Windows XP for power users

Windows Vista has been released over 18 months ago, and my initial reaction was that this operating system is the most bloated, sluggish crap ever released by Microsoft. Everyone was hoping that Service Pack 1 would relieve some of the pain, but unfortunately Microsoft failed to put any significant performance improvements in. I have come to the conclusion that Vista stays crap and should not be used by any self respecting computer user. It might be an option for the average clueless users that have no notion of security, but anyone beyond that experience level, especially power users like system administrators, should not use any flavour of Vista, but Windows XP Professional.

XP has its limitations too, but with the right kind of measures it can be a very good and safe computer experience. Some of these measures and guidelines:

Always do a clean install

Whatever computer you want to start using, always reinstall it before putting it into service. It might sound strange but this holds especially true for new machines that come with XP preinstalled. Vendors like Dell and HP are known for putting huge amounts of crap on their machines. Software vendors want to sell their stuff to customers, and make deals with PC manufacturars to put trial versions on new PC’s. This means that a new PC is in fact partly sponsored by the software companies. It is easy to see that this strategy is not in the best interest of the actual user of the PC.
It is not uncommon for new PC’s to come with 3 different (incompatible) virus scanners installed, 2 different CD/DVD burning programs, a couple of firewall programs, and loads of other crap.
The way to get rid of this is not to uninstall everything, but wipe everything and reinstall. It is recommended to slipstream the latest Service Pack into your installation CDROM (SP3 at the moment), to avoid trouble installing it afterwards. A possible loophole is the drivers — these usually reside somewhere on disk — so please take care to save these onto a USB stick first.

Don’t install driver packs, but manually point to INF files

Another trap users tend to fall in, is to click the binary installers of the various drivers. While this is not a huge problem, things potentially can get screwed up during this step:

• Wireless drivers that disable the Windows Wireless Zero Configuration (WZC) service. This is known to happen with Intel cards, and some of the Sitecom cards. Having a custom wireless configuration tool bloats your system and makes debugging very hard.
• Drivers that install all kinds of management applications. Examples of this are vendor specific control panels for video, audio, etc. The standard Windows control panels are perfectly capable of controlling everything. Only install if you absolutely need their functionality

A convenient way to circumvent this is to extract the actual drivers by opening the installer binary with 7-Zip, and then point Windows at those drivers files.

Dont’ run as Adminstrator

The University of Michigan has a good paper on how to do this. The introduction speaks for itself:

You’ve heard it a thousand times: “Don’t run as admin”. Yet you continue to tempt fate. You log in with admin credentials and surf the wild wild web through whatever minefield it takes you. You open email and attachments with abandon, confident in the fact that you’ve never been hacked before. Yet every once in a while, your heart starts to beat a little faster. Perhaps it happens when you land on some web site you didn’t expect, or when you double click on that unsolicited email or launch some video clip that your friend sent you. Your heart accelerates because you know, deep down, it’s just a matter of time before you do get hacked. And then, because you’re logged in with administrative credentials, you know the price could be big. If you’re lucky, only your ego will be bruised. Worse, the integrity of your system will be compromised and personal as well as private University information will belong to someone else. In fact, it’s entirely feasible that your system has already been compromised and you’re not even aware of it. How do you know that it hasn’t?

If you’re pushing your luck by logging in with administrative credentials, then read this paper. We’ll illuminate the “tips and tricks” necessary to start running as user. You’ll feel better running in a less privileged context, and you’ll be making a critical contribution to the security posture of your unit and the University.

I have been non-admin for half a year now and I have no problems whatsover using my computers. However, right after installation of system you typically spent some time configuring it:

• installing applications
• installing printers
• installing backup scripts
• customising system options
• configuring network settings and VPN connections
• configuring power options

A practical recommendation is to leave yourself Admin until you have installed and configurated your system to the extent that you do not need admin rights during dayly use. This is usually a few weeks after installation. At that point, make yourself a regular user, and switch to Admin only if needed. There is a small list of issues that require manual intenvention, but it can be done, and it is recommended to spent some time figuring out how to fix them, instead of becoming admin again. The Michigan University PDF already contains some practical tips for some of these issues, but I ran into some additional problems that weren’t covered there.

Usually you can right-click and select Run as… to run stuff as admin. You can also use the poormans sudo for Windows: runas. However, you have to type an awkward string each time:

runas /user:administrator regedit

To make things more convenient and appeal more to the power user, place a textfile with this content in your WINDOWS directory and name it sudo.bat 😉 :


RUNAS /USER:Administrator "%*"
EXIT


Now you press Windows-R -> “sudo regedt32” and off you go!
When you are admin, you can directly run MMC files, but when using sudo or runas you need to supply the application as well. For instance to run the Group Policy Editor, you would run sudo mmc gpedit.msc

Here is an overview of common admin tasks and how to conveniently run them. Note that sometimes there is not option to right-click and select “Run as…”, so you have run commands from a shell (you are not afraid of that anyway aren’t you?).

Formatting removable media	Can be fixed with GPO
Configure printers	Shift-Click on printer -> Run as… -> Configure
Configure networking	Add yourself to Network Configurators group
Group Policy Editor	sudo mmc gpedit.msc
Add/Remove Programs	sudo control appwiz.cpl
Teletubby user control panel	sudo control userpasswords
Normal user control panel	sudo control userpasswords2
complete Control Panel	sudo control

More examples of how to run specific Control Panel item are listed on http://support.microsoft.com/kb/192806/.

Probably the last option is the best compromise between usability and amount of typing.

Try to stick with default options

Just because it is possible to customize about every aspect of the operating system and the user interface doesn’t mean that you should do so. Some of these customisations lead to poor performance. A good example in this respect is installing 12 Mb desktop wallpaper images. The default theme however (teletubby style) is eligable for replacement. For best results, choose the “Windows Classic” style, and after that choose “Adjust for best performance” in the Visual Effects Tab of the Performance Options.