I have a tablet running Windows 10, and I need to lock it down to only run my custom executables.
My launch executable require administrative privileges to perform some functions (e.g. change system clock, start other executables, open/close serial ports) and I have enabled "Run this program as an administrator" in the executable compatibility settings. Launching the application via double-click in an explorer window or via command line, the system is able to launch its other dependent executables and functions correctly.
However, I need to get this executable to launch on log-in, and research suggests replacing the registry key linking to explorer.exe with my own launch.exe to be the simplest approach. I proved this works with notepad.exe, but my launch.exe application doesn't start... I just get a black screen.
What am I missing here to get my own executable to launch?
Attempt Breakdown
By creating a registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell and setting its value to notepad.exe, I can get notepad to start on launch.
When I change the value of the Shell key to C:\Windows\notepad.exe, this works too.
When I change the value of the Shell key to my custom executable, e.g. C:\custom\launch.exe... I get a black screen and no evidence the executable was launched as no log files from my system are generated.
Workaround Solution:
I was able to use Task Scheduler to launch my application with highest privileges, thus side-stepping the problem in the question above.
To disable explorer.exe as required, I replaced the Shell key value with a custom do_nothing.bat script that does (almost) nothing... and thus doesn't trigger explorer.exe. The file cannot be empty as otherwise Windows throws an error.
do_nothing.bat:
rem ---DO SOMETHING TO PREVENT EXPLORER.EXE LAUNCHING---
cd \
Related
Recently, i was trying to give my application administrator rights without system asking for "Do you want to give administrator rights?" and i found a way which is working perfectly.
Solution I Found
I created a bat file named nonadmin.bat and wrote the below code in it
cmd min C set __COMPAT_LAYER=RunAsInvoker && start "" %1
and if we drag any exe on it, it gives them administrator rights (before it was not letting me access environment variables without it but after draging the file on bat it did work).
Question
Now my question is:-
What actually '__COMPAT_LAYER' means and what does it do?
How do i remove such a thing so that it asks for administrator rights again?
Does this reduce system security?
__COMPAT_LAYER, and How To Use It
__COMPAT_LAYER is a system environment variable that allows you to set compatibility layers, which are the settings you can adjust when you right-click on an executable, select Properties, and go to the Compatibility tab.
There are several options to choose from in addition to the one you know about:
256Color - Runs in 256 colors
640x480 - Runs in 640x480 screen resolution
DisableThemes - Disables Visual Themes
Win95 - Runs the program in compatibility mode for Windows 95
Win98 - Runs the program in compatibility mode for Windows 98/ME
Win2000 - Runs the program in compatibility mode for Windows 2000
NT4SP5 - Runs the program in compatibility mode for Windows NT 4.0 SP5
You can use multiple options by separating them with a space: set "__COMPAT_LAYER=Win98 640x480"
Unsetting the __COMPAT_LAYER Variable
These settings persist for as long as the variable exists. The variable stops existing when either the command prompt in which the variable was set is closed, or when the variable is manually unset with the command set __COMPAT_LAYER=.
Since you are setting the variable via batch script, the variable is automatically unset once the executable you drag onto it completes and the script closes. It is important to note that the variable settings persist to any child processes that are spawned by the executable you select.
The Security of Using __COMPAT_LAYER
Setting __COMPAT_LAYER to RunAsInvoker does not actually give you administrator privileges if you do not have them; it simply prevents the UAC pop-up from appearing and then runs the program as whatever user called it. As such, it is safe to use this since you are not magically obtaining admin rights.
You can also set the variable to RunAsHighest (only triggers UAC if you have admin rights, but also does not grant admin rights if you do not have them) or RunAsAdmin (always triggers UAC).
How do I auto-run a program from Pen drive before Windows logs in, starts or even before it boots up?
I want to open command prompt before login. To do this, I tried changing the command prompt name to sethc.exe (sticky keys) which might run before I login into my account and it actually worked, but to do this I must have password and administrator privileges, so without that how could I do it?
Is the program an executable file?
Did you try looking into Windows registry? The following key is where the virus/malware usually attached itself during windows logon. A warning though, any mistake will cause you unable to go into Windows, you have to remotely modify the registry using Bootdisk.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
I am currently using a VB-Skript, which is used to start a setup.exe file, which requires administrative privilleges in order to be installed correctly, if it is not started as an administrator it will return a corresponding error message. Both the script and the setup are located on a window share that is located in a network classified as "Worokplace" in Win7 (32 Bit).
I have the foloowing strange effect, which I do not understand:
I run explorer.exe as "Administrator", and start the script by doubleclicking, which results in a final errormessage that setup.exe requires administrative privileges in order to run. I thought that when I run explorer.exe as Administrator, all other processes started within will have the same privileges.
I tried the same by starting cmd.exe as an Administrator, run the vbs by simply typing myscript.vbs, and the installation succeeds.
Obviously, the same script started from explorer with administrative rights and started from cmd.exe with administrative right finally gets different privilleges, which is what I do not understand at all. Can anybody please explain what's going on there?
Thanks alot
Any process can start a child process, and the parent process can choose what environment (including access rights) the child process will run in. The difference is simply that cmd.exe allows child processes to inherit its own environment, while explorer.exe will only apply administrator privileges if it has been told to do so, either by right-click and 'Run as administrator' or by editing the properties of a shortcut.
The bottom line is simply that they are coded that way.
In matlab, I used a windows standalone application. There is a line in this application that writes a file in C:\...\...\. When I run the output exe file produced from this windows standalone application, the exe doesn't write in C:\...\...\ neither tells me that there is a security issues in that partition. All the execution does is nothing. But, when I right-click and run the exe as administrator, it runs correctly.
I want to do it without right-click and run as administrator. Are there is a command in matlab that can do that?
If you create a shortcut to your application, you can go to the Properties of the shortcut, click on Advanced in the Shortcut tab, and select "Run as administrator". That way, whenever you start the application from the shortcut it will be run as an administrator.
(Disclaimer: applications really shouldn't "foul their own nest" by writing into Program Files. This is bad design.)
Starting from Vista, unprivileged processes are not allowed to write to protected folders such as Program Files, because Program Files is designed to store code and not data. However, since this limitation has not been enforced in XP, MS has provided a backward-compatibility hack in the form of Virtual Store. Now, when a program tries to write to protected folder, its output is being redirected into a dedicated folder. This way, the program still "thinks" it writes to its usual location, while in fact it writes to an unprotected location. However, when you later check the Program Files location, you might not see the file - because it's not really there.
You can find more details here: User Account Control Data Redirection.
If you are administrator, add full control permission for your username to the destination folder. You do that by right clicking on the folder, going to properties and then security tab. Then edit and add you username with Full Control rights. Then you don;t have to run the the program as an administrator.
There is no way you can elevate a process once it is started, so Matlab cannot possibly have a command for that. Just running Matlab elevated.
Does anybody know if there is a feasible way on Windows XP to programmatically create and configure a user account so that after logging in from the console (no terminal services) a specific app is launched and the user is "locked" to that app ?
The user should be prevented from doing anything else with the system (e.g.: no ctrl+alt+canc, no ctrl+shift+esc, no win+e, no nothing).
As an added optional bonus the user should be logged off when the launched app is closed and/or crashes.
Any existing free tool, language or any mixture of them that gets the job done would be fine (batch, VB-script, C, C++, whatever)
SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon has two values
UserInit points to the application that is executed upon successful logon. The default app there, userinit.exe processes domain logon scripts (if any) and then launches the specified Shell= application.
By creating or replacing those entries in HKEY_CURRENT_USER or in a HKEY_USERS hive you can replace the shell for a specific user.
Once you ahve your own shell in place, you have very little to worry about, unless the "kiosk user" has access to a keyboard and can press ctrl-alt-del. This seems to be hardcoded to launch taskmgr.exe - rather than replacing the exe, you can set the following registry key
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
Debugger="A path to an exe file that will be run instead of taskmgr.exe"
I guess you're building a windows kiosk?
Here's some background in replacing the windows login shell - http://blogs.msdn.com/embedded/archive/2005/03/30/403999.aspx
The above link talks about using IE as the replacement, but any program can be used.
Also check out Windows Steady State - http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx