Stable Windows XP, or proper system setup after installation
This article describes the technology for setting up a computer (before and after) after installing the operating system, which I spied on my teska and a good admin with the nickname jinsan.
The described steps are extremely advisory and quite generalized. How to proceed at each stage and which software products to use is up to each individual. Each step is briefly but succinctly laid out, so that it is clear why and why. The sequence of actions is optimized so as to make less unnecessary movements (“do not trust the hardworking admin ....” ©)
This article can be taken as a template for further actions. The setting is designed for use on client computers (most often - at the workplace) and does not provide for amenities / amenities.
Let's get started ...
In my practice, I usually break a hard drive into three sections:
There will not be any user information on the system partition - only the operating system.
All file systems are NTFS.
Here I will not go into details - I think everyone passed this stage and they know it by heart.
For my installations, I use the original Microsoft disk, with the latest updates and without any other bells and whistles. But here it is up to everyone personally ...
I usually indicate the administrator password as a numerical password - in the future it will still change.
Install all the necessary drivers.
A couple of times I had that the native driver disk could not be read, or something else, but the drivers for the network were not found (Windows in its role ...). In such a situation, the LiveCD with the same Slax rescues very much .
After installing all the drivers (you should make sure that the device manager (devmgmt.msc) does not display any question / exclamation marks), we proceed to create the first backup.
First, copy all the drivers used to the E: drive, for example, to the Drivers folder.
Then we reboot the system and boot from Hiren . Select the preferred backup wizard (I use Norton Ghost), and create a full backup of the first partition (C :) to the E: drive. How to name the archive is up to you, I call it C_Drivers, and in the description I indicate what is installed (in our case, the driver).
Immediately, I note that almost all of the actions described here will be called through Start-> Run. Almost any of them can be reached through the control panel, but this is a long time, and we still have a lot to do.
We execute (via Start-> Run) lusrmgr.msc, and in users we change the administrator password to your favorite secret password, and we also add the user user. It is better to set him a simple password, for example, also user.
The rest (other users, rights) - at the discretion and requirements of your policy - we are considering a general option.
I am sure that during the implementation of the previous paragraph, the Security Center window popped up more than once that everything is bad and nothing works. Immediately turn it off so as not to bother. Click on it with the mouse, and in the window that appears on the left, click "Change the way notifications are displayed" (or something like that). We remove all the jackdaws and close these windows.
Next, we remove the prettiness and special effects: click Win + Pause, the Advanced tab, the topmost button is Performance. In the window that appears, on the tab Visual Effects, select the item Ensure the best performance.
Now we will return the task manager to the home with three large buttons - go to the control panel -> Account Management, and select Change the welcome window. We remove all the jackdaws and close the windows.
Change the display mode of the folders. Open the explorer and set the display mode to Table. For convenience, you can stretch the first column a little. Next, select Tools-> Folder Options-> View. We remove the daws from: Use a simple way to display files, remember the display settings for each folder, hide protected system files (confirm), hide extensions for registered file types. We put daws: display the contents of system folders, show hidden files and folders, do not cache thumbnails. Apply the changes (Apply button) and click Apply to all folders.
Add the necessary languages and choose a convenient method for switching them
The first thing is autoran. We execute gpedit.msc. We find: User Configuration-> Administrative Templates (usually the last item in the tree) -> System. In it we find the item Disable startup. Set Enable and apply to all drives. OK.
We turn off some unnecessary services: Run-> services.msc. For the following services, I set the startup mode to “disabled”:Windows Update , Remote Registry, Windows Time, Windows Themes. You can go through the services and cut even more (initially we left only 13-15 services on client computers).
Deny write to users on drive C: Go to the properties of drive C, on the security tab, make sure that the user does not have write permissions. ATTENTION. When changing this parameter, make sure that the additional options do not have the checkbox Replace the rights of child folders, otherwise the settings of the Documents and Settings folder will be met, and the easiest way out is to rearrange everything again.
Install the main applications: Antivirus, archiver, browser.
Install additional applications to your taste.
We remove the necessary shortcuts to the user's desktop (or for all users - C: \ Documents and Settings \ All users \ Desktop)
Now it's time to set up the user. We log in under his account and first of all we change the path to the My Documents folder: right-click on the My Documents folder-> Properties-> Folder Path: D: \ My documents-> Ok-> Yes-> Yes
We return to the administrative account again, and change the security for the folder C: \ Documents and Settings \ user \ Desktop. We prohibit the user from writing to this folder. You can, of course, climb the registry and change the path to the user's desktop folder, but as for me, this is an easier way. Yes, and an aesthetically clean desktop looks much more beautiful than a mess of a bunch of icons and documents.
We prohibit users from changing the path to the My Documents folder: gpedit.msc-> User Configuration-> Desktop-> Prevent users from changing the path of the My Documents folder.
To simplify the work of poor users, enable the autologin: Run-> control userpasswords2. We remove the daw Require username and password. Specify the username and (twice) user password.
We remove the letter from the backup disk: Run-> diskmgmt.msc. Find our backup drive (E :) and right-click, select Change drive letter. Delete all letters.
Reboot.
We get into the user account, check that all applications work. In case something does not work, we are looking for ways to solve the problem. Most likely, the application requires write permissions to its folder - for this, from the admin account, change the rights to the application folder and allow the user to write to it (it is better to replace the rights of child objects).
I’ll check the user’s ability to write to the desktop, to the folder my documents and so on.
If everything works, go ahead.
After a long setup and painstaking licking of our system, it is worth making another backup. In essence, the process of its creation is no different from the first, with the exception of the name and description.
The benefits of backups cannot be overestimated. In the future, if we had any problems with the computer that could not be resolved by a banal reboot, or within 20 minutes, it would be enough to boot from the siren, restore the last image, pick up the disk, go have a coffee, and come, just to to reboot the system.
If you install some new software, or change the settings, do not be too lazy to update the backup, because otherwise all the charm of backups is lost and the method described in the previous paragraph becomes not so elegant, because after each restoration you will have to reinstall the missing software or change the settings.
In the event that there are many identical machines, you can connect an external screw and make a complete image of the original hard disk, so that later you can deploy it to all other computers. But this is a separate article.
The described steps are extremely advisory and quite generalized. How to proceed at each stage and which software products to use is up to each individual. Each step is briefly but succinctly laid out, so that it is clear why and why. The sequence of actions is optimized so as to make less unnecessary movements (“do not trust the hardworking admin ....” ©)
This article can be taken as a template for further actions. The setting is designed for use on client computers (most often - at the workplace) and does not provide for amenities / amenities.
Let's get started ...
BIOS setup
- Download priority
To prevent downloading from external devices, it is better to leave only the first item, and disable everything else:- HDD
- Disabled or CD-ROM
- Disabled or network
- BIOS password
To prevent changing the BIOS boot priority. It is better to put a password, which in which case is not a pity to disclose. If there is an opportunity - it should be installed and the choice of the boot sequence via the hot button (see below). - Priority of loading via a hot button
Most BIOSes allow changing the priority of loading by pressing a hot button. In some, it’s F12, F8. If it is possible to set a password for this function, it is better to leave it (in the future, fewer actions will have to be done), otherwise - it is better to disable and change the download’s pricing through the BIOS. - Disabling unnecessary devices
such as LPT and COM ports, support for USB keyboard and mouse, Game port. Of course, if any of this you use ...
HDD preparation
In my practice, I usually break a hard drive into three sections:
- C: (SYSTEM) - system, boot. Depending on the intended purpose of the computer - from 20 to 50Gb
- D: (DATA) is the largest section with user data. It takes up all the available space (excluding E :)
- E: (BACKUP) - The last partition on which C: drive backups are stored. In size - one and a half to two times larger than drive C:
There will not be any user information on the system partition - only the operating system.
All file systems are NTFS.
Operating system installation
Here I will not go into details - I think everyone passed this stage and they know it by heart.
For my installations, I use the original Microsoft disk, with the latest updates and without any other bells and whistles. But here it is up to everyone personally ...
I usually indicate the administrator password as a numerical password - in the future it will still change.
Windows setup
Drivers
Install all the necessary drivers.
A couple of times I had that the native driver disk could not be read, or something else, but the drivers for the network were not found (Windows in its role ...). In such a situation, the LiveCD with the same Slax rescues very much .
First backup
After installing all the drivers (you should make sure that the device manager (devmgmt.msc) does not display any question / exclamation marks), we proceed to create the first backup.
First, copy all the drivers used to the E: drive, for example, to the Drivers folder.
Then we reboot the system and boot from Hiren . Select the preferred backup wizard (I use Norton Ghost), and create a full backup of the first partition (C :) to the E: drive. How to name the archive is up to you, I call it C_Drivers, and in the description I indicate what is installed (in our case, the driver).
Admin Password and Users
Immediately, I note that almost all of the actions described here will be called through Start-> Run. Almost any of them can be reached through the control panel, but this is a long time, and we still have a lot to do.
We execute (via Start-> Run) lusrmgr.msc, and in users we change the administrator password to your favorite secret password, and we also add the user user. It is better to set him a simple password, for example, also user.
The rest (other users, rights) - at the discretion and requirements of your policy - we are considering a general option.
Appearance and Notifications
I am sure that during the implementation of the previous paragraph, the Security Center window popped up more than once that everything is bad and nothing works. Immediately turn it off so as not to bother. Click on it with the mouse, and in the window that appears on the left, click "Change the way notifications are displayed" (or something like that). We remove all the jackdaws and close these windows.
Next, we remove the prettiness and special effects: click Win + Pause, the Advanced tab, the topmost button is Performance. In the window that appears, on the tab Visual Effects, select the item Ensure the best performance.
Now we will return the task manager to the home with three large buttons - go to the control panel -> Account Management, and select Change the welcome window. We remove all the jackdaws and close the windows.
Change the display mode of the folders. Open the explorer and set the display mode to Table. For convenience, you can stretch the first column a little. Next, select Tools-> Folder Options-> View. We remove the daws from: Use a simple way to display files, remember the display settings for each folder, hide protected system files (confirm), hide extensions for registered file types. We put daws: display the contents of system folders, show hidden files and folders, do not cache thumbnails. Apply the changes (Apply button) and click Apply to all folders.
Add the necessary languages and choose a convenient method for switching them
Security
The first thing is autoran. We execute gpedit.msc. We find: User Configuration-> Administrative Templates (usually the last item in the tree) -> System. In it we find the item Disable startup. Set Enable and apply to all drives. OK.
We turn off some unnecessary services: Run-> services.msc. For the following services, I set the startup mode to “disabled”:
Deny write to users on drive C: Go to the properties of drive C, on the security tab, make sure that the user does not have write permissions. ATTENTION. When changing this parameter, make sure that the additional options do not have the checkbox Replace the rights of child folders, otherwise the settings of the Documents and Settings folder will be met, and the easiest way out is to rearrange everything again.
Applications
Install the main applications: Antivirus, archiver, browser.
Install additional applications to your taste.
We remove the necessary shortcuts to the user's desktop (or for all users - C: \ Documents and Settings \ All users \ Desktop)
User and his documents
Now it's time to set up the user. We log in under his account and first of all we change the path to the My Documents folder: right-click on the My Documents folder-> Properties-> Folder Path: D: \ My documents-> Ok-> Yes-> Yes
We return to the administrative account again, and change the security for the folder C: \ Documents and Settings \ user \ Desktop. We prohibit the user from writing to this folder. You can, of course, climb the registry and change the path to the user's desktop folder, but as for me, this is an easier way. Yes, and an aesthetically clean desktop looks much more beautiful than a mess of a bunch of icons and documents.
We prohibit users from changing the path to the My Documents folder: gpedit.msc-> User Configuration-> Desktop-> Prevent users from changing the path of the My Documents folder.
Cosmetic cleaning and inspection
To simplify the work of poor users, enable the autologin: Run-> control userpasswords2. We remove the daw Require username and password. Specify the username and (twice) user password.
We remove the letter from the backup disk: Run-> diskmgmt.msc. Find our backup drive (E :) and right-click, select Change drive letter. Delete all letters.
Reboot.
We get into the user account, check that all applications work. In case something does not work, we are looking for ways to solve the problem. Most likely, the application requires write permissions to its folder - for this, from the admin account, change the rights to the application folder and allow the user to write to it (it is better to replace the rights of child objects).
I’ll check the user’s ability to write to the desktop, to the folder my documents and so on.
If everything works, go ahead.
Second backup
After a long setup and painstaking licking of our system, it is worth making another backup. In essence, the process of its creation is no different from the first, with the exception of the name and description.
Further service.
The benefits of backups cannot be overestimated. In the future, if we had any problems with the computer that could not be resolved by a banal reboot, or within 20 minutes, it would be enough to boot from the siren, restore the last image, pick up the disk, go have a coffee, and come, just to to reboot the system.
System update.
If you install some new software, or change the settings, do not be too lazy to update the backup, because otherwise all the charm of backups is lost and the method described in the previous paragraph becomes not so elegant, because after each restoration you will have to reinstall the missing software or change the settings.
Cloning
In the event that there are many identical machines, you can connect an external screw and make a complete image of the original hard disk, so that later you can deploy it to all other computers. But this is a separate article.