Background

After every restart, the icons in my Quick Launch toolbar in Windows Vista were rearranged into alphabetical order. The toolbar itself was resized, taking up most of the Taskbar. It didn’t matter how many times I carefully moved the icons around, nor did it matter if I logged off and back on, restarted, or shut down and powered back up—I couldn’t get the icons to stay the way I want them. I don’t remember when it started, so I can’t pinpoint what changed on my system that might have caused it.

After much searching, I found various solutions to a similar problem in Windows XP. Several solutions suggested installing third-party utilities that reset your Desktop back to the way you like after each restart. I’m generally not a big fan of adding on utilities to fix problems with the operating system; I prefer to fix the OS. I finally found one solution that worked for me with Vista that fixed a problem deep inside the Windows Registry.

Read on for the details on how I fixed this annoying quirk.

In this article

Warning: If you are not familiar with the Windows Registry, it’s where the majority of your computer’s configuration and settings are stored. Always backup your system before tweaking your Registry to help avoid data loss. The solution below worked for me, but your situation could be different. You assume all risk and agree to hold my company and me harmless from any damages, direct or indirect, including lost data, time, and profits.

You may find it useful to print this article and work from the printout since you will need to logoff or restart your computer to complete this process. At the very least, you should bookmark this page (or “add it to your Favorites” depending on which browser you use) so you can find it again if you need it later.

Manually updating the Registry

Here is the way to update your Registry manually (which I prefer since I can verify that everything matches what is expected):

1. Go to the Start menu, select “Run…”, and type “regedit” where it asks for the program you wish to open. Note: You must have administrative rights to run RegEdit.
2. After RegEdit has opened, navigate to: HKEY_CURRENT_USER → Software → Microsoft → Windows → CurrentVersion → Policies → Explorer
3. Look for an entry named “NoSaveSettings” of type “REG_DWORD” with a value of “0×00000000 (0)” or “0×00000001 (1)”.
   1. If the value is “0×00000000 (0)”, then the setting is correct, and you are facing a different challenge. Close RegEdit and look for a different solution. Sorry.
   2. If the value is “0×00000001 (1)”, then double-click the icon for “NoSaveSettings” and change the value data from “1″ to “0″ (whether it’s hex or decimal doesn’t matter) and click OK. Close RegEdit. Skip to step #5.
   3. If the value is any other number, you can try changing the value to “0″, but I’m not sure what will happen. The value should only be a 0 or a 1. You should either write down the value for future reference (if things go wrong), or right-click the “Explorer” key, and “Export” the key to a file that you can use to put things back the way they were before you made changes.
4. It’s very likely that you do not have an entry named “NoSaveSettings” (I didn’t.) In that case, you will need to add one.
   1. After clicking on “Explorer” in the left pane of RegEdit, go to the “Edit” menu (or right-click in an open space in the right pane) and select “New” and then “DWORD (32-bit) Value”.
   2. A new entry named “New Value #1″ should appear in the right pane. Rename it to “NoSaveSettings” (note that there are no spaces in that name!).
   3. Double-click the icon for “NoSaveSettings” and change the value data from “1″ to “0″ (whether it’s hex or decimal doesn’t matter) and click OK.
   4. Close RegEdit. You’re almost done.
5. Go ahead and reorganize and resize your Quick Launch toolbar the way you want it. This will hopefully be the last time you have to do this.
6. Now either restart (that’s what I did) or logoff and logon. Your Quick Launch toolbar should be the way you left it.
7. If it’s not right, repeat step #5 and #6. If it still isn’t right, you are facing a different challenge. Look for a different solution. Sorry. If you find another solution that does work, feel free to leave the information or a link to the information in a comment below to help other people find it. Thanks!

Semi-automatically updating the Registry

If you do not like using RegEdit, you can create a registry patch file that accomplishes the same thing. This is, in fact, and export from my own Registry. All you need to do is open Notepad, copy the following text from this web page, paste it into a new Notepad document, and save the file on your Desktop as "NoSaveSettings.reg". The quote marks ARE important (otherwise Notepad tries to save the file as a text document), but the file name and location are not (these are just convenient examples). Double-click the file. It should warn you of the dangers of adding information to your Registry from unsavory sources. Click Yes (if you think this will work for you). Then proceed from Step #5 above.

—- Start copying below this line —-
[code lang="ini"]
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[/code]
—- End copying above this line —-

Other resources

For a few other ideas, you can read the article at Annoyances.org that led me to this solution.

The new Microsoft motto seems to be “make everything useful at least one extra step more difficult”. This certainly has been true for all but the most commonly used features with Office 2007’s Ribbon interface. It’s also true with many of the control panels in Windows Vista.

One control panel I use regularly is “Network Connections”.

Using Vista’s GUI interface in non-Classic mode, you have to go to Start > Control Panel > View network status and tasks > Manage network connections.

In Classic View, go to Start > Control Panel > Network and Sharing Center > Manage network connections.

You can also use the Search box (or the Run option if you have unhidden it) and enter ncpa.cpl.

I’m not sure which is the less appealing route—all that clicking or trying to remember a cryptic filename.

What I did to make life a little bit easier was use the search method, and when the control panel appeared at the top of the search results pane, I right-clicked it, chose “Send To”, then “Desktop (create a shortcut)”. A shortcut appeared on my Desktop, which I cut so I could paste it somewhere easier to find (like at the top of my Start menu). Depending on where you save it, Vista might require administrative rights to paste the shortcut.

Special thanks to Andre De Costa’s Teching It Easy blog for this useful information.

I do not know why the developers at Microsoft felt the need to move already somewhat obscure and hidden features to even more obscure locations in Windows Vista. Maybe they figure that it’s helpful to techs to slow them down to stretch out their billable hours or build-in even more job security for system admins by making things more and more difficult for average users.

Under the Windows 9x family, to add programs or folders to the “Send To” context menu, you just plunked a shortcut into “C:\WINDOWS\Send To“.

This was far too easy, and the average user had no problem customizing Windows the way they wanted. When Windows 2000 (followed by XP and 2003) came along and moved user preferences to the “C:\Documents and Settings” folder, I thought that was a good idea. After all, the Windows folder gets very full, and the average user could cause him or herself problems by deleting the wrong thing. Thus, the Send To folder was moved to “C:\Documents and Settings\Username\Send To“. This was still pretty easy and intuitive for anyone who actually wanted to use this handy feature.

Along comes Windows Vista. The familiar “Documents and Settings” folder structure has been replaced by a shortcut (with more shortcuts from there). Security has been tightened to the point that a user with standard user permissions probably can’t even make changes to his or her own settings without a lots of frustration (I haven’t tried, because standard user permissions are SO limited as to make Vista barely usable for anyone who has even moderate experience with Windows.).

So how does one edit the Send To menu? It should be obvious (but only if you work for Microsoft). You go to the new Search box in the Start menu, type in “shell:sendto” (without quotes) and press your ENTER key. In a moment, the Send To folder will appear, and you can edit pretty much as normal (though depending on what you try to put in there, Windows may throw up some annoying permission questions).

That is just so golly-darned intuitive, I smacked my forehead wondering how I could have been so stupid as to not come with “shell:sendto” on my own. Yeah right.

Maybe it is me, or maybe other people don’t use the Send To feature very much, because there were hardly any search engine hits for this beloved feature (of course, I did use Windows Live search, and it rarely compares to Google for finding useful information), and absolutely no results on Microsoft’s Website or knowledge base.

Thank goodness for Andre’s blog (which includes pictures) for cluing me in on this great feature.

Summary

Threat Level: Critical Zero-Day Vulnerability

This threat is currently active and spreading in the wild. Most Windows-based computers, even if fully up-to-date with all the official Microsoft patches, are vulnerable right now unless certain actions are taken to protect yourself (see below).

What it does: Various websites, including advertising sites that generate advertisements appearing on trusted websites, become infected. These sites use a specific type of attack to slip through your computer’s security, leaving a big hole for your computer to be further attacked. Since some versions of Outlook and Outlook Express use Internet Explorer to display some types of e-mail, you can become infected just by displaying infected e-mails you receive.

What stops it: You can configure certain settings on your computer that will make it so the malicious software cannot run on your computer. Most of Microsoft’s workarounds may cause a few legitimate websites to incorrectly display within Internet Explorer. An unofficial workaround does not cause that problem, but it only works for people using Windows XP with Service Pack 2. An official patch is scheduled to eliminate the problem in a few weeks; an unofficial patch is available now. A good, up-to-date antivirus software package should also detect the malicious software; however, it is a good idea to check that no viruses have disabled your antivirus software before relying upon it to protect you.

Affected Software (as reported by Microsoft):

• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 1 and Service Pack 2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Edition
• Microsoft Windows Server 2003 x64 Edition

Additional affected software (as reported by Sunbelt):

• Outlook 2007 – 12.0.417.1006: Can view VML but apparently not vulnerable.
• Outlook 2003 11.8010.8036 SP2: vulnerable
• Outlook 2003 11.6568.6568 SP2: unknown (not tested)
• Outlook 2003 11.5608.5606: not vulnerable
• Outlook 2003 11.5608.8028: not vulnerable
• Outlook 2002: not vulnerable
• Outlook 2000: not vulnerable

Official patch/security update: None at this time. According to Microsoft:

A security update to address this vulnerability is now being finalized through testing to ensure quality and application compatibility Microsoft’s goal is to release the update on Tuesday, October 10, 2006, or sooner depending on customer needs.

How to Protect Yourself

Until Microsoft releases an official patch (scheduled for Tuesday, October 10, 2006), you really can’t “fix” this flaw in your computer. You can apply an unofficial patch (which should work until Microsoft releases theirs, but Microsoft won’t help you if the patch messes up your system), you can enact some workarounds that stop the problem before it can harm your system, or perhaps do both.

Unofficial Workaround

In addition to the workarounds from Microsoft mentioned below, SecuriTeam has discovered that Windows XP users with Service Pack 2 installed have another option (and it’s good for blocking many other types of attacks, so it seems like a good idea!). Simply enable system-wide enforcement of software-enforced Data Execution Prevention (DEP) and make sure Internet Explorer is not exempted. It’s easier to do than to pronounce.

Difficulty: Not Very Difficult

Impact: Microsoft does not list any adverse problems with enabling this feature. In fact, they state “Software-enforced DEP can help prevent malicious code from taking advantage of exception-handling mechanisms in Windows.”

The following instructions are based on one of several different ways Microsoft allows you to configure DEP. You must be logged on as an administrator to manually configure DEP on the computer. A restart is required after completing these steps.

1. Click Start, click Run, type sysdm.cpl, and then click OK.
2. On the Advanced tab, under Performance, click Settings.
3. On the Data Execution Prevention tab, click Turn on DEP for all programs and services except those I select
4. If Internet Explorer, Outlook Express, or Outlook are listed in the box below that option, you should either remove the program(s) from the list (select the program and click the Remove button) or at least make sure the checkbox in front of each program is unchecked.
5. Click OK two times.
6. Restart your computer for the changes to take effect.

Once you have protected your system, visit ZERT’s vulnerability test page. NOTE: If your system is vulnerable, your browser will crash. If your browser crashes after following these instructions, carefully re-read the instructions and try again or try a different patch or workaround.

Unofficial Patches

Until Microsoft releases an official patch, an unofficial patch that is not supported by Microsoft is available from the Zeroday Emergency Response Team (“ZERT”). ZERT is a group of highly skilled software and hardware engineers with industry liasons who develop emergency patches for vulnerable systems. They release patches only when they feel the risk of waiting for the vendor (in this case Microsoft) to release an “official” patch is greater than the risk of releasing a patch that may not be quite as polished and fully tested, but blocks the problem. Additionally, there are several links to additional good information about the threat. ZERT’s site is located at: http://isotf.org/zert/

Download the ZERT patch and view the instructions.

Once you have protected your system, visit ZERT’s vulnerability test page. NOTE: If your system is vulnerable, your browser will crash. If your browser crashes after following these instructions, carefully re-read the instructions and try again or try a different patch or workaround.

Official Microsoft Workarounds

See Microsoft’s page under the Suggested Actions headings for updates to the following information.

Un-register Vgx.dll

Difficulty: Not Very Difficult

Impact: Applications that render VML will no longer do so once Vgx.dll has been unregistered. Generally, that should not impact your day-to-day web browsing very much unless a particular favorite site of yours uses VML; most sites do not use it much if at all.

To un-register Vgx.dll, follow these steps:

1. You must be logged in as the administrator or another account with administrative rights.
2. Click Start, click Run, type regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll", and then click OK.
3. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
4. Restart the system

To re-register Vgx.dll (this will make you vulnerable again), follow these steps:

1. You must be logged in as the administrator or another account with administrative rights.
2. Click Start, click Run, type regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll", and then click OK.
3. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
4. Restart the system

Once you have protected your system, visit ZERT’s vulnerability test page. NOTE: If your system is vulnerable, your browser will crash. If your browser crashes after following these instructions, carefully re-read the instructions and try again or try a different patch or workaround.

Modify the Access Control List on Vgx.dll to be more restrictive

Difficulty: Fairly Advanced (if you do not know what ACL’s are, skip this one)

Impact: Applications and Web sites that render VML may no longer display or function correctly. Generally, that should not impact your day-to-day web browsing very much unless a particular favorite site of yours uses VML; most sites do not use it much if at all.

To modify the Access Control List (ACL) Vgx.dll to be more restrictive, follow these steps:

1. Click Start, click Run, type “cmd” (without the quotation marks), and then click OK.
2. Type the following command at a command prompt. Make a note of the current ACL’s that are on the file (including inheritance settings) for future reference in case you have to undo this modification:
   cacls "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"
3. Type the following command at a command prompt to deny the ‘everyone’ group access to this file: echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll" /d everyone
4. Close Internet Explorer, and reopen it for the changes to take effect.

To undo this change, you will need to modify the ACL back to its original settings as noted in step #2 above.

Once you have protected your system, visit ZERT’s vulnerability test page. NOTE: If your system is vulnerable, your browser will crash. If your browser crashes after following these instructions, carefully re-read the instructions and try again or try a different patch or workaround.

Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone.

Difficulty: Not Very Difficult

Impact: Disabling binary and script behaviors in the Internet and Local intranet security zones may cause some Web sites that rely on VML to not function correctly. This workaround may impact more websites than the previous two, because more than VML scripts may be disabled, which may cause more sites to not display correctly.

You can help protect against this vulnerability by changing your settings to disable binary and script behaviors in the Internet and Local intranet security zone. To do this, follow these steps:

1. In Internet Explorer, click Internet Options on the Tools menu.
2. Click the Security tab.
3. Click Internet, and then click Custom Level.
4. Under Settings, in the ActiveX controls and plug-ins section, under Binary and Script Behaviors, click Disable, and then click OK.
5. Click Local intranet, and then click Custom Level.
6. Under Settings, in the ActiveX controls and plug-ins section, under Binary and Script Behaviors, click Disable, and then click OK.
7. Click OK two times to return to Internet Explorer.

Once you have protected your system, visit ZERT’s vulnerability test page. NOTE: If your system is vulnerable, your browser will crash. If your browser crashes after following these instructions, carefully re-read the instructions and try again or try a different patch or workaround.

Read e-mail messages in plain text format to help protect yourself from the HTML e-mail attack vector

Difficulty: A Little Difficult (Requires use of RegEdit, an advanced and potentially dangerous admin tool)
Impact: E-mail messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. Additionally, (1) the changes are applied to the preview pane and to open messages, (2) pictures become attachments so that they are not lost, and (3) because the message is still stored in Rich Text or HTML format certain aspects of the message may behave unexpectedly.

Microsoft Outlook 2002 with Office XP SP 1 or later and Microsoft Outlook Express 6 with Internet Explorer 6 SP 1 or later can enable a setting to view most messages in plain text only. Digitally signed e-mail messages and encrypted e-mail messages are not affected by the setting. For information on enabling this setting in Outlook 2002, see Microsoft Knowledge Base Article 307594.

Block VML Vulnerability Traffic with ISA Server

If your organization uses Microsoft ISA Server 2004 or 2006 firewall software, see Microsoft’s article “Learn How Your ISA Server Helps Block VML Vulnerability Traffic“.

Once you have protected your system, visit ZERT’s vulnerability test page. NOTE: If your system is vulnerable, your browser will crash. If your browser crashes after following these instructions, carefully re-read the instructions and try again or try a different patch or workaround.<

It doesn’t happen very often, but when it does, it’s really annoying. Your Windows Desktop refreshes (often after a program crashes), and all the icons on your Desktop and in the Start Menu have been reset to generic icons that all look alike. Sometimes it’s a temporary thing, and restarting the computer will fix it. Other times it takes a different tool.There are a number of nifty tools available from Microsoft’s web site called “Power Toys”. These are a bunch of little applets that tweak or enhance the way Windows works. There are things like fancier calculators, image re-sizers, and ones that are a little difficult to explain (but do really neat things). These Power Toys are version-specific (i.e., you can’t use the Windows XP Power Toys under Windows 98 for example). The WinXP version is available here.

Out of all the Power Toys that are available, TweakUI is probably the most useful tool of all. This TweakUI gives you access to system settings that are not exposed in the Windows XP default user interface, including mouse settings, Explorer settings, taskbar settings, and more. It comes in two versions, one for standard 32-bit processor machines (e.g., Celerons, Pentiums, etc.) and also for 64-bit Itanium processor machines. It runs under Windows XP Service Pack 1 or later, as well as Windows Server 2003.

To restore your Desktop and Start Menu icons, download the appropriate version of TweakUI, install it, and then run it. In the left-hand column at the bottom is an option to “Repair”. Click it, and you will see that “Rebuild Icons” is the selected option in the pull-down menu. Click the “Repair Now” button, and all your icons should magically reappear. It will also reset the order of your icons (which could be slightly annoying if you have carefully lined up your icons up in a particular pattern).

This handy tool can also fix problems related to a messed up Fonts folder, your Unread Mail Count, and many other things. Feel free to poke around and see what else you can tweak. Just remember that all Power Toys are unsupported by Microsoft. I’ve never had a problem with them, but if you do, Microsoft cannot bail you out (and neither can we).

So tweak at your own risk.

Running Windows Disk Cleanup on a regular basis is really a great idea to keep your computer running lean and efficient. The only problem is, if you are like me, I’d almost rather visit my dentist than wait for the utility to complete its scan. It turns out that about 90% of the wait is the result of just one type of scan, and that scan is essentially pointless. Here are the steps for disabling this annoying “feature” and making your Disk Cleanups as fast and efficient as they should be!

The instructions are slightly modified from a Microsoft Knowledgebase article. The article discusses what to do if Disk Cleanup stops responding completely. It turns out the “fix” works perfectly well as a preventive measure.

The instructions below only tell how to remove the scan for “compress old files”, but you could probably remove any scan which you aren’t interested in, and that should speed Disk Cleanup even more. Just make sure to backup the original registry keys so that if anything does “blow up” you should be able to restore your system to its original configuration.

Warning: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To work around this problem, follow these steps:

1. Click Start, and then click Run.
2. Type regedit in the Open box, and then press ENTER.
3. Locate, and then click the following registry key:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
   Explorer\VolumeCaches
4. On the File menu, click Export, and then click Desktop, type VolumeCaches in the File name box, and then click Save.
   Note: This step creates a backup of the VolumeCaches registry key. If you experience any problems after you complete the steps that are listed in this procedure, you can use this backup to restore the VolumeCaches key to its original state. To restore the key, double-click the VolumeCaches.reg file on your desktop, and then click Yes.
5. Expand the following registry key:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
   Explorer\VolumeCaches
6. Delete the Compress old files registry key.
7. Quit Registry Editor.

Symptoms: Every time you open Outlook Express or Outlook you are asked to re-enter your password even though the Save Password box is checked (or grayed out).

Problem: Generally this is caused by a problem in the Registry with the Protected Storage System Provider key.

Resolution: Follow the steps below to fix this problem or visit Microsoft’s Knowledge Base article 29684 for an even more detailed information.

WARNING: If you use Registry Editor incorrectly, you can cause serious problems that may require you to reinstall your operating system. There is no guarantee that problems that you cause by using Registry Editor incorrectly can be resolved. Use Registry Editor at your own risk.

1. Back Up The Registry Just to be safe you should back up this registry key before making modifications.
   1. Click Start, Run, and type regedit in the box, and then click OK.
   2. In the left panel, click the pluses next to:
      • HKEY_CURRENT_USER
      • Software
      • Microsoft
   3. Right click on Protected Storage System Provider and select Export.
   4. In the File name box, type a unique name for the key.
   5. In the Save In box, click a location for the file to be saved (the Desktop is recommended).
   6. Click Save
2. Change the Permissions
   1. Still in the Registry, Right click on Protected Storage System Provider and select Permissions.
   2. Click the user name for the user that is currently logged on and ensure that Read and Full Control permissions are both set to “Allow”.
   3. Click on the Advanced button, and select the Permissions tab.
   4. Highlight the currently logged on user, and make sure that Full Control is listed in the Permissions column, and that This Key and Subkeys is listed in the Apply To column.
   5. Place a check mark in the box for “Replace Permission Entries on all Child Objects with Entries Shown Here that Apply to Child Objects”.
   6. Click Apply.
   7. A box will appear asking if you are sure you want to do this; click Yes.
   8. Click OK and then Click OK again to return to the Registry Editor.
3. Delete the Key
   1. Click the plus sign next to Protected Storage System Provider key.
   2. Right click the user sub-key folder that will look similar to:
      S-1-5-21-3723271197-400000000-0000000000-0000.
   3. Click Delete and then click Yes in the Confirm Key Delete dialog box that appears.
   4. Each identity may have a sub-key under the Protected Storage System Provider key. Delete all of the user sub-key folders under the Protected Storage System Provider key using the same method.
   5. Close the Registry and Reboot the Computer.
4. Reenter Password in Outlook Express or Outlook
   1. Open Outlook Express or Outlook.
   2. When you are prompted to Enter password, go ahead and retype it and make sure the Save Password box is checked.

Depending on whether you are using Outlook or Outlook Express the exact method will vary. In all cases, accessing the Tools menu and selecting the choice related to Accounts will point you in the right direction. Select the user account and the option to change or modify its properties. There will be a box to be checked to save the password once it has been re-entered. It will be necessary to perform the password re-entry for each separate e-mail account. Reboot after each account change. This should complete the steps for fixing the problem of the password not being saved in Outlook Express or Outlook.

Articles at Microsoft, PC Hell, and The Elder Geek provided background information for this blog entry.