Here we'll run through the main options in MyLogon.ini:
The [Global] section contains all of the general settings for the program itself. Any section other than [Global] is assumed to be an entry for a specific network. In principle the main settings are normally found in [Global] however all settings are applicable to all sections, and any settings placed in a network section will override those in the [Global] section.Lines beginning with ; are comments. Other lines are settings.
; User Items
; These settings are dynamic, changing whenever Save in the MyLogon GUI is pressed.
; Refers to thename of the network-section at end of file.
; "Direct Connection" or blank means don't dial anything before logging-on. Otherwise, MyLogon will attempt to make a VPN (remote access) connection to the server using the specified connectoid (Which must exist in the Networks Control Panel of the computer) before attempting a logon.
InterfaceStyle=FullFeatured ; (Standard | Minimalist)
; Show all the widgets on the logon screen. Or some. Or only the password dialog. This option is user-selectable from the MyLogon menu.
; User-Interface Items:
ShowProgress = 1
; A progress dialog is shown while the logon is taking place, pausing briefly to display the results of each stage. Setting ShowProgress to zero will in fact still show the dialog, but without the pauses, allowing the logon process to run much faster.
Debug = 0
; Provide tooltips, with more detailed information at each stage of the logon. Note that this option slows the process considerably, so should only be set on if there is a need for it.
PurgeConnections = 1
; Clear any existing connections before commencing (Recommended:1) -WinXP 'remembers' previous drive-mappings even when not appropriate, and these can interfere with the establishment of connections to the selected network. This option makes sure any historical shares from previous sessions are removed.
ShareCleanup = 1
; Remove any defunct drive-letters from user's desktop after logon completes (ones for which the user has no access-rights)
; Set this to 1, and any changes to the shell-integration or registry settings will be auto-updated the next time MyLogon runs. (The user will be asked for confirmation first) This is very handy for rollouts, as it allows a modified .ini file to be "self-installed" by simply copying it to the computer(s). The AutoUpdateRegistry value self-resets to zero on success, preventing unwanted repeats.
; Remote-access settings:
; If you need to dial-in for remote-access with nonstandard credentials, enter them here.
; Otherwise your normal user/pass will be used for VPN as well as logon.
; Windows Startup-Integration:
SecureMode = 1
;Determines whether MyLogon should demand a password at Windows startup.
SelfRepair = 1
;Check for, and repair, registry-damage to MyLogon done by some anti-spyware programs.
(If MyLogon won't run at startup, run it manually and it should offer to repair the damage)
AcceptLastUsed = 1
; Allow the last network-password to be used for standalone access. Note that this does have a small security-issue as the password-hash must be stored locally if you select this option. It is no less secure than some Microsoft arrangements, however.
AllowNullPassword = 0
; Zero-length passwords allowed.. or not. Your call. I wouldn't ;-)
; Setting to 1 emulates Version 1 behaviour, where typing a standalone password always results in a local logon regardless of which button is pressed. 0(zero) sets Version 2 behaviour, attempt a logon, then offer to enter standalone mode only if the logon fails.
;These are hashes of the local-access passwords. The Standalone one is configurable via the GUI. You need the administrator's hash-generator tool to create new ones outside of the GUI.
; Registry Items for Shell Integration Mode
; These are the items in the "Advanced > Security" GUI dialog.
; Advised Changes
;Don't allow user to run Task Manager until after logon. (because it allows the starting of programs)
; Stop itchy fingers from changing the profile settings in Control Panel.
; If user logs-off, they are taken back to MyLogon instead of being invited to change local-user.
;Removes the 'Adminstrative shares' - C$,D$ etc. which are seldom used but which under some circumstances are a serious security risk.
;XP has 'shared folders' which actually refer to sharing between (part-time) users of the same machine. To network users their presence is generally a cause of confusiion, so best remove them.
;By default, XP Pro and W2000 force the user to change the local password every 42 days. A coding oversight means that the forced change occurs even if the user has no permissions to set passwords, locking the user out. This option gives earlier warning of a lurking 'password timebomb' on the machine.
; Optional Changes, which depend on personal preference:
;If screensaver-lock is used, it will be locked with the local profile password, not the network one. Fine if the user understands this, but if not, best prevent it happening or they will lock themself out.
;Prevent the Windows key shortcuts from working. Some of these have unexpected results, and with inexperienced users are best turned-off as they're easily 'caught' while typing. Note: You can still press Win to see the Start Menu with this set.
;Probably the single most sworn-at XP feature. Put a CD into an XP machine, and even if it's a CD-R you created yourself to hold your own text-files, it still will cause infuriating pop-ups to appear. Setting this to 1 will nail the popups.
;Kiosk Mode (Launch a single application only, in response to a special password)
; These settings are controlled by the Advanced GUI section, or can be set manually.
; The hash of the password you must type to enter Kiosk Mode.
; The program to run. Use quotes "" if there are spaces in the pathname.
What to do when that program closes (Shutdown/Logoff/Reload)
;A very few apps object to being run fullscreen, in which case change this to "Windowed"
;(added v2.1, and only available by manual .ini file editing.)
; Do we logon to the server, or not? ("Connected" for logon to server)
; The username to logon with, IF this is distinct from the kiosk keyword. Otehrwise blank.
;( 'kiosk' is
assumed as the username if the entry is blank. This user should exist
on the server, but should have only a limited set of priveleges,
basically the minimum needed to run the kiosk app. )
; ------ End of Global section -------------
; The following sections are network-specific. The first one is the network configured by the GUI (Which only permits config of a single network, for simplicity) In fact you can have as many networks as you like, so long as you hand-edit them.
; Descriptive comment, appears in tooltip on GUI.
LogonServer = server
; Enter the server-name without any backslashes.
; Normally blank for single-server sites. Needed on multi-server sites with trust relationships.
LogonShare = netlogon
; Above is the universally-standard value, and no real reason to change it.
LogonScript = logon.bat
; See section on scripts for more information. With no specific path stated, this one will be in the netlogon share. Tip: To run a script from the MyLogon folder of the local machine instead of from the server, prefix it with 'local:' - for example, 'local:logon.bat' will run 'C:\Windows\MyLogon\logon.bat' after a successful logon.
; Add extra network sections if you wish to access more than one system. For example:
; As mentioned, only the default network can be configured in the GUI, but all can be selected.