How can I customize which notification icons are displayed by default on a new installation?


Windows 7 provides a new Unattended Windows Setup setting known as NotificationArea. This setting lets you replace the default Action Center and Battery icons with two icons of your choosing.

To specify the replacement icons, you need to provide the path to the application which is providing the replacement icon, and you need the GUID for the replacement icon.

The path you know how to get, because it's where the application was installed. (Note that the application must also be signed.)

But where do you get the GUID from?

The GUID is provided by the application as part of the programmatic interface to the notification area. When the application creates its notification icon, it passes a structure known as NOTIFY­ICON­DATA, and one of the fields in that structure is the guidItem. If an application fills in the guidItem and sets the NIF_GUID flag, then that is telling the taskbar (among other things), "Hey, if an unattended setup file specifies this GUID as a replacement icon, that's me."

Okay, that says where GUIDs are programmatically specified, but where you do you, the system administrator, get the GUID from?

You get them by asking the application author, "Hi, we want to specify that your notification icon is displayed by default in Windows 7. Can you please tell us what GUID you are using for your notification icon?"

Given that application authors are always angling for a bonus, they will probably be more than happy to tell you how to give their icon more guaranteed face-time with the user.

This setting was originally designed for customization by computer manufacturers, and computer manufacturers will probably have a pretty close relationship with the companies that provide shov^H^H^H^Hvalue-added software for their systems.

Comments (22)
  1. asf says:

    What do you gain by forcing the app to be signed? (Other than keeping evil companies like VeriSign in business)

  2. John says:

    Can you just remove the damn icons, though?  Maybe by specifying GUID_NULL or something.

  3. Joshua says:

    @asf: In this particular case, you can inject a new root certificate and sign with that. Normally I would not advocate such behavior but Microsoft continues to be stupid in this regard.

  4. Tyler says:

    @asf Pretty much, you know other then insuring that the install is stable once it's finished and doesn't start blues screening in the middle of the process. But really, who cares about the user's PC being USABLE when they pull it out of the box?

  5. John says:

    @Tyler: The only thing a digital certificate proves is that somebody somewhere paid VeriSign (or another root CA) a couple hundred bucks.

    [Are you suggesting that the price isn't high enough to dissuade malware authors from applying for a certificate? -Raymond]
  6. Tud says:

    @Tyler are you implying that signed software can't be shitty and crash, or even that it is less shitty on average? Signed only means they paid to have someone say "Yes, this app was compiled by Asus" (I have plenty of signed software showing weird messages in Engrish).

    (@Raymond Why would a computer manufacturer include malware in the first place? Can't they inject a new certificate? Isn't malware as profitable as normal-ware?)

    I was going to say here that maybe Microsoft could enforce a mandatory "Windows Software Certification" for included "value-added software" (it's mandatory for hardware after all).

    And by the way, when I had the pleasure of having to reinstall Windows 7 in my Asus computer (using the built-in recovery partition), I could see what I assume must be the "Unattended Windows Setup": a large white semitransparent window covering the whole desktop saying "System setup in progress-please do not touch" while setup assistants frantically appeared and disappeared in the background (as if it was all being done with emulated keypresses and mouse clicks). I wanted to record the whole process: it was like watching a Lego machine moving and sorting balls around (e.g. http://youtu.be/N9VBQ3hW6t8) at high speed, all while hoping that none of the balls fall out of the tracks (not that I am implying that it could have failed — I know it was 100% robust software that could never go wrong due to a very small unpredicted circumstance). The whole process took at least 20 reboots and used to apparently halt for a minute or two every now and then.

  7. Jon says:

    Does anything about this post mention anything having to be signed? You need the GUID that the app uses to create the icon. Anyone can make a GUID for free. No one pays Verisign anything.

  8. Jon says:

    Nevermind, I see where it says it now…

  9. John says:

    [Are you suggesting that the price isn't high enough to dissuade malware authors from applying for a certificate? -Raymond]

    I suppose it's enough to stop most of the people most of the time, but plenty of malware can be quite profitable.

    Do you trust the root CAs to do their due diligence? I certainly don't.

    ["Enough to stop most of the people most of the time" is better than "not trying to stop anybody at all." -Raymond]
  10. I'm hoping it just needs a valid signature from a certificate from a trusted issuer, like the rest of Windows, rather than stipulating one particular CA as with the bizarre Winqual hoop.

    [Are you suggesting that the price isn't high enough to dissuade malware authors from applying for a certificate? -Raymond]

    It's high enough to be an irritant to non-commercial developers, but I doubt it's a significant issue for malware authors. Having said that, the money isn't the big barrier, but the refusal to sell to individual developers – a policy Verisign seem to have reversed now, so fingers crossed for my own application!

    [If you manage to score a contract with an OEM to have your software preinstalled on all their machines, I would hazard that you are no longer a non-commercial developer. -Raymond]
  11. John says:

    ["Enough to stop most of the people most of the time" is better than "not trying to stop anybody at all." -Raymond]

    Probably.  The silver lining is that the people smart enough to jump through the hoops probably don't want to trash your computer; better to be part of a botnet than to lose all your data.

  12. Joshua says:

    This leaves the obvious question as to whether this is possible after setup.

    [After setup, the user controls the settings. All the unattend file does is set the initial conditions. -Raymond]
  13. Joshua says:

    [If system builders were allowed to add, then they would cheerfully add 20 new icons to the notification area. -Raymond]

    I have a rule that my bosses never seem to understand until it's too late: never run a factory load.

  14. xpclient says:

    But I don't want to replace. I want to *add* and still make sure they don't get hidden as they do by default upon manual installation. Especially some icons which repeatedly get hidden even after setting them to always show icon and notification.

    [If system builders were allowed to add, then they would cheerfully add 20 new icons to the notification area. -Raymond]
  15. xpclient says:

    [If system builders were allowed to add, then they would cheerfully add 20 new icons to the notification area. -Raymond]

    And why couldn't Microsoft limit how many icons can be added during automated deployment? They already lock the OS in numerous ways.

    [As noted in the article, the limit is four. Network, Volume, plus two more. -Raymond]
  16. John says:

    People, please.  OEM installs are bad enough as it is.  We need less crapware, not more.

  17. Colin says:

    I'm kind of curious, what happens when you remove that shovelware?  Does it just revert to the defaults?

  18. Joe says:

    [Are you suggesting that the price isn't high enough to dissuade malware authors from applying for a certificate? -Raymond]

    But your article says: "The path you know how to get, because it's where the **application was installed**"

    Are you suggesting that requiring signing in this case will hinder malware authors, given that the potential malware has already had the chance to run arbitrary code during its install?

    [Good point. -Raymond]
  19. ErikF says:

    @Colin: My guess is that you would just have two less "promoted" icons in the notification area. After all, you can always customize the notifications if you don't like what's there.

  20. Jim says:

    Nobody mentioned here about the liability. You can be sued or un-sued if you are agree to install something.

  21. "[If you manage to score a contract with an OEM to have your software preinstalled on all their machines, I would hazard that you are no longer a non-commercial developer. -Raymond]"

    True: you are also unlikely to be a malware developer, though, which is why I thought this aspect was broader than notification icons. (The signing requirement here isn't to ensure that if an OEM starts bundling malware that malware doesn't get a promoted notification area icon!). Also, OEMs are not the only users of unattended installations; corporate, academic and even individual users go this route too. Of course if you're customising the system installation, you could presumably add and use your own root CA anyway.

    Signing in itself isn't an unreasonable requirement – I sign my own software, using a Startcom certificate at present (seeing a lawyer on Monday to get a Verisign one).

  22. Another reason we implemented the signing requirement is so that apps could not spoof other apps' TN icons/promo state. This becomes especially interesting when a certain ISV decides to switch their app from wow64 to native x64, or just updates their version number (which they happen to use in their folder name under "Program Files") and wants TN icon promotion state to "continue working" (i.e. if the user selected "show in notification area" for the wow64 app, keep the setting for the new version). In SP1 onwards, you can "spoof" your own TN icon if the new app is signed by the same Publisher.

Comments are closed.