Windows Registry Tweaks That Can Help Improve Windows System Security

Page content

Registry Tweaks

Registry Tweaks can add to the security of your network. Legal Notices and warnings can be posted in small and enterprise businesses. Although these tweaks are for stand alone computers, you may often find a need to implement these security tweaks.

Clear the paging file

The paging file can contain information about programs or sensitive data.

This tweak will slow your workstation’s ability to shutdown in a timely manner. Paging files can become huge. Clearing this file will take some time during each shutdown or reboot.

The paging file is used to trick your computer into using the hard drive as memory. Programs and information is loaded into this area and is not cleared if the computer is shutdown.

To have your system automatically delete the paging file at shutdown or restart, you’ll need to edit your system registry. Remember, tweaking the registry can leave your computer useless if you enter the wrong or incorrect values. Be careful whenever you modify your registry.

To Clear the Paging File

  1. Go to Start->Run and type in “regedit”.
  2. Go to this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management.
  3. Look for the ClearPageFileAtShutdown entry. Double click on it and enter “1” in the value data box.

When you reboot your computer, this registry entry will become effective. The shutdown or reboot after this initial reboot will clear your paging file. Your paging file will recreate itself as needed.

Another registry tweak that can help with access to data is the prevention of select drives on a system.

We have a backup computer that is used to backup files from other computers. In this computer we have an ’extra’ drive that does an internal backup. We don’t want anyone accessing this ’extra’ drive. The next registry tweak prevents access to the select drive on the system.

Prevent access to select drives on a system

This prevents users (not administrators) from assessing the drive through ‘My Computer’, ‘Explorer’, ‘using run’, ‘Mapping the drive as a Network Drive’, or using the ‘Dir’ command to view the contents of the drive.

To Prevent Access to Select Drives on a System

open regedit

Go to the following keys:

User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

Look for the value name of NoViewDrive

Use the 32bitmask to define local and network drive access for each logical drive in the computer. Drives are visible when set to 0 and hidden when set to 1.

Here is a detailed list of 32bitmask values:

A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, as you can see, the numbers are simply doubled for the next drive letter (e.g. drive D=8, therefore drive e is 16)

You should notice that the bitmask doubles on each letter as given in the sample above. If you want to hide multiple drives, add the values. Example: Drive E and drive F, the set value is 48

Restart Windows for theses changes to take effect.

A polite warning for users can be set in the next several tweaks. Professional organizations may want to give ‘Logon’ warnings to the individual users. Below is a list of tweaks to give users ‘Warnings’.

Windows Logon and Security Dialog Text

Open your registry and find or create the key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Create a new String value, or modify the existing value, called “Welcome” and set it according to the value you want.

Close regedit.

Restart or log out of Windows for the change to take effect.

Change or add the Message Shown on the Logon Box

This tweak allows for the message displayed on the logon box to be changed above the user name and password

Use regedit and find the key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

Create a new string value named ‘LogonPrompt’ and enter the text you wish to be displayed. There is a default message of: ‘Enter a user name and password that is valid for this system.’ Edit or change this value to what you want to display. Exit the registry and restart or logout of Windows for this change to take effect.

The last tweak is a legal notice dialog box before a user logs on

This tweak allows you to warn the user that he/she is being monitored and gives any other legal warning your organization requires.

Open your registry by using regedit.

Find the appropriate key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

(This tweak works on Windows NT, 2000, XP and Vista.)

Modify the value named ‘LegalNoticeCaption’ to represent the caption on the dialog box (e.g. ‘WARNING! Restricted Use!’). Modify the value named ‘LegalNoticeText’ to represent the body of the dialog box (e.g. ‘Use of this system is monitored by the Information Technology Department!’) Exit your registry and restart Windows. The next time you boot up you will be presented with the dialog box before logging on to the system.

Note: You can enter up to 1024 characters. While most of these tweaks do NOT increase security, they allow the IT Department to warn the end user. This should create an atmosphere or ‘responsible use’ from the end user.