On 23 Nov 2003 at 7:49, Brad Beyenhof wrote: > One warning, though... a couple of tiny unwanted programs are > installed along with iTunes. It re-installs the QuickTime Task > (qttask.exe) if you've disabled it, and installs another Startup > program called iTunesHelper that purportedly is needed for it to burn > CDs. These files are easily turned off with msconfig, however. There > is also an "iPod service" installed in Control Panel > Administrative > Tools > Services, but it is easily disabled: just double-click it and > change the drop-down to "Disabled".
There are a number of programs that insist on running background processes even when you disable them (Real Player is one). If you are using an NT-based version of Windows (NT 4, Win2K or WinXP) you can permanently end this by utilizing NT security settings to prohibit this. You need to do two things: 1. deny write access to the STARTUP folder. 2. deny write access to the RUN registry key. Step 1 needs to be performed in two or three separate locations, and on WinXP can be very problematic because of its default "simple" file sharing (which is not simple at all). To follow these instructions on WinXP, you need to do this first: [WinXP only:] a. open Control Panel. b. open the Folder Options tool c. on the VIEW tab, uncheck "USE SIMPLE FILE SHARING (recommended)" (or something to that effect -- I'm relating this from memory) To do these steps (or anything that follows) you need to be logged on as an administrative user. If you don't know what that means, you are probably (unfortunately) running as an admin user already (which is dangerous, especially since you're most likely running as de facto ROOT, but won't go into that right now). If you do know what it means, you probably don't need instructions ;). [Both WinXP and Win2K:] a. open Windows Explorer b. navigate to the location where user profiles are stored. In Win2K and WinXP this should be %SystemDrive%\Documents and Settings and in NT 4, %SystemDrive%\WinNT\Profiles (where %SystemDrive% is the volume that Windows runs from, usually C:). c. go first to All Users (anything set up in this profile is inherited by every user on the PC). d. under \Start Menu\Programs look for the Startup folder. e. right click it an choose PROPERTIES from the context menu. f. navigate to the SECURITY tab. g. click on the ADVANCED button at the bottom [skip this step in NT 4). h. uncheck ALLOW INHERITABLE PERMISSIONS... and say REMOVE to the dialog that asks you if you want to copy the inherited permissions. At this point, no one has any access to control this folder. i. click the ADD button and choose AUTHENTICATED USERS. j. in the dialog that follows in the ALLOW column, check off only these: [STEP 2 ONLY:] Startup Folder Run Key in Registry TRAVERSE FOLDER / EXECUTE FILE QUERY VALUE LIST FOLDER / READ DATA ENUMERATE SUBKEYS READ ATTRIBUTES NOTIFY READ EXTENDED ATTRIBUTES READ CONTROL READ PERMISSIONS k. in the DENY column, check off the remaining items (though all that really matters for STARTUP is that you check CREATE FILES, CREATE FOLDERS and TAKE OWNERSHIP; leaving off the others does leave you open to some exploitation, but very little, and I know no programs that are smart enough to utilize those). l. at the bottom of the dialog, check off APPLY THESE PERMISSIONS TO OBJECTS...WITHIN THIS CONTAINER ONLY and click OK. m. back in the parent dialog box, check off RESET PERMISSIONS ON ALL CHILD OBJECTS... and click OK to close the dialog, and say YES to both confirmation dialogs (the second is a warning about how DENY works). n. you will find yourself back at the security tab of the PROPERTIES sheet. Under some circumstances, you may need to re-uncheck ALLOW INHERITABLE PERMISSIONS... (from step H), especially if at any point in the operations after step h you cancelled and restarted. Repeat this steps c-n for your own user profile and if you'd like this change to be inherited by all new user profiles created on the PC, repeat the process for DEFAULT USER (and for any other user profiles you want to apply it to). Once this is done, no process running on your computer can change the contents of the STARTUP folder. If you personally decide to allow something into the STARTUP folder, you must explicitly go to the STARTUP folder's security permissions and give yourself WRITE permission to add the item, then turn it back off after adding it. For NT 4, the user interface is slightly different (you can skip clicking the ADVANCED button, step G, as security takes directly to that dialog), but the instructions are basically the same. STEP 2: deny write access to the RUN registry key. a. from the START menu, choose RUN. b. type REGEDT32 and click OK (or hit ENTER). c. on the WINDOW menu, select HKEY_LOCAL_MACHINE. d. doubleclick the SOFTWARE node. e. find MICROSOFT and doubleclick that node. f. scroll all the way down and find the WINDOWS node and doubleclick it. g. doubleclick the CURRENTVERSION node. h. find the RUN key and highlight it. i. from the SECURITY menu at the top, select PERMISSIONS (your only choice, actually). j. here you will repeat exactly the same steps as above for the STARTUP folder, for the AUTHENTICATED USERS group (chosen in step I) starting at step G. For step J, the permissions you want to check are: QUERY VALUE ENUMERATE SUBKEYS NOTIFY READ CONTROL and you want to DENY everything else. i. go back to step J and repeat the process for the SYSTEM user (chosen in Step I). That's it. At this point, there is no way for any program or process or user to drop anything in the STARTUP folder or write to the RUN registry key unless an administrative user first allows them to do so. -- David W. Fenton http://www.bway.net/~dfenton David Fenton Associates http://www.bway.net/~dfassoc _______________________________________________ Finale mailing list [EMAIL PROTECTED] http://lists.shsu.edu/mailman/listinfo/finale
