Microsoft Windows Registry Guide, Second Edition

Logging On Automatically After Installation

If you're using the [GuiRunOnce] section to deploy settings or to run programs after installing Windows, you'll want to automatically log on to the operating system immediately after the Windows installation is finished. You'll also likely want to log on as local Administrator to install applications that require elevated privileges or to change settings in HKLM that restricted users can't change. For the latter task, use the AutoLogon setting in the [GuiUnattended] section of your answer file. Set AutoLogon=Yes. This sets the value AutoAdminLogon in the key HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon, which you learn about in Chapter 18, “Fixing Common IT Problems.”

You must also set AutoLogonCount in the [GuiUnattended] section. This setting specifies the number of times that you want to automatically log on to Windows as local Administrator. This sets the value AutoLogonCount in the key HKLM\Software\Microsoft\Windows\CurrentVersion\WinLogon. Normally, you'd log on to Windows only one time by setting AutoLogonCount=1. However, you can log on to the operating system as many times as necessary, such as when a setup program restarts the computer in the middle of the installation process. The following lines show you the settings necessary to use this feature:

[GuiUnattended] AutoLogon=Yes AutoLogonCount=1 [GuiRunOnce] "regedit %SYSTEMROOT%\Settings.reg /s"

When you set a password using the AdminPassword setting in the [GuiUnattended] section, Windows uses that password to log the local Administrator on to it. However, if you encrypt the password and set EncryptedAdminPassword=Yes, Windows disables this feature. You trade between security and deployment convenience. Don't panic, though; when Windows finishes installing, it removes the password from any local copies of the answer file, such as %SystemRoot%\System32\$winnt$.sif.

Configuring Windows Firewall

Windows XP Service Pack 2 (SP2) and Windows Server 2003 Service Pack 1 (SP1) include the new Windows Firewall. Most companies and many enthusiasts will want to customize Windows Firewall during installation. Microsoft provides three methods of doing this. In a business environment, the best way to manage Windows Firewall settings is to use the new Windows Firewall Group Policy settings. This requires using Active Directory with either Windows 2000 or Windows Server 2003 domain controllers. For more information, see http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/depfwset/wfsp2wgp.mspx.

The following list describes customization methods that don't require Group Policy:

For more information about using these options, see http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/depfwset/wfsp2ngp.mspx.

Категории