Since Belarc Advisor reports that all Windows XP patches & updates are installed on my computer, it follows that the patch needed to configure autorun/autoplay has been in place for quite a while now. I cannot remember when it became available and I started trying to make it work.

Prior to this discussion, I don't recall reading anything about "redirecting legacy .INI files" such as Autorun.inf to NULL. According to Windows Explorer Search, there is no autorun.ini file on the HDD and only one autorun.inf file, in C:\Windows\system32 -- for the HP Deskjet printer.

The value autorun.ini is found in the Registry key: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603 and the same values as it has are in the key:
HKEY_USERS\S-1-5-21-682003330-329068152-725345543-1004\Software\Microsoft\Search Assistant\ACMru\5603

Currently, the Explorer Policies key NoDriveTypeAutoRun = FF. I might try DF instead. However, in my experience thus far, Autorun endlessly loops when I insert a DVD or CD disc on which there is no autorun.inf file. Most discs that I burn contain only archived data and/or perhaps some installers for outdated software that might be needed to access the archived data. It would be convenient for installing some software from the original CD-ROM if I could use autorun for the DVD and CD drives, which are installed in the hardware case, thus aren't readily "removable".

Thanks for mentioning NoDriveAutoRun and Tweak UI. I've used Tweak UI and dimly recall it has something about limiting autorun to specific drives, but I'm not sure whether I have ever used it. The DVD and CD drives have always been drives D and E. The external USB Maxtor HDD is Drive F. So I will take another look at Tweak UI, and see whether using NoDriveAutoRun with NoDriveTypeAutoRun = DF will work without causing Autoplay to enter an endless loop.

Quote: "As to optical disk autorun risks; this is huge, when the dumbo MS disk-writing system keeps a buffer of "files to be written to disk", which can be seeded with malware."

Ah, I've always suspected that there is some way that malware could insinuate itself onto an optical disc. Thank-you for mentioning it. If the malware files have read-only, hidden and/or system attributes, then I would see them with Windows Explorer regardless. (Not that I've ever found an autorun.inf file which has those attributes, either.)

However, I always burn discs with NTI CD-Maker, a commercial utility, and not the native Windows XP function. It, too, has a buffer into which it loads content pending write, whether malware can identify the buffer and exploit it -- or maybe a malware program could have some other method to force the utility to include its own files. I've been looking for an alternative to the NTI utility, but the ones that I find either (1) don't have enough versatility and features or (2) they are monster programs like Nero, which is way more than I need to use or want to pay.

FWIW, in my experience, file associations are specified in Registry keys that usually pertain to the program to which the filename extension is assigned and vice-versa. For example, the .HTML association is in Registry keys HKEY_USERS\S-1-5-21-682003330-329068152-725345543-1004\Software\Classes\.html
HKEY_USERS\S-1-5-21-682003330-329068152-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html

Hmmm.... in my experience with uninstalling Google Chrome, there are others, but the Edit > Search doesn't return those keys.