "hives" that distinguish between Limited and Administrator accounts (i.e. different "default" hives). That is a permissions setting (not a hives setting per se) that is derived from your account type selection when you create the account or when you later change the account type.

Note also that you can directly edit what files, shortcuts, desktop items, etc. are included in the "default user" profile (i.e. template). Just navigate into the folder structure of the %systemdrive%\Documents and Settings\Default User and edit away...once again to your heart's content.

A final comment, all tweaks performed duing Setup (T13, T12, or T9) are made to the hive that will "become" the "default user" hive. During Setup that hive (i.e. the active hive) is in fact the Current User hive. So, tweaks can be made by referencing HKCU...and these will in fact be your "default user" hive tweaks once Setup completes (after first boot).

I don't know how much of this you were already aware of or if the foregoing helps but, there ya go.....

galileo

User avatar
SymSpaceT
Posts: 114
Joined: Thu Jan 24, 2008 5:56 pm

Post by SymSpaceT » Sat Aug 08, 2009 7:18 am

Hello folks,

I just wanted to say a quick thank you for the answers. Will have more time to reply in a few days. I believe I now have a clear picture of things that are user-related thanks to you, especially crashfly, galileo and code2^16-1

But until then let me leave you with a puzzle: I found ONE SINGLE (small) "place" where there is actually an official (i.e.: built-in, Microsoft) distinction being made between "normal" and "administrator" users in this whole unattended procedure.

Anyone who finds it can claim a piece of candy.

Cheers:

SST

Post Reply