The Windows XP Start menu supports a variety of customizable settings via the Customize Start Menu window accessed by clicking the Customize button on the Start Menu tab of the Taskbar and Start Menu Properties window. For users choosing the XP-style Start menu, available customizations include the ability to choose between large and small icon sizes, the ability to control how many programs appear on the Start menu as well as clear this list, and the ability to configure which web browser and e-mail client will appear on the Start menu according to which programs have been installed on your system. The ability to use small icons will appeal to users with smaller monitors, while increasing the number of programs displayed will help power users with the need to access many different programs regularly. Clearing the list of programs makes it easy to rebuild your list of displayed shortcuts in the event that you no longer use many of the programs currently on the list and want to rebuild it selectively.
If you’ve chosen to use and customize the Classic Start menu, you’ll be presented with the Customize Classic Start Menu window, as shown below. This screen looks very similar to those found in previous Windows versions and allows you to add, remove, and sort Start menu items, as well as control which icons will appear on the menu. Overall, the customization options available with the Classic Start menu are fewer, but still give you a reasonable level of control over how the Start menu appears and behaves.
One of the best things about XP’s new-style Start menu is the degree of flexibility you have in customizing it to better suit your needs and preferences. The XP-style Start menu allows you to control which programs shortcuts appear on the first level of the menu after clicking the Start button. Known as “pinning”, you can force program shortcut items to appear on the lefthand side of the menu by right-clicking on an executable file (or its shortcut) and then selecting the “Pin to Start menu” option, as shown below. This will ensure that the item always remains on the Start menu, saving you the trouble of trying to find it under the All Programs group each time you need to open it. If you’re diligent about pinning regularly used items to the Start menu, you can largely avoid having a desktop full of disorganized shortcuts, and make opening programs an absolutely straightforward and organized endeavor. The best part is that you can also change your mind and unpin an item at any time – simply right-click on the item in question and select the Unpin from Start menu option.
Determining which items have been pinned to the Start menu can be a little confusing to new users. In simple terms, XP separates pinned items from other program shortcuts on the left-hand side of the Start menu by locating them at the top of the list, as shown below. The items beneath the break are not pinned, and appear on the Start menu as a function of frequent usage. If a shortcut appears in the lower part of this list, you can simply drag it to the pinned area at top to pin it, or again right-click the shortcut and select the Pin to Start menu option. Make a point of pinning your 5 to 6 most common shortcuts in this manner and you’ll soon wonder how you ever got by without it. In the next section you’ll learn how to customize XP to display more or less shortcut icons on the Start menu rather than the six that will appear there by default.
If you’ve used XP for any reasonable period of time, chances are good that you’re familiar with its main purpose, namely to act as a starting point towards accessing shortcuts to programs, documents, and tools such as those found in Control Panel. By default, Windows XP uses a new Start menu that’s a little different than in previous versions of Windows. Instead of the standard shortcut grouping found in versions of Windows from 95 to 2000, XP includes a more customizable Start menu that incorporates the ability to quickly add or remove items, control how many shortcuts are listed, change icon sizes, and more. In the next section you’ll learn how to switch from this default menu to the “classic” Start menu used in earlier versions if that’s your preference. For now, we’re going to assume that you’re using the default XP Start menu, since it allows the greatest degree of customization.
A very wise person once said that old habits die hard. When Windows XP was first released, many users resisted the upgraded interface, prefering the old Windows environment that they had come to know and love. Windows XP allows users to switch between the native XP desktop style or kick it old school with what is commonly referred to as Classic Windows mode. In classic Windows mode, the XP desktop takes on a look and feel similar to Windows 2000 or ME, a style that many users still prefer. One knock on the new style XP Start menu is that is takes up too much room on the screen, especially when used on systems with small monitors. If you’ve got a smaller monitor, you may want to consider switching the Start menu to classic mode, if for no other reason than to save valuable desktop real estate.
Making the change from XP’s default Start menu to the Classic Windows style is exceptionally simple. Just click on the Start button and then right-click on an area of free space and click Properties. This opens the Taskbar and Start Menu Properties page to the Start Menu tab, as shown below. Switching your Start menu to the Classic Start menu is as simple as selecting the appropriate option from this screen, as shown below. This change is immediate once you click OK, and does not change the look or feel of XP’s windows; only the style of the Start menu is changed. To change the look of individual windows back to a pre-XP style, use the Display applet in Control Panel. From the Appearance tab select Windows Classic style from the Windows and buttons drop-down menu and you’ll be off to the races, kicking it old school!
Although some users will find it useful, one potentially dangerous feature of XP is its ability to cache username and password information associated with Web sites accessed via Internet Explorer. For example, on a system with multiple users sharing a single user account, a user might select the option to have XP remember the username and password used while logging on to a secure Web site, thus allowing other system users to potentially access it as well. While not a big issue for a news-related site, it’s easy to be a little more worried if it was your banking information others could get at.
The easiest solution to this problem is to set up a unique XP user account for each user, since this would cache usernames and passwords for each person individually. However, accessing this information would still be relatively simple for a user with administrator-level access. For this reason, password caching can be completely disabled, forcing a user to enter a complete username and password when visiting a secure site in Internet Explorer. To do so, fire up Regedit one more time and browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings. Creating a REG_DWORD value named DisablePasswordCaching and setting it to a value of 1 will force the current user to supply both a username and password on each visit to a secure Web site.
While locking an XP system is always a good idea if you plan to leave a system unattended for some period of time, it can also cause issues for users, especially if the PC will be publicly accessible. For example, imagine an XP Pro system that is configured as an information kiosk in a business, or even a system at an Internet café. If random users chose to lock the system (by pressing Ctrl+Alt+Delete and clicking the Lock Computer button), an administrator would need to manually unlock the system. To avoid this, the Lock Computer button can be disabled.
To disable the Lock Computer button, open Regedit and browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
System and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
System and create a new REG_DWORD value in each called DisableLockWorkstation. Setting this value to 0 will allow the Lock Computer button to be used, while 1 will disable it.
If you’re already familiar with screensavers, then you know that XP allows you to require users to submit their password to unlock the computer once the screensaver is running. By default, the Unlock Computer dialog box will supply the name of the current user, requiring only a password to be provided to get back to the desktop. This configuration suffers from the same issue as displaying the last username in the Log On to Windows dialog box, since half the required information to access the system is already provided.
To disable XP from displaying the username and require users to provide both a valid username and password to exit the screensaver, yet another Registry edit does the trick. Open Regedit and access the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon key and create a new REG_DWORD value called ForceUnlockLogon. Setting this to a value of 0 requires the user to submit a password only, while a value of 1 requires both the username and password to be resubmitted.
In order to gain access to XP systems where logon is required, only two key pieces of information are required – a valid username, and the password associated with that account. By default, Windows XP is configured such that the name of the last user to have logged on to the system appears automatically in the Log On to Windows dialog box. In effect, this is inherently insecure, since it gives other users half the information they require to log on to the system.
For a higher degree of security, Windows XP can be configured to not display the name of the last user that logged on to the system in the username text box. This is an especially useful feature on systems used by multiple users, since many people won’t even bother to look at the username text box during logon, and will attempt to enter their password only, resulting in a failed logon attempt. Whether the last username is displayed can again be controlled with a simple registry tweak. To stop the last username from being displayed, open Regedit and browse to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
System and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
System and create a new REG_DWORD value in each called DontDisplayLastUserName. A value of 0 will display the name of the last user to log on to the system, while 1 will hide it.
If you disable the XP Welcome screen and require the Ctrl+Alt+Delete key combination as part of the logon process, users are presented with the standard Log On to Windows dialog box where they need to supply a username and password. By default, this box displays a message stating, “Enter a user name and password that is valid for this system”. While this message may suit you fine, it can also be changed with a very simple registry edit.
To personalize or customize this message, open Regedit and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. The value that you’ll want to create is a REG_SZ value called LogonPrompt. Change this value and enter your message of choice, for example, “By entering your username and password below, you confirm that SuperCorp has given you permission to use this system”. After a reboot, this message will appear in the logon dialog box.
Often referred to as “the 3-fingered salute”, many users find it strange that they must press the Ctrl+Alt+Delete key combination when attempting to log on to a system running Windows XP Professional. This is because this key combination has been traditionally associated with forcing a system restart. On XP systems today, pressing Ctrl+Alt+Delete represents a special call to the security subsystem, that can display the logon window, task manager, and on XP Professional systems the Security dialog box.
In most cases, you are better off having the Ctrl+Alt+Delete key combination required and enabled for security purposes. To do so, open Control Panel and then click the User Accounts applet. If you click the Change the way users log on or off link in the Pick a task section and then uncheck the Use the Welcome screen checkbox (as shown below), all users will be forced to press the key combination prior to logon. Alternatively, this setting can be changed by firing up Regedit and creating a new REG_DWORD value called DisableCAD in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. A value of 0 will require the Ctrl+Alt+Delete key combination, while a value of 1 disables the requirement.
As a general rule, users should change their passwords at regular intervals for security purposes. While encouraging users to change their passwords regularly is a good idea, this often leads to issues with users forgetting their passwords. Since resetting passwords for other users can quickly become a pain if you constantly find yourself doing it, XP includes the ability to disable the Change Password button found on the Windows Security dialog box.
To disable this button, open Regedit and browse to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System and HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\
System keys and create new REG_DWORD values named DisableChangePassword in each. Configuring a value of 0 will allow the user to change their password, while a value of 1 will disable the Change Password button, forcing them to use their current password. In most cases, good security practices would dictate that you grant a user the ability the change their password. However, in the case where a user insists on using a poor password, this allows you to control the password that they much use (hopefully a strong password), without the fear of the user changing it.