• 

A Peoples' Counsel presents: The "real" world of Law, Justice, and government

A Peoples' Counsel Web site Effort to inform the People
link to http://peoplescounsel.orgfree.com/ <A layman's guide to the "real world" of Law, justice, and government.>

© 2005 - 2008, A Peoples' Counsel presents: Effort at information - Contact Maurice m_brahier "at" hotmail dot com

• DMCA agent and other designations, and Notices regarding Peoples' Counsel web site
• 
  

• NEW Discussions concerning what the actual Law is and why.As seen from the Peoples' view verses statute, related court rulings, history, and legislation.
• 
  
  

• Peoples' Counsel Home Check here for latest materials
• 
  
• Contact Us - - m_brahier "at" hotmail dot com
• 
  
• Peoples' Counsel Blog
• 
  
• Site Map
• 
  
• General Public warning regarding Peoples' power
• 
  
• Reference Materials and new materials including "Windows" info
• 
  
• 5-03-CV-258R, the final federal case before judicial complaints and cases
• 
  
• 12-27-04 Peoples Response to southern Ohio USDC refusals & corruption
• 
  
• 01-05-05 DCUSA activities
• 
  
• 01-29-05 Response to refusal to file
• 
  
• Response to defendant Ovington 02-09-05 ORDERS
• 
  
• 04-27-05 defendant Rice ORDER Dismissing Demand for Grand Jury & Certification of Questions to The Supreme Court
• 
  
• Peoples' 05-26-05 Response to fraudulent Order
• 
  
• PDF of 6th Circuit attempt to assign request as Appeal
• 
  
• Response to 6th Circuit attempt to assign request as Appeal
• 
  
• 01-03-06 Response to 12-23-05 nunc pro tunc ORDER issued by USDC attempting correction of supposed error stalling Appeal
• 
  
• 01-04-06 6th Circuit Notice/Letter regarding pending Appeal dismissal after receiving the 01-03-06 submission
• 
  
• Local draft copies of Peoples' Notices via blogs 2006
• 
  
• Materials concerning liability /prosecution of government officials, judges, court employees, police, other
• 
  
• Expose` of Crimes Volume 1 11-09-99
• 
  
• Expose` Of Crimes Volume II 12-19-02
• 
  
• Expose` of Crimes Volume III 02-26-04
• 
  
• Expose` Of Crimes Volume IV
• 
  
• Expose` of Crimes Volume V 04-11-04
• 
  
• Expose` of Crimes Volume VI 04-23-04
• 
  
• Expose` of Crimes Volume VIII 02-25-04
• 
  
• 
  
• Kentucky Supreme Court Case 98-SC-916-AO The People vs COMMONWEALTH OF KENTUCKY
• 
  
• 1998 Kentucky attempt to prosecute for persistent offender with criminally obtained judgments
• 
  
• Ohio 1991 to present, courts, AGENCIES, and other
• 
  
• Senate Report 93-549 Termination of The National Emergency

Additional modifications which can be used for Win9X when securing systems in networks or for multiple users configurations

Policies, in the NT operating systems, are seen as a supposed security enhancement which was unavailable in the 9X environment. That's not exactly true or accurate.

Through the use of Policy Editor [included on the CD in Tools\reskit\netadmin\poledit], one can/could setup the 9X OS in a similar fashion. This page does NOT address all the variables which one would configure via the editor; it is for some additional settings or ones that may be overlooked when using Policy Editor.

You can apply some additional tweaks [if not included already in your policies] which would further negate the ability to bypass the login procedure or enhance it. NOTE: you may need to modify both your Administrator's policy AND the user applied policies.

First the WARNING for other users who may read this and think they want this on their systems.

THESE ARE *ONLY* for enhanced networking or systems which require enhanced security. Unless you are completely aware of the full ramifications [what's going to happen after using these] DO NOT USE THESE tweaks. These are generally ONLY useful to those who have applied policies to 9X networks AND *have created reset disks [which remove/reset these settings to default or open access via a proper REG file] from DOS and/or via the Administrator Policy* which they have already setup [the first policy created AND applied].

Modifying the registry is NOT for those unfamiliar with and aware of, ALL of the issues which may occur because of these modifications. One wrong entry and you may lock yourself out of the system or destroy its ability to boot, or force you to completely re-install. Use of policies is NOT recommended for general user environments.

There are some potentially useful registry edits which MAY be necessary in your particular setup:

Passwords - User Names

One of the registry edits REQUIRES the use of alpha numeric passwords [that's a combination of letters AND numbers {anything else fails}]:
User Key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
System Key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
Name: AlphanumPwds
Type: REG_DWORD (DWORD Value)
Value: (0 = disabled, 1=enabled)

Another *Passwords* registry entry requires passwords be of a minimum length:
User Key:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network]
System Key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network]
Name: MinPwdLen
Type: REG_BINARY (Binary Value such as 06)

If 9X is used in a Domain

IF connected to a true Network with proper servers, this will ensure that the user is authenticated:
Your machine MUST be part of a Windows domain [or a server which provides this] for this registry modification to work. The user MUST be authenticated by the network or no logon can occur.
System Key:
[HKEY_LOCAL_MACHINE\Network\Logon]
Name: MustBeValidated
Type: REG_DWORD (DWORD Value)
Value: (0 = disabled, 1 = enabled)

If you use a domain, this is useful to display whether that was accomplished:
System Key:
[HKEY_LOCAL_MACHINE\Network\Logon]
Name: DomainLogonMessage
Type: REG_DWORD (DWORD Value)
Value: (0 = disabled, 1 = enabled)

To disable Domain Password caching:
System Key:
[HKEY_LOCAL_MACHINE\Network\Logon]
Name: NoDomainPwdCaching
Type: REG_DWORD (DWORD Value)
Value: (0 = disabled, 1 = enabled)

The Logon settings

A good idea is to supply a legal notice or some form of information/help screen [such as How To Logon] prior to login:
System Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
Names [two created/modified]: LegalNoticeCaption, LegalNoticeText
Type: REG_SZ (String Value)
Place whatever short title you want under LegalNoticeCaption, then the text to be displayed under LegalNoticeText.

To allow a *screen saver* at the logon screen [not generally available, but useful if the machine is sitting waiting for a logon for extended periods]:
System Key:
[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
Names: PowerOffActive, ScreenSaveActive, SCRNSAVE.EXE
Type: REG_SZ (String Value)
NOTE that is *{dot}DEFAULT*. To enable power-off on the logon screen:
Modify the value of "PowerOffActive" and set it to "1".
Modify the value of "ScreenSaveActive" and set it to "1".
Modify the value of "SCRNSAVE.EXE" and set it to "(None)".
Open the key [HKEY_USERS\.DEFAULT\Control Panel\PowerCfg].
Modify the value of "CurrentPowerPolicy" and set it to "0".

This modification removes or shows last user [useful when a default login account is used, or to clear previous user]:
System Key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
Name: DontDisplayLastUserName
Type: REG_SZ (String Value)
Value: (1 = remove username, 0 = display username)

Usually users can simply press 'Cancel' at the Windows logon box to bypass the login process and gain access to the local computer. This registry modification will logout the user if the authentication fails or the user clicks Cancel.
User Key:
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
Name: NoLogon
Type: REG_SZ (String Value)
"RUNDLL32 shell32,SHExitWindowsEx 0"
NOTE this caution:
THIS TWEAK REQUIRES AN ALREADY SETUP *DEFAULT* NON-ADMINISTRATOR USER ACCOUNT [don't forget your needed unmodified master administrator account and your PREMADE reset disk]. Any subsequent new user accounts that are created will inherit the 'NoLogon' value and therefore reboot when they attempt to login [will not be able to login] or you manually modify their USER section to remove this.

INTERNET EXPLORER and Internet settings:

If Internet Explorer is still enabled [or to ensure it does not cache passwords]:
User Key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
Name: DisablePasswordCaching
Type: REG_DWORD (DWORD Value)
Value: (0 = default, 1 = disable password cache)
Also, you can disable Internet access by Internet Explorer or any other browser/application that relies upon the registry {Windows Internet API} proxy settings:
User Key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
Names: ProxyEnable, ProxyServer, ProxyOverride
Type: REG_SZ (String Value)
Change the value of "ProxyEnable" and set it to "1". Change the value of "ProxyServer" by setting it to an IP address and port that is INVALID anywhere on your network, such as "44.0.0.1:5555" (i.e. a non-existant "IP:Port"). Setting the value of 'ProxyOverride' to equal '<local>' will stop internal addresses from going through the proxy.
Add/modify these Keys disable the ability to change these settings via Control Panel:
User Key:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
Create two DWORD values named "Connection Settings" and "Connwiz Admin Lock" and set them both to "1". Your other settings, INCLUDING your firewall, should block access outside your network by Internet Explorer or other applications/browsers.
System Key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
Name: ProxySettingsPerUser
Type: REG_DWORD (DWORD Value)
Value: (0 = whole machine, 1 = per user)

You should have setup the user policies during your Policy creation process, but to ensure they are applied:
To FORCE the use of machine/system wide Internet settings rather than individual user settings:
System Key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
Name: Security_HKLM_only
Type: REG_DWORD (DWORD Value)
Value: (0 = use individual user settings, 1 = machine settings)

WINDOWS SCRIPTIING, DCOM, OLE, Shell Extensions:

If Windows Scripting is being used or allowed, you can set the Trust policy to require a Trusted signature:
User Key:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script Host\Settings]
Name: TrustPolicy
Type: REG_DWORD (DWORD Value)
Value: "0" = all, "1" = prompt, "2" = only trusted
MASTER WINDOWS SCRIPTING KEYS:
System Key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings]
Name: Enable, Remote, DisplayLogo
Enable (REG_DWORD)
"0" - disabled \ "1" - enabled
Remote (REG_DWORD)
"0" - disable remote scripts \ "1" - allow remote scripts
DisplayLogo (REG_SZ)
"0" - no logo \ "1" - display logo
To change how various extensions are handled:
JS Files
[HKEY_CLASSES_ROOT\JSFile\Shell]
JSE Files
[HKEY_CLASSES_ROOT\JSEFile\Shell]
VBE Files
[HKEY_CLASSES_ROOT\VBEFile\Shell]
VBS Files
[HKEY_CLASSES_ROOT\VBSFile\Shell]
WSH Files
[HKEY_CLASSES_ROOT\WSHFile\Shell]
WSF Files
[HKEY_CLASSES_ROOT\WSFFile\Shell]
Changing/modifying the value of "(Default)" to equal "Edit". The default will then be to edit the file rather than run it.
In addition you can change the default editor for each script type be changing the "(Default)" value under the [...\Shell\Edit\Command] sub-key.

To disable Distributed Component Object Models {DCOM}:
System Key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
Name: EnableDCOM
Type: REG_SZ (String Value)
Value: "Y" = enabled, "N" = disabled

To enforce Shell Extension security [allowing ONLY those registered] you can modify this key:
User Key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Name: EnforceShellExtensionSecurity
Type: REG_DWORD (DWORD Value)
Value: (0 = default, 1 = enable security)

LOG OFF, Dialing, Remote Access, Control Panel, Printers, other

To remove the LOG OFF {USER} from the Start Menu:
User Key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Name: NoLogOff
Type: REG_DWORD (DWORD Value)
Value: (1 = no log off, 0 = show log off)
Note: older versions of windows may require a REG_BINARY value rather than [instead of] the REG_DWORD value.

DIALING - REMOTE ACCESS Restrictions

To disable *Dial In* access to the network, which may be used to circumvent restrictions:
User Key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
System Key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Network]
Name: NoDialIn
Type: REG_DWORD (DWORD Value)
Value: (0 = dial-in enabled, 1 = dial-in disabled)

To disable auto dial for Internet Connections:
User Key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
Name: EnableAutodial
Type: REG_DWORD (DWORD Value)
Value: (0 = disabled, 1 = enabled)

And another to disable remote/Internet connections at Startup:
System Key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
Name: EnableRemoteConnect
Type: REG_SZ (String Value)
Value: "Y" = enable automatic connections, "N" = disabled

Disable User saved settings,

To disable any user settings saved at shutdown:
User Key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Name: NoSaveSettings
Type: REG_DWORD (DWORD Value)
Value: (0 = disabled, 1 = enabled)

A master KEY which can be used to disable/remove the Control Panel, Printers, and Network Connection settings from the Start menu.
User Key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Name: NoSetFolders
Type: REG_DWORD (DWORD Value)
Value: (0 = disabled, 1 = enabled)
Note: This tweak will/may also disable the Windows Explorer hotkey shortcut (Windows + E).
Adding the diasable TaskBar settings restriction removes the Taskbar and Start Menu item from the Control Panel, and it also removes the Properties item from the Start menu context menu :
User Key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Name: NoSetTaskbar
Type: REG_DWORD (DWORD Value)
Value: (0 = disabled, 1 = enabled)

MSDOS.SYS edits:

Value: BootDelay=2 (default) set this to zero and delay is gone.

Value: BootKeys=1 (default) or BootKeys=0 (disabled)

Value: BootMenu=0 (default)

SYSTEM.INI modification

[386Enh]
KybdReboot=False - changing this to True makes control+alt+delete reboot the computer rather than showing the task manager.

These are not the only Keys and modifications that can be done, however, these ARE instrumental in creating a secured system in conjunction with policies, firewalls, other networking restrictions, and programs which might be used to monitor, limit, or track network and Internet usage.

Many of the above work only in 9X, however, some are cross platform. Check on the Internet for other settings on sites such as www.winguides.com, LockerGnome, DougKnox, MDGX, msdn.microsoft.com/netframework/, www.mvps.org/links.html, cma.zdnet.com/book/win98prfref/index.htm, www.microsoft.com/communities/default.mspx.

Search and Advertising

	Web peoplescounsel.orgfree.com

Search The Web This Site for Get a Free Search Engine for Your Web Site