Speed Up The PC - Passwords and User Profiles

Speed Up The PC - Passwords and User Profiles

Page Menu

Password Information
User Profiles

<>Password Information

big button General info on passwords: they're a lot easier to crack than you may think. Here's a few ways to make your passwords less crack-able. First, remember that password-cracking programs scan through literally millions of word combinations per second, so plain-English passwords such as "pencil" or "yomama" won't hold up at all. Avoid ordinary words in favor of gobbledygook. Next, never use your mother's maiden name or your cat's name as a password. Anyone who knows you, or who can access basic information on you, can make some shrewd guesses as to what your password might be, and using your middle name as a password won't do the job. You should use combinations of upper- and lower-case letters mixed in with numbers, non-alphanumerical symbols such as & and ¢, and even ASCII characters (available by holding down the Alt key and entering digit combinations on your number pad). Most cracker programs don't look for special characters unless the hacker specifies which ones to look for. Passwords should be at least seven characters long, and preferably 10 or more. You should use at least one symbol character in the second through sixth positions. Change your passwords frequently, and don't keep them on sticky notes attached to your monitor or stuck inside your desk drawer. Don't recycle old passwords.

Here's a tip so stupefyingly simple that I bet most of you never thought of it. I didn't. Keep a simple text file in Notepad or some such with all of your vital PC information, including your various login names, passwords, IP settings, phone numbers for your ISP's tech support line, credit card numbers with the expiration date, and the 800 numbers to report consumer fraud in case any odd purchases show up on your monthly statements. Just be aware that even if you hide or password-protect this file, your info is now on your computer, and can be found by sneaky folks if they have access. Don't forget it's there when you get rid of your computer, either; even a file delete or disk reformat won't make it disappear.

Of course, the easiest Windows password is the one that keeps the screen saver from disengaging. Handy for quick and dirty security, i.e. while you go to the bathroom, but in no way can this be considered "secure." A simple restart gets around this one.

It's easy to change or disable your Windows password -- maybe too easy if you're security-conscious. Bypass it during log-on by clicking Cancel. Disable it by opening the Passwords applet in Control Panel and typing your old password in the Old Password field. Now tab to the New Password field, press Enter, tab to the Confirm Password field, and again press Enter. This should eliminate your password. If not, run POLEDIT (see above), select File/Open, click on Open Registry, select LocalComputer\Network\Password, and clear the "Minimum Windows password length" option. Another way is to use TweakUI, a freebie discussed previously and available from most big shareware vendors, to skip the password procedure.

Of course, you may like Windows's password feature. If you want to make Windows remember an individual's password for DUN or netsharing, go through the Passwords applet in Control Panel, click on the User Profiles tab, and select "Users can customize their preferences and desktop settings." Click OK. The next time you boot up, Windows will ask for a logon name and password before letting you in. Don't need a password but want to log in and out? Just leave the Password box blank.

If you installed Windows with a password, and you forgot your password, Windows can be very stubborn about not allowing you access. Hit Escape at the password box, launch the MS-DOS prompt, type DIR *.PWL at the C:\WINDOWS prompt, delete the .PWL file with your name in front of it, restart your computer, and enter a new password when prompted. To delete your password before trouble begins, go into Control Panel/Passwords, click on the Change Windows Password button, enter your current password in the Old password box and click on OK. You're better off not using a password unless you really see a need; then tattoo it on your rump or something. There's a freeware program called Revelation (www.snadboy.com/) that will sneak a peek at a hidden password and tell you what it is. Network users: You can make Windows remember your password so you don't have to type it in every time you log on (by checking the "Save this password in your password list" box), but what if you later decide you'd rather restrict access? To delete a stored password, you need to load the Password List Editor from your Windows CD. Get it by inserting the disk, going through Start/Settings/Control Panel, double-clicking Add/Remove Programs, clicking the Have Disk box, and in the list box typing D:\ADMIN\APPTOOLS\PWLEDIT (replace the D: with the letter of your CD drive if different). Close the dialog box. Then find the newly installed utility in System Tools, open it, select the network resource whose stored password you want to delete (or Select All if you want to delete 'em all), and click Remove. The next time you log on, you'll be asked for your password. Also, Microsoft's TweakUI utility makes it easy to deal with persnickety passwords.

By the way, it's wise to backup any .PWL files you delete before consigning them to the eternal flames. You may want those old passwords for Web forms, saved cookies, etc.

The Windows password utility is essentially candy -- far too weak to keep anyone but the most casual amateur out of your machine. For a little more security, enable Windows' CMOS password feature. Start your system up, and access the CMOS setup program by pressing either the DEL or F1 key while the machine is booting up. Scan the menu choices for something like "Security" or "User Password," go into this menu choice, and enter your password choice. Warning: if you forget this password, you'll need to reset the system directly through the motherboard, and this isn't funny for the average user.

Many of us go through altogether too much foofaraw trying to remember all of our passwords for our various apps. Some folks use one single password for all their apps -- easy to remember, but disastrous if discovered. Others use a plethora of different passwords -- better security but hard to remember and easy to lose. The easy way to deal with this is to use a password manager utility and let it do the remembering. PassKeeper from www.passkeeper.com is a good example of a basic freeware utility that keeps up with the most arcane passwords, encrypts them to keep prying eyes from snagging your access codes, and itself demands a password for entry (OK, you can remember one). More sophisticated utilities include the freebie Whisper 32 from www.ivory.org/whisper.html, or the $25 (and quite large) Info Keep from www.infokeep.net. Users of Internet Explorer 5 have a feature called AutoComplete which lets Windows remember passwords for given sites. Not that this is secure, since Milton at the next desk or the rotten kid next door can use this feature to access your favorite Web sites while you're away from your computer. Better to use a password manager.

WinME users, you can set your system to keep unwanted users out while you're away by going into Control Panel, Power Options, Advanced, and checking the box marked "Prompt for password when computer goes off Standby and into Hibernate." Set the Power Scheme option to Home/Office Desk. Now when your PC goes to sleep, it will take a password entry to wake it up again.

Many people try to use the Save Password option under Dial-Up Networking, only to find the box grayed out. Go to support.microsoft.com/support/kb/articles/Q137/3/61.asp for info on this issue. Also, for those of you whose Save Password box is available, but doesn't work (that is, the password isn't saved), try: support.microsoft.com/support/kb/articles/Q148/9/25.asp .

Find out more about what's available in the password-cracking market by visiting www.crak.com/ and www.passware.com/, two of the major providers of app-cracking software. The Password Cracker service at www.pwcrack.com/ can help you crack everything from ZIP codes to BIOS passwords. (Why am I posting this info? Well, the bad guys and the evil teens out there already know about these sites. Why shouldn't you?)

Windows Media Player XP and 7.1 owners are broadcasting their GUID (globally unique identifier) number to sites when they request streaming media. Although some say this isn't worth worrying about, others disagree. Disable this by going into Tools, Options, and unchecking the "Allow Internet sites to uniquely identify your Player" box.

Some of you find yourself having to deal with that annoying "Password for Microsoft Networking" screen that comes up before you can get to your desktop. The easiest way is to click "Cancel" and move on, but that has the potential for problems, so don't do it. You can oftentimes get past it just by clicking OK (without the password), but not always. Here are the two easiest ways to disable this login. First, if you install the Microsoft Family Logon, the Windows Login dialog should go away. Follow these steps to install it. Right-click Network Neighborhood and choose Properties (or open the "Network" Control Panel). Then click the Add button. Double-click the "Client" entry. Select "Microsoft" on the left side. Double-click "Microsoft Family Logon" on the right side and click OK. You may need to insert your Windows 98 CD at this point, or Windows may find the files it needs automatically (depending on how your computer is set up). Now restart your computer, and that's a done deal. The second way to handle it is to download and use TweakUI. Once Tweak UI is installed, access it from the Control Panel. Select the "Logon" tab. Put a check in the box beside "Log on automatically at system startup." Then in the spaces below, enter the information you normally enter into the Windows Logon box. Be sure to get this right, and don't put anything new in these boxes. Note: some broadband accounts use the Microsoft Networking protocol, which means you can't disable it. In this case, just click Cancel and go on.

Everyone, sooner or later, logs on only to realize that they've forgotten their password. Prepare for those moments by creating a floppy disk that lets you reset your password. Go into Control Panel's User Accounts applet and click on the proper account. Click "Prevent a forgotten password" -- this starts the "Forgotten Password Wizard" found under Related Tasks on the left of the screen. Now, insert a blank, formatted floppy into Drive A: and click Next. Enter your choice of passwords in the "Current user account password" box. When you need to use the disk, at the Welcome Screen click the user name whose password is on the recovery disk and click the question mark button. This causes the "Did you forget your password" message to appear. Click "Use your password reset disk," and this starts the Password Reset Wizard. Follow the instructions from here. This works for XP, 2K, and ME computers, but not for networked computers.

A similar problem is often experienced by Win XP "administrators," who either forget their passwords or find that XP has somehow locked them out of their account. The easiest way to handle this is to reset your password. First, reboot in safe mode. Go into Start, Run, and in the Open box, type CONTROL USERPASSWORDS2, and click OK. Click into the user account that you've forgotten the password for, and click Reset Password. Type in a new password in both the New Password and Confirm New Password boxes, and click OK.

<>User Profiles

"User profiles" are a much-hated feature of Windows that most home users disable as quickly as possible. The usefulness of user profiles is that Windows can be customized for different users, including different wallpapers and so forth; the downside is that this feature is rarely used and can become obtrusive and annoying. Who wants to sign in when they don't have to? Disable your user profile by restarting your PC. When you see the logon system box, click Cancel. Now open Control Panel, click Passwords, and select the "User Profiles" tab. Select "All Users Of This PC Use The Same Preferences And Desktop," and click OK. Restart Windows, and user profiles are officially disabled. Now, get rid of the logon system box. Go back into Control Panel and into the Passwords applet, and click on "Change Passwords." Click the "Change Windows Passwords." On the "Old Password" line, enter your password. Press Tab to highlight the "New Password" line, then hit Enter (you leave the new password blank). You should see a message telling you that your password has been successfully changed. Now you'll want to delete your user profile information. To do this, you'll need to don your hip waders and go for a hike into the Registry, so back that sucker up (SYSTEM.DAT and USER.DAT, for the forgetful) first. Now open Regedit (go through Start/Run), and drill down to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ ProfileList \ (username) -- the username being whoever's profile you're scrubbing. To remove an individual profile, go to the left pane and right-click the (username) key that represents the profile you want to remove. Select "Delete," then click "Yes" to confirm. To remove every profile at once, right-click the "ProfileList" key, select "Delete," then click "Yes." Close Regedit. That takes care of the job halfway. The other half of your user profiles resides in your Windows folder. First, make sure all "hidden" files are visible: In Windows ME and XP, you go into Explorer and click either the "Show the contents of this folder" or "View the entire contents of this folder." XP may try to make things difficult for you; choose Tools, Folder Options and make sure the "Show common tasks in folders" box is selected in the General tab. You can turn all the warnings off in XP by going into Tools, Folder Options and clicking the View tab; once there, go under Advanced Settings and check the box marked "Display the contents of system folders." In earlier versions of Windows, go into either Explorer or My Computer, choose View, Options, and click on the View tab. Click the "Show All Files" or "Show hidden files and folders" button under Advanced Settings (you may need to double-click the "Hidden files" or "Hidden files and folders" icon. Uncheck the box that hides MS-DOS extensions. Now, in Explorer, navigate your way to C:\WINDOWS\PROFILES (if Windows lives on a different drive than C:, use that drive letter instead). To delete an individual profile, delete the corresponding C:\WINDOWS\PROFILES\(username) folder. To remove all user profiles, delete the entire C:\WINDOWS\PROFILES folder. Now you're clean.

Or maybe you like setting up user profiles for you and the family, or you and the rest of your project team. Go into Control Panel, double-click Users, then use the Enable Multi-user Settings wizard. Then, whenever you start Windows 98, you'll get a Welcome To Windows dialog box. To log on, type your username and password, then click OK. This allows you to customize settings such as wallpaper, desktop shortcuts, color schemes and so on for multiple users on the same system.

In XP, you get three possible user profiles (or user accounts): Administrator, Limited, and Guest. Each type of account gets to do different functions on the computer. The administrator controls the entire computer, deciding who gets to use it and what they can do on it. Limited accounts can use most of the computer, but they can't make any big changes to it. And guests can use the computer, but because the computer doesn't recognize them by name, their actions are tightly restricted.

A Millennium user asked me how to get rid of the "enter user name and password" box that currently pops up when she logged in. Somehow she lost her Change Windows Password button in the Control Panel. I couldn't help her, but the fine fellows at 5Star Support told her to go into Control Panel under Users and Add and Remove users and change the settings for the users there. It worked for her, and it should work for you.

Lots of info on getting rid of the logon screen on all flavors of Windows can be found at www.annoyances.org/exec/show/article04-103 -- some are easier than the methods I've included in this page.

Want to do away with user profiles, but retain some of a profile's settings? You can retrieve them from the user profile folder, assuming you haven't deleted it. For example, if you want to retain a user profile's desktop settings, delete the contents of the default desktop folder (probably C:\WINDOWS\DESKTOP). Next, copy the contents of the user profile's Desktop folder (C:\WINDOWS\PROFILES\DESKTOP) to the default desktop folder. Similarly, to keep a profile's Start Menu configuration, copy the contents of the C:\WINDOWS\PROFILES\\START MENU folder to C:\WINDOWS\START MENU.

When you set up Windows 9x, you "registered" it to yourself (or QuickDraw McGraw, or whoever's name you typed in). Now you want to remove your name from the computer (maybe you're selling it, or you just don't like having your name come up). You have to edit the Registry to do this, but the good news is that it isn't a difficult edit. Back up your Registry first, then go through Start/Run and type REGEDIT in the box. The Registry Editor comes up. Navigate through the left pane until you get to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion. In the right pane, select Registered Owner and press Enter. You can type in a new name or just press Delete to leave the name blank. Press Enter, and do the same thing under Registered Organization. Exit the Registry Editor, and reboot Windows. Warning: leaving the name blank on Win 95 OSR2 could trigger the system to put you through the full Setup Wizard process. Oddly enough, it won't demand that you enter a name, but it demands a Product Identification Number from the Windows Certificate of Authority that came with the original package. If you forget to include this with the PC when you sell it to someone else, that guy is going to be stuck.

XP users have a plethora of options and potential problems that the rest of us don't have to worry with. I can lead you through some of the underbrush, though you'd better bring a machete and a native guide....

The Start menu actually comes from two separate sources: one that's user-specific and one that's shared. The XP upgrade puts everything into the Shared area, so if you delete something from your account's Start menu, everyone else loses it, too. You can enable individualized Start menus by going through Start, My Computer, and clicking the Folders toolbar button. Navigate to C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU and right-click that folder. Choose Copy. Now right-click on each user's folder in C:\DOCUMENTS AND SETTINGS\ and select Paste. You may be asked to confirm replacing items in the Start menu folder; answer "Yes to all." Finally, delete C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU . Now each user has his or her own personal Start menu and can freely add or delete items without affecting others. Once this is done, installing new programs may add new items to the Shared area. You can move these to your personal Start Menu by right-dragging them to the desktop and choosing "Move Here." Right-drag them back to the Start button and again choose "Move Here."

Simple File Sharing, the default choice, is very limited and, among other things, does not allow a folder to be configured so that you alone can access it remotely, or set per-user permissions a la Windows 2000. Disable SFS by opening Windows Explorer, opening Tools, Folder Options, and clicking on the View tab. Uncheck the box for "Use simple file sharing (recommended)" and click OK. Now when you right-click a folder and choose "Sharing and security..." you'll get the detailed controls found in Win 2K. Note that XP Home users can't do this -- they're stuck with Simple File Sharing. Also, SFS allows a plethora of NetBIOS vulnerabilities and leaks, so be warned.

Fast User Switching lets you switch between users without logging off. Enable it by going through the User Accounts applet in Control Panel, click on "Change the way users log on or off," and check the "Use Fast User Switching" box. You can also access the user list by pressing and holding the Windows key and pressing L. Fast User Switching doesn't work if your computer is part of a network domain, and it can be a tremendous system resource hog when not kept in check. A good Microsoft KB article, "Architecture of Fast User Switching," is available at support.microsoft.com/default.aspx?scid=KB;EN-US;Q294737. If you find that FUS disconnects you from your dial-up connection, you'll need to use Internet Connection Sharing to stay online. Go through Control Panel's Network Connections applet, select the connection you want to share, and click on "Change settings of this connection" in the left-hand pane. On the Advanced tab, check the boxes "Allow other network users to connect through this computer's Internet connection" and "Establish a dial-up connection whenever a computer on my network attempts to access the Internet." Now the computer will stay open through a Fast User Switch. Broadband users, this won't affect you.

Protect your password: XP allows anyone to view the password hint you inputted when you first created your password. You can choose to bypass the hint and use a password reset disk instead. Create one by going through User Accounts, click on your account, choose "Prevent a forgotten password" in the task pane, and follow the prompts. Now if you forget your password, XP will ask you for the reset floppy disk. Just don't lose the disk!

Sooner or later you'll want to access the Administrator account. It isn't displayed on the Welcome screen, but you can bring it up by pressing Ctrl+Alt+Del, releasing just the Del key, and pressing Del again. This brings up a Win 2K-style login screen, which allows you Administrator access.

Some people think the XP Welcome screen gives too many ways for unscrupulous users to get into user accounts. You can use the more secure Win 2K logon box by going through User Accounts, clicking on "Change the way users log on or off," and uncheck the "Use the Welcome screen" box. This also disables Fast User Switching.

Want more secure logons? Force users to go through the Ctrl+Alt+Del logon process (to keep Trojan horses from taking over your system) and eliminate the automatic display of the last user's name in the logon box. This involves a Registry hack, so be careful. Launch Regedit and navigate to the HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System key. Find or create a DWORD value named Don'tDisplayLastUserName and set its data to 1. In the HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon key, find or create a DWORD value named DisableCAD and set its data to 0 (zero). To do this, you have to be using the Windows 2000-style logon discussed above.

If you use NTFS, you can designate who owns a hard drive. This is useful for systems with multiple user accounts. In the Administrators group, click Start, Control Panel, double-click Administrative Tools, and then Computer Management. In the console tree, click Disk Management. Right-click the drive for which you want to set up ownership, and click Properties, choose the Security tab, and click Advanced. Click on the Owner tab and click on the new owner. Click OK.

Want a subfolder in the Start menu that all users can see? Log on as an Administrator, right-click on the Start button, select "Open All Users," and double-click the folder to which you want to add a subfolder (usually you'll choose Programs). Right-click on any empty area within the box and select New, then choose Folder. Type the name of the new folder and press Enter.

You can make a user "invisible;" this can be very useful in certain network settings, and it's also an advantage if you want a plain-vanilla version of XP. Scot Finnie recommends creating a sort of "default" user that is exactly as shipped with the operating system; no customizations or changes. You can use this as a snapshot to check on how things were setup initially, track your own changes, and serves as a very basic troubleshooting aid. You should also create a user that represents your primary login, and consider setting up the "Guest" account on a network. That will leave you with two or three users on every computer just to get started, and it means you'll have more choices on the Welcome screen than is necessary when only one person uses my computers. Why not make your user accounts invisible? It's a simple Registry hack that can be completed like so:
First, open Regedit. Now, on the left pane of the Registry Editor, select HKEY_LOCAL_MACHINE (which is abbreviated to HKLM below). Then navigate to this location: HKLM \ SOFTWARE \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon \ SpecialAccounts \ UserList. With UserList open in the left pane, right-click any blank area on the right pane and choose New, DWORD Value. Give the new icon the exact name as the user account you want to hide. Then press Enter. Repeat the steps for each additional user you want to hide. That's it. Test it by choosing You're done. You can test it by choosing Start, Log Off, Switch User (if available). If you don't see Switch User, then use Log Off, but this will shut down all your apps and documents. To reverse it, just delete the icon you added. At least one user had trouble accessing Windows to reverse the change. If you run into this problem, restart your PC. You should encounter the Welcome screen with no names on it. At that point, press Ctrl-Alt-Delete. You'll probably see your main username there. Enter a password if you have one (or nothing in the Password field if you don't) and press OK. That should do the trick. If you don't see your username or it doesn't work, after you press Ctrl-Alt-Delete, type "Administrator" in your username field. No password (unless you've used Administrator before and used a password). Press OK. This will get you in. Once you are in, follow the steps from the earlier tip again. In the System Registry Editor, you can just delete the icon labeled with the username you hid. That should render everything visible again. Great tip, Scot!

There's a documented problem for XP users: "When you upgrade or install Microsoft Windows XP, passwords may be assigned to user accounts that previously had no password or you did not assign passwords to any user accounts during the installation process. As a result, you cannot log on to the computer." What happened is Windows Setup didn't complete properly. During the Windows installation, it assigns temporary passwords to your user accounts and places those passwords in a SETUPACT.LOG file located in the Windows directory. Microsoft has a site available at support.microsoft.com/default.aspx?scid=kb;EN-US;Q318026 that tells you how to boot from the Windows CD or boot disk and edit the file so you can retrieve those passwords. It's possible that if the setup gave you the opportunity to set an Administrator password, you may be able to login as Administrator by pressing Ctrl+Alt+Del twice at the login screen and logging in as Administrator. If that works, once in, you can click the Start button, right-click the My Computer icon, and choose "Manage." You'll see a folder that says "Local Users and Groups," and if you expand that, you should see the various "users." Go into these accounts and change the password. If this doesn't work, a reinstall may be in order.

Speed Up Your PC - Sub Categories: