Archive for the ‘Vista’ Category

All systems initialize in more or less the same way. During the POST mentioned earlier, the BIOS checks the hardware devices and counts the system memory. Out of all the different types of system memory, the random access memory, better known as RAM, takes the longest to be checked. Checking the RAM takes time, and on a machine that has large amounts of RAM, this calculation can take several seconds. For example, a machine that has 512MB of RAM may take up to 3 seconds just to check the memory. On top of the RAM counting, a few other tests need to be done because your computer wants to make sure that all the hardware in your computer is working properly.

The complete version of these tests is not needed every time that you boot and can be turned off to save time. Most system BIOSs offer a feature called Quick Boot. This feature enables the user to turn off the full version of the test and sometimes enables you to run a shorter quick check test instead. Other BIOSs allow you to turn off the Memory Check only, which will still cut down on a lot of time.

To turn on the Quick Boot feature or to turn off the Memory Check, just do the following:

  1. Enter the system BIOS again by pressing F2 or the correct system setup Enter key on the POST screen for your system.
  2. After you are in the BIOS setup, locate the text “Quick Boot” or “Memory Check,”. Navigate with the arrow keys until the option is highlighted.
    Use the Change Value keys to cycle through the options and select Enable for the Quick Boot feature or Disable if your system’s BIOS has the Memory Check feature.
  3. After you have made the change to the setting, exit the system BIOS by pressing the Escape key. Make sure you save the changes upon exit.

Use of the Quick Boot feature or the disabling of the Memory Check will not do any harm your system. In fact, some computer manufacturers even ship their computers with these settings already optimized for performance. The only downside to disabling the tests is in the rare situation in which your RAM self-destructs; the BIOS will not catch it, and you might receive errors from the operating system or your system could become unstable. If you notice that your system becomes unstable and crashes frequently or will not even boot, go back into the BIOS and re-enable the tests to find out whether your system’s memory is causing the problems.


Now that you have all your performance counters set up and displaying data, you need to select the interval time of how often the data will be updated. How often you want the counters to be updated depends on your purpose for monitoring your hardware. For example, if you are trying to track how much data your computer is sending through your network adapter every day or hour, it is not necessary to have that counter update every second. You will just be wasting CPU cycles because you are making the computer constantly update that performance counter. However, if you are interested in current memory or CPU utilization, you will want a much faster update time.

To change the update interval, perform the following steps:

  1. While in the Performance Monitor section of the Reliability and Performance Monitor, click the Properties button, which looks like a hand pointing to a notebook. Alternatively, you can press Ctrl+Q.
  2. After the System Monitor Properties window loads, click the General tab.
  3. Locate the Graph elements section and update the Sample Every text box. This number is in seconds.
  4. Click OK to close the window and save your changes.

Now Performance Monitor will poll the data sources at your specified interval.


When Windows Task Manager is started, a small histogram is displayed in the system tray that shows the CPU utilization. This little feature can be very useful if you would always like to keep an eye on your CPU utilization but do not want Task Manager always on top of all your windows. With a little bit of work, it is possible to start up the Windows Task Manager automatically on every start and run it minimized and hidden from the taskbar except for the system tray.

  1. Click the Start button, navigate to All Programs, and locate the Startup listing.
  2. Right-click Startup and select Open. A new window opens with the contents of your personal startup folder. Any shortcuts that you place in this folder will be automatically loaded when Windows starts.
  3. After the Startup folder is opened, right-click in the open white space, select New, and then navigate to Shortcut.
  4. When the new shortcut wizard loads, type taskmgr.exe in the text box asking for the location of the file, and then click Next.
  5. Type a name for the shortcut and click Finish.
  6. Now you are shown the startup folder again and a new icon for Task Manager. To make Task Manager start minimized, right-click the new icon and select Properties.
  7. Change the Run type where it says Normal Window to Minimized, and then click OK.
  8. Now the shortcut is all set up. However, there is one last change to make and you will need to open up Task Manager to do this. After you have opened up Windows Task Manager, click the Options menu bar item and select Hide When Minimized so that when the program starts, only the CPU histogram will be shown and the program will not appear on the taskbar.

Your system is now configured to start up the CPU meter on every boot in the system tray. Should you change your mind at a later time and no longer want the Task Manager CPU meter to show up, simply delete the shortcut from the Startup folder.

Hard-drive encryption is a technology that encrypts the data stored on a hard drive using sophisticated mathematical functions. Data on an encrypted hard drive cannot be read by anyone who does not have access to the appropriate key or password. This can help prevent access to data by unauthorized persons and provides a layer of security againsthackers and other online threats.

The concept of hard-drive encryption is simple enough. When a file is written to the drive, it is automatically encrypted by specialized software. When a file is read from the drive, the software automatically decrypts it while leaving all other data on the drive encrypted. The encryption and decryption processes are transparent to all common applications such as word processors, databases,spreadsheets or imaging programs. A computer equipped with hard-drive encryption appears, from the user’s point of view, to function as any other computer would.

Windows Vista Enterprise and Ultimate editions offer a hard-drive encryption program called BitLocker that employs two-factor authentication.

When Microsoft introduced Windows Vista, one of its most anxiously anticipated features was its encryption capability called BitLocker. Many mistakenly refer to BitLocker as whole-disk encryption, but the more accurate description is full-volume encryption.

The distinction is important. A single physical disk can be partitioned into multiple volumes. Whole-disk encryption would encrypt all of the data on the entire physical disk drive, while full-volume encryption protects each volume or partition separately. BitLocker might be encrypting the volume designated as the C: drive, but the data on other volumes may still be unencrypted.

The initial release of BitLocker encrypted only the Windows Vista boot volume. Granted, that is better than nothing, but for larger hard drives with multiple volumes it also left a significant amount of data unprotected. With the release of Windows Server 2008 and Windows Vista SP1, Microsoft expanded the scope of BitLocker so that any of the volumes could be encrypted. The upcoming Windows 7 operating system broadens the reach of BitLocker even farther by including the ability to encrypt data on removable media such as USB flash drives.

How does Bitlocker work?

BitLocker requires that a small unencrypted partition be created which contains core operating system files that Windows needs to start the boot process. Microsoft created the BitLocker Drive Preparation tool to automate the creation of the second partition and the migration of the files necessary to create the split-load configuration that BitLocker relies on to boot the operating system.

Once the drive is properly partitioned and the data is encrypted with BitLocker, there is a process the system follows to boot the system and decrypt the data so you can use it. As with any encryption process, it relies on keys.

The sectors of data on the drive are encrypted using the FVEK (full-volume encryption key). However, the FVEK is stored locally in encrypted form and the user never interacts with or uses the FVEK directly. The key that users work with is the VMK (volume master key). The VMK is used to encrypt and decrypt the FVEK which, in turn, encrypts and decrypts the actual data sectors.

BitLocker relies on TPM to authenticate system hardware

By default, BitLocker relies on a TPM (Trusted Platform Module) chip. The TPM is a chip wired to the motherboard which can create a unique hash signature related to the hardware configuration of the system and securely store the encryption key. The TPM provides a virtually incorruptible method of authenticating the system hardware.

By itself, the TPM would not prevent an unauthorized user from accessing a BitLocker encrypted volume. In TPM-only mode, an attacker can still cold boot the system, and as long as the TPM could validate the hardware signature hash, BitLocker would decrypt the data and allow the system to boot. For that reason, an additional authentication factor should be used along with the TPM. The available options for BitLocker include:

  • TPM only
  • TPM plus a PIN
  • TPM plus a USB key
  • TPM plus a PIN and a USB key
  • USB key only

The last option, USB key only, is typically only used in situations where BitLocker is implemented on a system that is not equipped with a TPM chip. The option to enable BitLocker without a TPM has to be configured by modifying the security policy settings.

The USB key only and the TPM plus a PIN and USB key options have additional cost and administrative overhead in that USB keys must be provided and maintained. They are also easy to lose or misplace which could lead to an increase in support desk calls to retrieve lost encryption keys and gain access to BitLocker encrypted systems.

How to manage BitLocker keys

One of the most important aspects for enterprises to consider before encrypting data with BitLocker is how to store and manage recovery keys. In the event that a user forgets a PIN, loses a USB key or is unable to access their BitLocker-encrypted system for any reason, the support desk must have the ability to help them recover their data and gain access to their system.

Users can be supplied with a USB key containing the BitLocker recovery key to use as a backup when the need arises. For deployments that already use a USB key for BitLocker authentication, it would be an additional or backup USB key to use in the event of the primary USB key being lost or stolen. The downfall of this system is that the backup USB key would most likely be stored with the laptop and a thief that steals the laptop will also have the keys.

An alternate solution is to configure BitLocker to store a recovery key in Active Directory. An administrator can configure Group Policy to automatically generate a recovery key and store it in Active Directory when BitLocker is enabled. It is also possible to prevent BitLocker from encrypting any data until the recovery key is successfully backed up to Active Directory.

The Send To menu is one of the features of my context menus that I use the most. The ability to right-click any file and have a shortcut of it sent to the desktop is invaluable. How would you like to make it even more useful? It is very easy to add your own items to the Send To menu, such as folders that you can send files to. Do you have a folder that you store all your music in? How about a folder that you store all your digital photos in? Just follow these quick steps to add anything you want to your Send To context menu entry.

Tip :If you do not see any of the folders that are required in this section, you might have Hidden Files turned on. Because these folders are hidden by default, you will have to tell Windows to show all files.
  1. Click the Start button and select Computer.
  2. Click on your Windows drive and browse through Users\ Username \AppData\ Roaming\Microsoft\Windows\SendTo.
  3. You will see all the files that appear in the Send To menu. If you want to add an entry to the menu, just copy a shortcut to this folder.
  4. Let’s say that you want to add your Digital Photos folder to your Send To menu. Navigate to your Digital Photos folder, right-click it, and then select Send To desktop. This will create a shortcut to the folder and save it on your desktop. Next, cut and paste the shortcut that was created from your desktop into the SendTo folder.
  5. If you ever want to remove items from the Send To menu, just delete them from the SendTo folder.

It is that simple. You are now finished customizing your Send To menu.

Hacking the Context Menu in Vista

Posted: August 22, 2009 in Tweaking, Vista
Tags:

What is the context menu? It’s the menu that pops up when you right-click anywhere on your computer. Over the years, these menus have become more and more useful. However, with the extra entries in the context menu, they can become cluttered with options and features that you just don’t need. These next few sections will shown you how you can get your menus back under control as well as how you can take advantage of the new features to make your own context menu entries.

I will start off by removing items from the context menus and then move on to adding and customizing the components of the menus.

Removing items from the context menu

Over time, your context menus can become cluttered with program entries from old programs that you may not use any more. You might experience programs that take over all of your context menus. Compression apps such as WinZip or Picozip always end up adding program entries to all the context menus. I have Picozip installed on my computer and every time I right-click any file or folder, I see five entries from Picozip giving me different compression options. This can be a convenient feature, but if you don’t compress and extract zip files very often, you might not need the added convenience. Instead, you could remove these entries from your context menu, which will give your system a cleaner interface as well as a small performance boost if you have a lot of extra entries in your context menu.

Removing these programs from your context menus can be a little tricky because they can be spread in different places in the Registry. The only way to remove these types of entries is to edit the Registry directly. Follow these steps:

  1. Click the Start button, type regedit in the Search box, and then press Enter.
  2. When the Registry Editor appears, expand the HKEY_CLASSES_ROOT folder. You will now see a list of every file type that is set up on your computer.
  3. If the entry that you want to remove from the context menu appears in all context menus, such as the preceding WinZip example, you will have to expand the * folder. Otherwise, expand the folder with the file extension you want to modify.
  4. After expanding the correct folder, expand the Shellex and ContextMenuHandlers folders. Your registry path should be HKEY_CLASSES_ROOT\*\shellex\ ContextMenuHandlers.
  5. Look through the list until you find the entry that you want to remove. Right-click the entry and select Delete. You will find that identifying some of the programs is easy. For example, WinZip is labeled WinZip. However, you may run into some items that are listed using their application/class ID or a vague name. If so, do a Registry search of the class ID (Ctrl+F), which is formatted as {XXXXXXXX-XXXXXXXX-XXXX-XXXXXXXXXXXX}, to find other references that will give you clues to what the ID belongs to. If that does not work, try doing a search on Google to see if that turns up anything.
  6. After you are finished removing all the entries from your context menus, just close Registry Editor and you are finished. Your changes will be in effect immediately.

Disable Animations in Vista

Posted: August 22, 2009 in System Modifications, Vista
Tags:

When demonstrating the Windows Vista user interface, I always get a lot of comments about the animations. Some love them, but others hate them and immediately ask how they can turn them off. This section is for all those users who find the minimize and maximize animations annoying and want to turn them off.

I personally like the animations, but I cannot help but notice how much faster my computer feels when they are turned off. There is not really much of a performance increase, but it just feels snappier because the instant I click Maximize or Minimize or even Close, the window instantly changes or is gone. I recommend giving this section a try even if you like the new animations; you might like the feel even better when they are disabled.

You can disable the animations a few different ways. In this section, I show how you can disable the animations using the Registry. Follow these steps to get started:

  1. Click the Start button, type regedit, and press Enter.
  2. When the Registry Editor loads, navigate through HKEY_LOCAL_MACHINES\SOFTWARE\ Policies\Microsoft\Windows\DWM.
  3. Right-click the DWM folder, select New, and then select DWORD (32-bit) Value.
  4. Name this new value DisallowAnimations.
  5. Right-click DisallowAnimations and select Modify. Set the value to 1 and press OK.
  6. Exit the Registry Editor and open a command prompt with administrative access.
  7. You now need to restart the DWM so that it knows to disable animations. Type net stop uxsms followed by net start uxsms to restart the DWM.

When the DWM restarts, the animations are disabled.

Making your own theme enables you to easily back up your visual changes to Windows Vista so that you can distribute your settings to other computers or on the Internet. Making your own theme is actually just like changing the theme. The most difficult part of the process is customizing all the little aspects of the visual elements that make up the user interface. The next few sections walk you through the process of fine-tuning the user interface and then show how you can save your changes and make your own theme file.

Modifying window metrics and fonts

What the heck are window metrics? Well, it is the fancy way of talking about how big everything is. There is a lot that you can adjust that will affect the size of the user interface elements, such as the title bar of a window and other window elements such as buttons. Almost everything on a window has an adjustable size. This section explains how you can alter how your visual style or classic Windows interface looks by fine-tuning the different components of the window.

Another possibility is to fine-tune the fonts used. You can change the size of the font displayed, the style, and even the actual font that is used.

To get started, use Appearance Settings to make the changes:

  1. Right-click the desktop and select Personalize.
  2. Click Window color and appearance.
  3. Select Open classic appearance properties for more color options.
  4. When Appearance Settings loads, click the Advanced button.
  5. The Advanced Appearance window opens. From here, you can change the size and the font for all the different aspects of a window. You can make changes in two different ways. The first way is to use the Item drop-down box. Just expand it and select the item that you want to modify. The other way is to click the object that you want to customize on the Preview picture. This click automatically selects the item from the Item drop-down box for you. Either way, select an item that you want to change. For the purpose of demonstration, I suggest that you click or select Active Title Bar.
  6. After you have selected an object that you want to change, use the Size, Font, and Color settings to customize your window. Keep in mind that most of the color settings here will apply only to the classic Windows interface. If you are running Aero Glass or the non-Glass visual style, the color settings will not affect you.
  7. When you have finished customizing your window metrics, press OK to save your changes.
  8. Press OK once more to activate your changes and close the Appearance Settings window.

You have now finished customizing your window metrics. Next you customize the system sounds.

Modifying system sounds

You can attach sounds to many events such as logging on, logging off, minimizing a window, and maximizing a window. Because I am taking you through all the different things that a theme file will save the settings for, I also go over how to change the settings for the sounds that Windows uses so that you can customize this aspect of your computer, too.

Changing the event sounds is simple. Just follow these steps to launch and configure the sound properties:

  1. Click the Start button, type mmsys.cpl in the box, and press Enter to launch the system Sound properties.
  2. After the Sound properties loads, click the Sounds tab.
  3. To adjust the sound clip for a specific event, click the event that you want to modify by navigating through the Program list
  4. When you have an event selected, the Sounds drop-down list becomes enabled, and you can select the sound clip that you want to use. You can select (None) from the top of the list if you do not want to use a sound for a specific program event. If you cannot find a sound that you like on the list, you can use the Browse button to pick a specific sound file on your computer to use.
  5. Here you can also enable or disable the Windows startup sound by clearing the Play Windows Startup sound box.
  6. When you have finished with your changes, just press OK to save your work.

You have now finished customizing the sound events on your computer. The next step is to customize the cursors of the mouse so that they, too, are included in your theme file.

Customizing mouse cursors

The mouse cursors are yet another item saved in the theme file. Many different pointer schemes are included with Windows Vista. Although not all of them are the nicest-looking cursors, they can really help out in some situations. In addition, Windows Vista includes special large mouse cursors so that the cursors will be easier on the eyes.

To get your cursors set perfectly for your theme file, follow these steps:

  1. Click the Start button, type main.cpl, and press Enter to open Mouse Properties.
  2. Click the Pointers tab.
  3. You have two options to customize the cursors: You can use the drop-down Scheme box to change all the pointers simultaneously to different styles, by selecting a different cursor scheme from the list. When you select the different schemes, all the cursors change automatically. Alternatively, if you do not like the cursor schemes, you can individually select a cursor from the Customize list by scrolling through the list and selecting the cursor you want to change. Then press the Browse button to change it.
  4. When you have finished customizing your cursors, just press OK, and you are finished.

Now you are ready to move on to customizing the visual style that the theme will use.

Selecting the theme’s visual style

Windows Vista builds on top of the existing Windows XP visual styles, with the addition of support for the new 3D surface-based desktop powered by the Desktop Window Manager (DWM). Visual styles are basically a skin file for the user interface that allows Microsoft to easily change the look of the entire operating system with just one file. Windows Vista includes only two visual styles: Windows Aero (Vista Glass) and Windows Vista Basic. As you might already know, Vista Glass works only on specific supported hardware; those who do not have the correct hardware can use Windows Vista Basic only. Depending on your personal preferences, you might like the new Windows Vista Basic.

Now that you know the fundamentals of the visual style, it’s time to tweak the visual style settings so that when you make your theme file in the next sections it will be included with your sound and mouse settings:

  1. Right-click the desktop and select Personalize to bring up the Personalization screen.
  2. Click Windows Colors and Appearance.
  3. On the next screen, click Open classic appearance properties for more color options. The Appearance Settings window opens.
  4. At the bottom of the window, you will see a Color schemes list.
  5. When you have finished selecting the visual style you want to use, press OK to save your changes.

Configuring Windows Aero (Vista Glass) settings

If you have a computer that supports Vista Glass, you can also customize the color and transparency of the Aero window interface. These settings are also saved in your theme file, so it is a good idea to customize these settings, too. With these settings, you can change the color tint of your windows and adjust the transparency of the glass. Some users have found that the interface works a lot better for them if they disable transparency completely because it makes it easier to see and performs better on their hardware.

Customizing the Windows Aero settings is one of the easiest things to do because these settings are set using Microsoft’s new-settings window format. Just follow these steps to customize Glass your way:

  1. Right-click the desktop and select Personalize.
  2. On the Personalization screen, click Window Color and Appearance.
  3. You have a couple of approaches you can take to change the color tint. You can select one of eight preset color tints. Alternatively, you can come up with your own by expanding Show Color Mixer and then adjusting the Hue, Saturation, and Brightness sliders
  4. You can also disable transparency completely by removing the check in the Enable transparency box.
  5. After you have your color picked, you can fine-tune your selection by adjusting the Color intensity slider.
  6. When you’re finished, press OK to save your changes.

Setting the wallpaper

Most people know how to change wallpaper on their desktop (right-click the desktop, select Personalize, and then select Change Wallpaper), so I’m going to show you a cool little trick to change your wallpaper even faster. This process also allows you to change the wallpaper on multiple computers without having to go to Personalize on each computer.

The trick? Just create a Registry file that you can import into the Registry that will overwrite your current wallpaper information. Doing so is actually easy. Just follow these steps to create your own file:

  1. Open Notepad. (Click the Start button, type notepad, and press Enter.)
  2. Type the following code:
  3. Replace c:\\window\\… with the path and filename to the bitmap that you want to use. Note that in the path, wherever there is a backslash (\), you have to put two of them in the Registry file you are creating because the Registry Editor requires all paths to be in that format. You can change the WallpaperStyle property that will allow you to control how the bitmap image displays on your computer. Setting the value equal to 0 centers the image onscreen. Setting the value to 1 displays the image as if it were tiled or repeated across the entire screen. Setting the value to 2 stretches the image to fit the entire screen.
  4. When you have the text in Notepad looking like the code in Step 2 but with your changes included, you are ready to save the file. Go to the File menu item and select Save As. Then select Save As Type. In the File Name box, enter wallpaper.reg. Keep in mind that you need to have the .reg at the end of the filename so that your computer knows to import the file into your Registry using the Registry Editor.
3.  Windows Registry Editor Version 5.00
4.   
5.  [HKEY_CURRENT_USER\Control Panel\Desktop]
6.  "Wallpaper"="C:\\windows\\MyWallpaper.bmp"
7.  "WallpaperStyle"="1"

10.  After you save the file, just go to the location where you saved it and double-click the file. A screen will come up asking whether you want to import the file into the Registry. Click Yes. Then you are presented with a confirmation screen informing you whether the update was successful.

You must log off and back on if you want to see your changes take effect.

Saving your theme to a file

You have now customized all the aspects that the theme file will keep track of. You are ready to create your own theme file that you can use as backup or give to other people so that they can replicate your changes.

Before I go any further, I want to make it clear what exactly the theme file saves. The theme file saves the configuration of all the different parts of Windows Vista that you just modified; however, it does not save the actual files that you used. For example, if you decide to change the sounds of a program event on your computer, you also have to provide that sound clip to anyone or any computer that you want to apply the theme file that you made. A theme file just saves the settings, nothing else.

Now that you understand what the theme file format is, you are ready to get started. Making your own theme file is just as easy as changing one. To do so, follow these steps:

  1. Right-click the desktop and select Personalize.
  2. Click theme.
  3. On the Theme Settings page, click Save As.
  4. Enter the name that you want to save the theme file as and the destination.

You have now created a backup of your theme so that you can easily change back to it when you customize the user interface in the future. Now it’s time for you to explore more Aero Glass tweaks.

The Group Policy Editor is a great component of Windows Vista that enables you to make dozens of advanced settings changes that are hidden from normal users. This works by defining various rules, called the policy, that tell Windows how to behave.

The collection of policies is what is known as Group Policy, of which there are two types: local and domain based. Local is when the policy resides in and is controlled on the local computer. Domain-based policy is when the policy resides on an Active Directory domain controller that multiple computers are connected to. Domain policy is primarily used only in businesses that need a way to control multiple computers from a central location. In this book, you use local Group Policy to configure the Start panel because most of you are customizing your home computer and do not have it connected to a domain controller. The actual policies and way you set them are the same for both types of group policies, so you can apply these same techniques to a domain policy if desired.

The policies are set and modified using the, you guessed it, Group Policy Editor. This is the tool that you will be using to set the policies to help you customize the Start panel. First, I show you how to use the policy editor, and then I go over all the policies relevant to customizing the Start panel and explain how to use them.

Setting policies with the Group Policy Editor

Using the Group Policy Editor is a lot like using the Registry Editor. It is based on a hierarchical structure of sections that all policies are organized within. All policies are divided into two sections: Computer Policies and User Policies. Computer Policies are settings that apply to components of Windows Vista such as hardware and global feature settings. User Policies are settings that can vary between users on a computer. This is where most of the policies that you will use to customize the look of your interface are located.

Now that you know the basics of the Group Policy Editor, also known as gpedit, let’s dive in and start using the policy editor:

  1. Click the Start button, enter gpedit.msc in the search box, and press Enter.
  2. After the Group Policy Editor has loaded, you will see the hierarchical structure and Computer & User policies sections mentioned previously
  3. Navigate through User Configuration\Administrative Template and then select Start Menu and Taskbar.
  4. You will now see a list of all policies that you can configure. Right-click a policy that you want to configure and select Properties.
  5. On the Policy Properties screen, select the option to turn on the policy or set the policy value, and then press OK
  6. Exit the policy editor and log off and back on. Some policy changes may require a reboot.

Now that you know how to use the Group Policy Editor, the next section shows you all the policies and briefly describes what they do.

list of all the group policies that will help you customize the Start panel (and menu) and the taskbar.

Group Policy Settings to Configure the Start Menu and Taskbar
Open table as spreadsheet

Policy Description
Clear history of recently opened documents on exit Purges document history at logoff.
Clear the recent programs list for new users Purges program history at logoff.
Add Logoff to the Start Menu Controls the logoff option in the classic Start menu and Start panel.
Gray unavailable Windows Installer programs Start Menu shortcuts Provides users with a visual notification of applications that are not available.
Turn off personalized menus Disables the feature that hides uncommonly run programs from the classic Start menu.
Lock the Taskbar Controls the locking state of the taskbar. A locked taskbar does not allow any changes to be made to it.
Add “Run in Separate Memory Space” check box to Run dialog box Adds an additional setting for running programs with the Run box. I recommend enabling this setting.
Turn off notification area cleanup Disables the ability to hide icons.
Remove Balloon Tips on Start Menu items Disables pop-up information when hovering over items in the Start menu.
Remove drag-and-drop context menus on the Start Menu Disables the ability to use the drag-and-drop functionality in the Start menu.
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands Disables the user’s ability to change the state of the machine. Useful for public computers.
Remove common program groups from Start Menu Allows only user-specific applications to appear in the Start menu.
Remove Favorites menu from Start Menu Hides the favorites shortcut.
Remove Search link from Start Menu Hides the Search shortcut.
Remove frequent programs list from the Start Menu Hides the Frequently Run Programs list.
Remove Games link from Start Menu Hides the games shortcut.
Remove Help menu from Start Menu Hides the help shortcut.
Turn off user tracking Disables all tracking of user programs and documents.
Remove All Programs list from the Start menu Removes the ability to search through the main part of the Start menu, All Programs.
Remove Network Connections from Start Menu Hides the Network Connection shortcut.
Remove pinned programs list from the Start Menu Disables the ability to pin applications.
Do not keep history of recently opened documents Disables the tracking of opening documents.
Remove Recent Items menu from Start Menu Hides the Recent Items shortcut.
Do not use the search-based method when resolving shell shortcuts Disables the ability to search the computer when a shortcut is broken.
Do not use the tracking-based method when resolving shell shortcuts Disables the ability to use NTFS tracking to try to fix a broken shortcut.
Remove Run menu from Start Menu Hides the Run shortcut.
Remove Default Programs link from the Start menu Hides the Default Programs shortcut.
Remove Documents icon from Start Menu Hides the Documents shortcut.
Remove Music icon from Start Menu Hides the Music shortcut.
Remove Network icon from Start Menu Hides the Network shortcut.
Remove Pictures icon from Start Menu Hides the Pictures shortcut.
Do not search communications Disables the ability to search e-mails from the Start menu search box.
Remove Search Computer link Hides the Search shortcut.
Do not search files Disables the ability to search for files that are in indexed locations from within the Start menu.
Do not search Internet Disables the ability to search the Internet from the Start menu.
Do not search programs Disables the ability to search the Start menu from the Start menu search box. This will not make the search box go away. It just becomes inactive.
Remove programs on Settings menu Prevents various settings components from running, such as the Control Panel and Network Connections.
Prevent changes to Taskbar and Start Menu Settings Locks taskbar and Start menu settings.
Remove user’s folders from the Start Menu Hides user folders.
Force classic Start Menu Disables the new Start panel and uses the Windows 2000-style Start menu instead.
Remove Clock from the system notification area Hides the clock.
Prevent grouping of taskbar items Disables application grouping on the taskbar.
Do not display any custom toolbars in the taskbar Disables third-party taskbars or user-made toolbars.
Remove access to the context menus for the taskbar Disables the capacity to right-click the toolbars in taskbar.
Hide the notification area Disables the entire notification area (system tray).
Remove user folder link from Start Menu Hides the User Folder shortcuts.
Remove user name from Start Menu Hides the username from appearing on the Start panel.
Remove links and access to Windows Update Hides the shortcuts to Windows Update.
Show QuickLaunch on Taskbar Enables the Quick Launch toolbar.
Remove the “Undock PC” button from the Start Menu Hides the shortcut for undocking a laptop.
Add the Run command to the Start Menu Provides the Run command on both the Start panel and the classic Start menu.
Remove Logoff on the Start Menu Hides the Logoff shortcut.
Use folders instead of library Enables folder view rather than library view.
Remove the battery meter Hides the power icon in the system tray.
Remove the networking icon Hides the network icon in the system tray.
Remove the volume control icon Hides the volume icon in the system tray.
Lock all taskbar settings Locks the taskbar.
Prevent users from adding or removing toolbars Disables the ability to add toolbars.
Prevent users from rearranging toolbars Locks in the position of your toolbars (similar to locking the taskbar).
Turn off all balloon notifications Disables pop-up help.
Prevent users from moving taskbar to another screen dock location Locks the position of your taskbar.
Prevent users from resizing the taskbar Locks the size of your taskbar.
Turn off taskbar thumbnails Disables the application thumbnails that are shown when you move your cursor over taskbar items when running Aero Glass.

As you can see, there are dozens of useful group policies that will help you customize your desktop more than any other method. Additionally, these policies can be used in a Domain Policy that governs all Windows Vista computers connected to a domain.