Back
to the Unleashing Windows Index One of the big disadvantages of Windows 3.1 over Windows NT or a similar operating system is the lack of security for the icons, colors, etc. in Program Manager. If you have children or work in an office where people share the same Windows PC, you may have already found this out. However, there are ways to protect the Windows layout. Although it is hard to make it as bulletproof as NT, here are some ideas to help secure the way Windows looks.
One of the biggest complaints of users is "disappearing" icons, when someone has deleted or moved icons from a group. If you spend some time looking in the \windows directory, you'll notice that all the groups have there own filename with the extension .grp. These files store all the information about the group. Fortunately, you can keep these groups from being modified by making the appropriate file write-protected using DOS file attributes.
There are two ways to do this: either though File Manager or the DOS prompt. I'll tell you how to do this from File Manager first.
1. Open File Manager.
2. Select the Windows directory, so the files appear in the right-hand window.
3. Since we're looking for files with a particular extension, it may be easier to sort the file list by extension. To sort the list, choose View from the menu, and then choose Sort by Type. To change it back, choose Sort by Name.
4. Find the name of the group that you want to protect. (For example: games.grp) Highlight it by clicking on the file once with the left mouse button. Or you can multiple-select the files by holding down on the <Ctrl> key and left clicking.
5. Choose File from the menu, and then select Properties, or hold down on <Alt>+<Enter>. This shows a dialog box with a list of 4 attributes: Read-only, Archive, Hidden, and System.
6. Click on the Read-only box so there is an "X" inside the box. To remove the "X," click on the box again. When the box is selected, then the file will be a read-only file.
7. Choose OK.
To make a file read-only in DOS:
1. Type: cd \windows.
2. Type: dir *.grp to show all the groups.
3. To change the attribute of a file type attrib <filename> +r, where <filename> is the complete name of the file. For example: attrib games.grp +r.
4. To remove the read-only status, use -r instead of +r.
After you do this, try going back to Program Manager and try deleting an icon out of a group that you set the filename to read-only. You'll find that you can't add or delete the icon. You also can't move icons around in the group, although you should be able to copy an icon to another group that isn't read-only. One thing to note: some installation programs will crash if you are upgrading a program that has an icon in a read-only group. If this happens, just remove the read-only attribute from the group filename.
The same can be done with .ini files, although some .ini files, such as win.ini and system.ini should NEVER be set to read only. In fact, most .ini files shouldn't be modified since information is usually changed. However, there is one: control.ini which can be set to read only to "protect" your screensaver (& password too) and color scheme.
Screen savers offer some security in the form of passwords. Although a useful feature, they can be improved with a little effort as well. Wouldn't it be great if you could "hotkey" a screen saver or have a password come up on startup? There is a way to do these things. First let's take a look at getting a "hotkey" for a screen saver. All screen savers are executable files, but Windows doesn't know how to run them outside of the Control Panel. In order to get Windows to recognize them, we have to modify the win.ini. Lets look at how to set this up.
1. Choose File from the Program Manager menu, then choose Run.
2. In the text box, type c:\windows\system\sysedit.
3. Choose the win.ini window.
4. Move to the line that says: Programs = com exe bat pif.
5. At the end of the line, add scr.
6. Save the file and exit sysedit.
7. Exit Windows and restart Windows.
8. Now we can run the screen saver as a program but if we double-click on it in File Manager, it just runs the setup for the screen saver. In order to run the program, we have to add the /s parameter.
9. In order to add the "hotkey," we have to add an icon to a group. Find a group to add the icon to, and choose File, New, and Add program item. In the Command Line box, type the name of the screen name followed by /s. For example: c:\windows\scrnsave.scr /s.
10. Then choose a key to "hotkey" the item on. For example: <Ctrl>+<Alt>+S.
Now when you hit that key combination, the screen saver is run instantly. To add password protection, choose the password option in the screen saver's Control Panel setup. Now that we have an icon, we can copy it into the Startup group to make it come up on startup. This is a good way to add a password when you first start windows. To do this, do the following:
1. Open the Startup group.
2. Either copy the icon of the screen saver you just added or create a new icon for either the same or a different screen saver. (Don't forget the /s at the end!)
Now, when Windows is started normally, the screen saver is run. If it is password protected, it will require a password before the user can do anything in Windows. However, this should be used only for light security, since Windows can bypass the Startup group, if started with the right parameters.
I hope that these tips have helped you in case you need to make your Windows desktop more secure. The security isn't "bullet-proof," but it does provide a basic level of protection. For more information on securing Windows, I would recommend reading More Windows 3.1 Secrets by Brian Livingston. Chapter 20 is dedicated to Windows security, and it offers some different tips on what can be done to make it more secure.
Back
to the Unleashing Windows Index