Non-Imaged PC Preparation (Post Windows XP Installation)Document Transcript
Policy for Non-Imaged WinXP Setup
All new XP computers that exist on the physical network MUST adhere to the following.
All exceptions to this configuration must be authorized by me before it goes on the
network. Forgetting to implement one or another of these tweaks has been a chronic
problem. Do not skim it. Ken
• Download and install drivers for all unknown devices
• In Display Properties:
o In Themes choose “Windows Classic”
o In Settings, put the resolution all the way to the max setting
o In Screen Saver – Power – disable hibernate on all computers, disable
standby on desktops. Turn off monitor after 2 hours; turn off hard disks
after 30 minutes. (must be done in each account separately)
• In Taskbar Properties:
o Uncheck “Hide inactive icons”
o Check “Show Quick Launch”
o In the Star Menu tab, choose “Classic Start menu”
Click Customize and check off “Display Administrative Tools”
• In Network Connections properties:
o Uncheck “QoS Packet Scheduler”
o Check “Show icon in notification area when connected”
o Go to Internet Protocol (TCP/IP) Properties:
Go to advanced, then WINS tab:
• Uncheck “Enable LMHOSTS lookup” and check off “Enable
NetBIOS over TCP/IP”
In the Advanced Tab go to Windows Firewall Settings
• In the Exceptions Tab, check off “File and Printer Sharing”
and “Remote Desktop”. Nothing else.
• In the Advanced Tab, go to ICMP settings and check off
“Allow incoming echo request”
(Staff computers that map to the X Drive have slightly different WINS
options – ask Ken)
• In Control Panel:
o User Accounts - Change the way users log on or off, uncheck both
o Automatic Updates - change the update time to Everyday at 3AM.
o Printers and Faxes – File-Server Properties. In advanced, make sure all
options are checked.
o Internet Options – Temporary Internet Files – Settings – change the
Internet Cache size to 15MB (must be done in each account separately).
Do this for grads and multi-user PC’s.
o Folder Options – Use Windows Classic Folders. View – Check off “show
hidden files and folders”, Uncheck “Hide extensions for known file types”
and “Use simple file sharing” (must be done in each account separately)
o Add/remove programs – Google Desktop
o Add/remove programs – Windows components – Remove Fax Services
and MSN Explorer
• In Manage:
o In Services, Stop and Disable Themes, Messenger, and for desktops only
disable Wireless Zero Configuration.
o In Event Viewer, change properties for Application, Security, and System
to Max log size 4,992 KB and choose “Overwrite as needed”
• In My Computer Properties:
o Make sure Point Restore is enabled
o Advanced Tab - Error Reporting - Disable error reporting, check off “But
notify me when critical errors occur”
• Go to Administrative Tools, Local Security Policy. Local Policies, Audit Policy.
Set “Logon events” and “System events” to Success and Failure.
• Add-Printer Tweak in GPEdit :
o 1. Start > Run
3. Computer Configuration (up top)
4. Windows Settings
5. Security Settings
6. Local Policy
7. User Rights Assignment
8. Object Types – Check Groups
9. Add "users" and "power users" to group under "Load and Unload
Now even limited users can add network printers instead of having to
contact us all the time.
o Norton Antivirus (one labeled ‘Use This’ on Shopdrive) Disable Network
Drive Scanning and make sure the log is set at 30 years.
o Microsoft Office 2003 – Each faculty is expected to buy at least one 5-user
pack of Office for their area. How to buy this is on the Psych Shop
webpages. Faculty who haven’t bought Office XP will buy Office 2003
(the only current version they can buy) and they are responsible to retain
their Office install CD’s, not the Shop.
o FoxIt PDF Reader. All computers should have the free version of Foxit
Reader installed. Wait for the user to ask for the full version of Acrobat
and then at that point explain that we can install Full Acrobat but the
software must first be bought at the NYU Computer Store. If you do install
any version of Acrobat on any PC, remove the crap it installs into the
startup folder (i.e. speedstart and acrobat synchronizer)
o Thunderbird – latest version
o SSH File Transfer Client
o Roxio (Dell OEM) not Nero. Nero is hard for naïve users to use.
o Tweak UI (under XP Powertoys) – Go to Explorer and check the last 2
options – “Use Classic Search in Explorer” and “Use Classic Search in
o Install the latest flash player since many web pages now require this add-
o Install java for desktop – find the most recent version of JRE (Java
Runtime Environment) on the Sun website
• All computers will be labeled with IP address and hostname.
• NetBIOS name should correspond to DNS name. Workgroup should be
• BOTH shopadmin and administrator usernames should adhere to the “new” style
• Users will receive their passwords from you. Passwords are at least 8 characters
long, aren’t dictionary words and contain at least a few garbage characters.
Compel the user to write down their new password because otherwise they will
frantically bug us at 2AM when they forget it.
• Sound should be disabled in the BIOS on all desktop PC’s that will be used by
grads or a PC that will sit in a “public” multi-user area. Post-docs can have
sound, but you must explain to them that we offer ZERO support of music-related
applications and their iPod problems. MP3 players have nothing to do with
academics. If you disable sound, it is a surprisingly effective preventative to a lot
of the crud that grads will install into a PC.
• No GOOGLE TOOLBAR – it is potentially confusing for the user to have 2 pop-
up blockers installed, especially since both FAME and NYU HOME actually
REQUIRE pop-ups. Let the user decide if they want the google bar.
• Users should be directed to the “Add-Printer How-to.” We really want users to
know how to add printers themselves.