Professional Documents
Culture Documents
(CPU)
i7-4710MQ
Intel
Intel Core i7
4710MQ
2,50 GHz
LED LCD
17,3 "
1920x1080
Full HD
(RAM)
16 GB
DDR3
Nvidia
GeForce GTX 880M
8192 MB
Shared
SSD
80 GB
HDD
1000 GB
Optical Drive
DVD
CD, DVD
Card Reader
9-in-1
Windows 8 ?
4,15 kgr
: ,
Qosmio LCD,
: 256 GB
: 1 TB
: 5,400 rpm
Blu-ray Disc
: 43,9 cm (17,3'')
: FHD TFT Toshiba TruBrite,
LED 16 : 9
: 1.920 x 1080
+ (.) : 8 ms
: :
: 1.920 x 1.080
1
1 RJ-45
1 ()
1 Sleep-and-Music
1 ( SD 2 GB,
miniSD/microSD 2 GB, SDHC 32 GB, SDXC 64 G
MultiMedia Card 2 GB)
2 USB 3.0
2 USB 3.0 USB Sleep-and-Charge
1 HDMI Ultra HD 3D
1 Web 2,0 MP FHD (1.980 x 1.080)
4 (1 )
: Wi-Fi
: 802.11b/g/n
: Intel
: LAN
: Intel Centrino Wireless-N 2230
: Intel
: Bluetooth 4.0 + LE
: 4.0 + LE
: Intel
: Intel Wireless Display Miracast ready
: 24-bit
: 4 Harman Kardon 6 W
DTS Studio Sound
: Conexant (CX20751-11Z)
: 87
Windows :
: Frameless black tile backlit keyboard and 10-digit numeric keypad
: Clickpad multi-touch,
, .
:
: 3,5 (Mobile Mark 2012)
AC
: AC (100/240 V)
: 19 V
: 9.5
AC
'
Kensington
Intel SpeedStep
SM BIOS
ENERGY STAR
CE. CE
Toshiba Europe GmbH, Hammfelddam 8, 41460 Neuss, .
The ability to make your application the shell is one of key features of Windows XP Embedded. Devices can
start in a
custom shell instead of starting in the Explorer shell, which provides two benefits. The first benefit is that the
system will
start faster. The Explorer shell takes a significant amount of time to load all of the support libraries and files,
whereas a
specific application will most likely have fewer libraries to load. The second benefit is that access to a
device's administrative
functions can be limited, depending entirely on how the custom shell application is written.
Limiting a user's access to administrative functions such as Control Panel can be a benefit, but there is a
small drawback:
The administrator is also limited unless the administrator can start in a different shell.
The ideal solution would be to set up Windows XP Embedded so that the user account can start in the
application shell and
the administrator account can start in an administrative shell. Security features built in to Windows XP
Embedded would then
prevent users from accessing administrative functions. This article describes how this solution can be
implemented.
Contents
Registry Is the Key
How It Works
Setup for Windows XP Embedded
Extra Notes
Conclusion
How It Works
When the user logs on, Windows uses Key1 to determine which key holds the shell information. Normally,
Windows uses
Key2 next. However, if the value of Key1 is changed to USR:Software\Microsoft\Windows
NT\CurrentVersion\Winlogon,
Windows will use Key3 for the user logging on to start the user's specific shell.
Changing the registry key values in a system with a registry already set up is fairly straightforward. The
challenge is how to
do this in Windows XP Embedded, where the registry is set up during the First Boot Agent (FBA) process.
HKLM keys can be set up in Target Designer because they are computer specific. Setting up the HKCU
keys, however, is
impossible in Target Designer because the accounts will not be created until after FBA runs. The user
account and
administrator account components create only the accounts, user names, and passwords. These
components cannot be
used to set up a specific shell. The only solution is to set up the specific shells after the Windows XP
Embedded image has
completed the FBA process.
The trick to making different shells for different users in Windows XP Embedded is in the setup. There are a
few
components that need to be part of the configuration so that Key3 can be set up for the user's account:
Windows Logon. Because different accounts will be part of the image, Windows Logon (Standard) is a
required
component for the configuration. Windows Logon supports the ability to log on to different accounts locally
and
remotely. By contrast, the Minlogon component supports only logon to a single administrator account.
Two User Account components. Two computer accounts are required at a minimum; at least one account
must be
an administrator account. The User Account component can be set up to be an administrator account
through the
Extended Properties page. When a user account is set up as an administrator account, it replaces the
generic
"Administrator" account, just as in other versions of Windows XP. Because of the elimination of the
administrator
account, you may want to consider using two instances of the User Account component. You can set up one
component as an administrator (which will have the administrator shell), and you can set up the other
component as
a regular user (which will have the system shell).
Automatic Logon. Most original equipment manufacturers (OEMs) want their systems to start directly in the
application. The Automatic Logon component can be added to the configuration to start directly in the user
account,
whose shell will be the system's application.
Default Shell. Windows XP Embedded comes with several shells: Explorer, Task Manager, and Command.
You can
also create a custom shell. A shell component is required in the configuration. When you select a shell
component for
the configuration, the shell will be the default shell for the Windows XP Embedded image, so you do not need
to set
up Key2.
For setting up different shells for different users, the chosen shell component will be the administrator shell,
and the shell must allow access to configure the registry to set up Key3. Task Manager may be a good
choice.
TaskManager is small shell that you can use to start other applications, such as Control.exe (Control Panel)
or
Regedit.exe (Registry Editor). You may want to create your own administrative shell if the TaskManager shell
is
not appropriate. After the FBA process is completed, all accounts will have the same administrator shell. You
can then log on to any account and set Key3.
User Shell. The last component is the user or system application, which will be the second shell. Your
second shell
component should not be set up as a shell component or be grouped with the other shell components.
Rather, the
second shell component should be treated like any other application component, such as Windows
Accessories or
Transmission Control Protocol/Internet Protocol (TCP/IP) utilities. After the FBA is completed, you can log on
to the
user account and set up Key3 to point to the application. If the application component is missing, the default
administrator shell component will appear.
Other components. Windows Script Engine and Registry Editor can be included to help with creating Key3.
You can
create a custom application to perform this task.
Setting Up Key1
You must set up Key1. In the Extra Registry Data, found at the top of the configuration, add Key1 as
described earlier, with
the value set for USR:Software\Microsoft\Windows NT\CurrentVersion\Winlogon. To see the Extra
Registry Data
resource, you may have to enable resources by clicking View, pointing at Resources, and then clicking
Target Designer.
After the configuration has been set up, built, and downloaded to the target, and after the FBA process is
completed, the
last step is to set up the user account for the system shell. Because you initially set up the image to start in
the administrator
shell, you should be able to access the registry.
Setting Up Key3
To set up the user account with the unique shell, you must log on to the user account and add Key3 to set
the path to the
system application. Note that you cannot log on to the administrator account to change the user account's
shell. After you
log on to the user account, you can use Regedit.exe, Windows Script, or another application to create Key3
and set the path
to the application.
The following is an example of WScript.
Extra Notes
By default, Windows Script engine is set up for WScript. WScript uses dialog boxes for input and output
messages. CScript
'Windows Script to set a user shell
set shell = CreateObject("WScript.shell")
shellpath = InputBox ("Enter the path and name of the EXE application
to be this user's shell. Example: c:\windows\system32\cmd.exe:")
if shellpath <> "" then Shell.RegWrite
"HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell", shellpath, "REG_SZ"
'Windows Script to set a user shell
set shell = CreateObject("WScript.shell")
wscript.stdout.WriteLine "Change the Shell for this user."
wscript.stdout.WriteLine
ChangeReg
sub ChangeReg
wscript.stdout.WriteLine "Enter the path and name of the EXE application to be this
user's shell.
wscript.stdout.WriteLine "Example: c:\windows\system32\cmd.exe or type QUIT to exit: "
if wscript.stdin.AtEndOfStream then exit sub
shellpath = wscript.stdin.ReadLine
if ucase(shellpath) = "QUIT" then exit sub
Shell.RegWrite "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell",
shellpath, "RE
wscript.stdout.WriteLine "User will now have a new shell"
wscript.stdout.WriteLine
end sub
uses only a command prompt, which is ideal for headless systems. You can change to CScript only from an
administrator
account. If you decide to use a Windows Script Engine, you must modify the registry data for the Windows
Script Engine
component for the Microsoft Visual Basic Scripting Edition (VBScript) file. Change
HKEY_CLASSES_ROOT\VBSFile\Shell\Open\Command and add %1 to the end of the value
%11%\WScript.exe, as shown
in Figure 1.
Figure 1. Changing the registry value for the Windows Script Engine component
After Key3 has been created, you can log on again to the user account and see the new shell for the
account. When you log
on to the administrator account, the default or administrator shell will still be started.
If you are using remote administration features, be aware that Telnet allows more than one user to be logged
on to the
same computer, but Remote Desktop Connection or Microsoft NetMeeting allows only one user to be
logged on to the
computer. Remote Desktop Connection takes control of the desktop and logs off users from a system. If you
plan to use
Remote Desktop Connection, your system must not be affected by an administrator logon and a logoff of the
user account.
In addition, after Key3 has been set up, you can use FBresealfound with the Cloning componentto
reseal the image for
duplication. The registry key information for the user account will be preserved.
Conclusion
Windows XP Embedded provides a flexible way to deploy the popular Windows XP operating system into a
number of
embedded devices. The ability to have two accounts with different shells allows OEMs to build systems that
prevent users
from accidentally accessing administrative functions. The solution is to define the administrative shell as the
default shell in
the system and change the user account's registry keys to point to a second shell.
Microsoft Corporation. All rights reserved.
2014 Microsoft. All rights reserved.
DELL ALIENWARE 17
(CPU)
i7-4710MQ
Intel
Intel Core i7
4710MQ
2,50 GHz
LED LCD
17,3 "
1920x1080
Full HD
(RAM)
16 GB
DDR3
Nvidia
8192 MB
Shared
SSD
80 GB
HDD
1000 GB
Optical Drive
DVD
CD, DVD
Card Reader
9-in-1
Windows 8 ?
4,15 kgr
: ,
Qosmio LCD,
: 256 GB
: 1 TB
: 5,400 rpm
Blu-ray Disc
: 43,9 cm (17,3'')
: FHD TFT Toshiba TruBrite,
LED 16 : 9
: 1.920 x 1080
+ (.) : 8 ms
: :
: 1.920 x 1.080
1
1 RJ-45
1 ()
1 Sleep-and-Music
1 ( SD 2 GB,
miniSD/microSD 2 GB, SDHC 32 GB, SDXC 64 G
MultiMedia Card 2 GB)
2 USB 3.0
2 USB 3.0 USB Sleep-and-Charge
1 HDMI Ultra HD 3D
1 Web 2,0 MP FHD (1.980 x 1.080)
4 (1 )
: Wi-Fi
: 802.11b/g/n
: Intel
: LAN
: Intel Centrino Wireless-N 2230
: Intel
: Bluetooth 4.0 + LE
: 4.0 + LE
: Intel
: Intel Wireless Display Miracast ready
: 24-bit
: 4 Harman Kardon 6 W
DTS Studio Sound
: Conexant (CX20751-11Z)
: 87
Windows :
: Frameless black tile backlit keyboard and 10-digit numeric keypad
: Clickpad multi-touch,
, .
:
: 3,5 (Mobile Mark 2012)
AC
: AC (100/240 V)
: 19 V
: 9.5
AC
'
Kensington
Intel SpeedStep
SM BIOS
ENERGY STAR
CE. CE
Toshiba Europe GmbH, Hammfelddam 8, 41460 Neuss, .
DELL ALIENWARE 17
(CPU)
i7-4710MQ
Intel
Intel Core i7
4710MQ
2,50 GHz
LED LCD
17,3 "
1920x1080
Full HD
(RAM)
16 GB
DDR3
Nvidia
8192 MB
Shared
SSD
80 GB
HDD
1000 GB
Optical Drive
DVD
CD, DVD
Card Reader
9-in-1
Windows 8 ?
4,15 kgr
: ,
Qosmio LCD,
: 256 GB
: 1 TB
: 5,400 rpm
Blu-ray Disc
: 43,9 cm (17,3'')
: FHD TFT Toshiba TruBrite,
LED 16 : 9
: 1.920 x 1080
+ (.) : 8 ms
: :
: 1.920 x 1.080
1
1 RJ-45
1 ()
1 Sleep-and-Music
1 ( SD 2 GB,
miniSD/microSD 2 GB, SDHC 32 GB, SDXC 64 G
MultiMedia Card 2 GB)
2 USB 3.0
2 USB 3.0 USB Sleep-and-Charge
1 HDMI Ultra HD 3D
1 Web 2,0 MP FHD (1.980 x 1.080)
4 (1 )
: Wi-Fi
: 802.11b/g/n
: Intel
: LAN
: Intel Centrino Wireless-N 2230
: Intel
: Bluetooth 4.0 + LE
: 4.0 + LE
: Intel
: Intel Wireless Display Miracast ready
: 24-bit
: 4 Harman Kardon 6 W
DTS Studio Sound
: Conexant (CX20751-11Z)
: 87
Windows :
: Frameless black tile backlit keyboard and 10-digit numeric keypad
: Clickpad multi-touch,
, .
:
: 3,5 (Mobile Mark 2012)
AC
: AC (100/240 V)
: 19 V
: 9.5
AC
'
Kensington
Intel SpeedStep
SM BIOS
ENERGY STAR
CE. CE
Toshiba Europe GmbH, Hammfelddam 8, 41460 Neuss, .