I am looking for the registry key equivalent for force shutdown from a remote system GPO setting.
for some reasons I can't use GPO so if anyone knows please help.
I tried to use Process monitor for getting this information but not an expert so was not able to find it.
Related
I am trying to setup a way to script GPO settings on a local machine that is not domain joined/standalone. I was thinking I could script the registry changes and it would reflect in gpedit, but that doesn't seem to be the case. No matter what I do to the registry, the reflected policy does not show when I close/open gpedit again. gpupdate does not do anything, and if I log off/back on, whatever the policy is set to overrides the registry setting I made. I am using powershell to do this, but the scripting portion isn't as much of a question at this time. I want to know if there is a way to get the gpo to reflect/update based off of the registry, and not the other way around?
Thanks in advance
Welcome to SO. Please see this helpful answer. You can use the PolicyFileEditor powershell module.
https://serverfault.com/questions/848388/how-to-edit-local-group-policy-with-a-script
I'm currently trying to change some few things on my work computer (as a challenge) and after few search, came into this matter.
I try to edit a registry that will finally give me freedom (AutoConfigURL of internet explorer).
When I edit it or delete it, it comes back after a short while (matter of seconds).
Which leads me to the conclusion that there is a script somewhere that recreates the registry automatically.
Maybe PowerShell or just a .bat file.
My question being: what are your ideas of finding out where is that script and how to disable it?
Thanks to you all!
You could use Process Monitor to see what's changing the key. It's an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. That might can help you to find out the program which changes the registry key.
You could also try the solution in this answer. Try to set permissions for registry keys. Immediatly remove all the permissions after you edit the registry key, then it will be read only.
I am testing installation scripts and must put Windows into a state that a reboot is pending from another installation. I have read how to test whether a reboot is needed. A proper way to set the need is not clear.
The honest answer: I don't know for sure. There are a lot of different registry locations that indicate that a reboot is necessary. I just tried to make an ad-hoc list here: How do I reference the Reboot Pending Property in Burn (WiX). I am not sure what mechanism uses them all, but some of these reboot entries could conceivably cause further installs to be blocked.
As you know there are certain Windows Updates that manage to schedule reboot prompts that will not cease or go away and not allow further software to be installed (at least not Windows Installers). I am not familiar with the APIs used to trigger this - chances are they are Microsoft's own functions that can only be called by TrustedInstaller (Windows Modules Installer service - used to install Windows Updates- capable of replacing files protected by Windows Resource Protection ). Just a theory. If I get time tomorrow I will have another look.
There are features in group policy to disable Windows Installer by policy, but I would not go down that path if I were you. Group policy is heavy stuff and it won't prevent non-MSI installs (so far as I know). I am sure you have already found this option.
Looking at this script: Get-PendingReboot-Query, the SCCM section seems to indicate what is referred to as a "Hard Reboot" ($CCMClientSDK.IsHardRebootPending). Maybe something which indicates a reboot that will not allow anything else to be done before the reboot is done? If you have SCCM available this is the option I would investigate. Unfortunately I am not up to speed on the issue. Maybe try your luck on serverfault.com or even superuser.com where system administrators and power users lurk?
I wouldn't advise you to proceed with a reboot automatically. You should better inform the user that before going with the installation, a reboot is needed.
If you want to make sure that after the reboot (any reboot), the installer will be running, you can take advantage of the Run and RunOnce registry keys:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa376977(v=vs.85).aspx
Basically, if you detect that a reboot is pending, then create those registry behind and also inform the user that he should reboot first the machine.
After reboot, the installation will be loaded automatically by Windows if you create the registries.
You can add an entry in the registry, based on which you can check for reboot. Or perform reboot.
Though I would advise you to avoid reboot, if you can. Windows installer automatically detects if the reboot is required and will indicate the same. Though you can suppress it.
There is a PendingRenameOperations registry, which is set when a reboot is required to do file updates, during an upgrade. In our product, we check for this registry key along with few other product-related registry keys - then display an message to user that reboot is required or not. If reboot is accepted by the user, then install/upgrade is terminated.
Nice article on the same: https://technet.microsoft.com/en-us/library/cc164360(v=exchg.80).aspx
I have a little network of a couple of machines at home, and I need to shutdown them at a certain hour.
I found out that Windows 7 from Pro upwards offers a graphical Security Policies editor, where it's possible to allow the remote shutdown, but apart from mine, the other PCs have just Home Premium, which doesn't have the editor.
I found out that the key is editable without the need of the editor, but how, and where do I find it?
Or, are there any other ways? Thanks for the help.
I have never done what you are trying to do in regards to remote shutdown, but here is some information that may be useful:
Are you using the group policy editor for Windows 7 Pro? I believe that's gpedit.msc, right? Back in the day it used to be that you could use regmon (a Sysinternals program) to monitor registry keys that are changed, but it looks like Microsoft bought out Sysinternals and then retired Regmon. However, I believe they moved the functionality to Process Explorer (edit: turns out it's Process Monitor):
Monitor: http://technet.microsoft.com/en-us/sysinternals/bb896645
Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653
On your Windows 7 Pro machine run process monitor and set it up to monitor registry changes for gpedit.msc. Then change the setting using the program. Once you have the key you can document it or export it using regedit. I'm not sure how you plan on changing the registry key remotely, though.
I am writing an automation the deployes several machines and installs several programs on them.
One of the steps a user would do manually is logging off and on to a windows computer as part of an installation process.
Can someone please point me to relevant links so i can understand how to simulate a logging in process into windows without a gui?
I mean i need to make the machine think someone logged in to it and i am using only powershell.
launching mstsc does not do the trick because i cant overcome the request for certificate (I need an automatic process but i did not find a way to silence the certificate warning)
I searched for a couple of days and could not find what I was looking for.
Thank you for your help!
It's just an idea. Perhaps you can first make the image of the machines with automatic logon , install the software and finally remove the automatic logon ?
This link has details about Automatic Logon
http://support.microsoft.com/kb/315231