I'm currently trying to change some few things on my work computer (as a challenge) and after few search, came into this matter.
I try to edit a registry that will finally give me freedom (AutoConfigURL of internet explorer).
When I edit it or delete it, it comes back after a short while (matter of seconds).
Which leads me to the conclusion that there is a script somewhere that recreates the registry automatically.
Maybe PowerShell or just a .bat file.
My question being: what are your ideas of finding out where is that script and how to disable it?
Thanks to you all!
You could use Process Monitor to see what's changing the key. It's an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. That might can help you to find out the program which changes the registry key.
You could also try the solution in this answer. Try to set permissions for registry keys. Immediatly remove all the permissions after you edit the registry key, then it will be read only.
Related
I am trying to setup a way to script GPO settings on a local machine that is not domain joined/standalone. I was thinking I could script the registry changes and it would reflect in gpedit, but that doesn't seem to be the case. No matter what I do to the registry, the reflected policy does not show when I close/open gpedit again. gpupdate does not do anything, and if I log off/back on, whatever the policy is set to overrides the registry setting I made. I am using powershell to do this, but the scripting portion isn't as much of a question at this time. I want to know if there is a way to get the gpo to reflect/update based off of the registry, and not the other way around?
Thanks in advance
Welcome to SO. Please see this helpful answer. You can use the PolicyFileEditor powershell module.
https://serverfault.com/questions/848388/how-to-edit-local-group-policy-with-a-script
I'm writing an NSIS script to upgrade an appliance between versions. The versioning and setup have gotten away from us a bit, as we have many versions in the field, and currently no easy way to upgrade from one version to another. So the first task I have is to write something that they can run on field machines to do everything necessary to bring them to the latest version.
The appliance runs on windows 7. it has 3 users. In the repository for the project there are 4 .msc files that contain group policies to set the appropriate settings for each of these. (computer, non-administrator, admin, appliance)
Is this the right way to go? in trying to power through learning NSIS, it seems easier to write the registry keys directly to HKU /user/... rather than the extra layer of indirection from GPO, given that I'm not doing any sort of distributed system using active directory (which I know approximately nothing about), and just have 3 static users on one static physical machine.
So concise questions:
Which approach makes more sense for my application? GPO files, or direct ntuser.dat editing on the various users.
if GPO makes sense, how do I apply an msc file inside NSIS? double clicking the file works in windows, but then you have the mmc open. oogly. is there a clean way to do it with NSIS?
How does a GPO in the registry under HKCU translate to a system wide policy? it seems to me that what's written to the registry is missing the critical information of which users it applies to (if it applies to a user or group).
Thanks in advance
.msc files usually contain data used by MMC and not policy data, perhaps you mean .adm template files? I don't think you can really apply a .msc file programmatically.
Direct registry editing is probably OK if your application just reads them normally on the other end, otherwise you might need to call gpupdate.
If your policy is stored under Software\Policies then entries in HKLM applies to everyone and entries in HKCU/HKU applies to that user. A normal user cannot change their policy under HKCU because they don't have write access. There is not really a concept of groups when using these keys.
I have a little network of a couple of machines at home, and I need to shutdown them at a certain hour.
I found out that Windows 7 from Pro upwards offers a graphical Security Policies editor, where it's possible to allow the remote shutdown, but apart from mine, the other PCs have just Home Premium, which doesn't have the editor.
I found out that the key is editable without the need of the editor, but how, and where do I find it?
Or, are there any other ways? Thanks for the help.
I have never done what you are trying to do in regards to remote shutdown, but here is some information that may be useful:
Are you using the group policy editor for Windows 7 Pro? I believe that's gpedit.msc, right? Back in the day it used to be that you could use regmon (a Sysinternals program) to monitor registry keys that are changed, but it looks like Microsoft bought out Sysinternals and then retired Regmon. However, I believe they moved the functionality to Process Explorer (edit: turns out it's Process Monitor):
Monitor: http://technet.microsoft.com/en-us/sysinternals/bb896645
Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653
On your Windows 7 Pro machine run process monitor and set it up to monitor registry changes for gpedit.msc. Then change the setting using the program. Once you have the key you can document it or export it using regedit. I'm not sure how you plan on changing the registry key remotely, though.
I'm looking for a simple method to prevent Windows Update from installing drivers automatically. Exactly these steps:
http://support.microsoft.com/kb/2500967
Is there any method to do these steps just by modifying registry keys? Or even by doing it with help of a simple bat file?
I've just found an answer. The key I was looking for is located here:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching]
"SearchOrderConfig"=dword:00000000
To add this values to our registry, we can use that command in our batch file:
REGEDIT /S NameOfOurRegFile.reg
I don't know of a registry key, but why not change the windows update to download, but not install. Then you can review the updates and use right-click-hide to hide the driver updates.
I like to see the driver updates because that lets me know that I might want to go to the vendor site to look at the real driver info and decide if I need it or not. I then only install the driver (from the vendors site) if there are changes I need.
And since I have hidden it in update, I don't get bothered again until a new driver comes out.
Just a thought (vs. hacking your registry.)
One other consideration. In some cases, a registry hack might have some side consequences that confound you late when you can't figure out why something you thought should work, doesn't. Most support options don't consider registry hacks when trying to figure out why something doesn't work...
I can't comment, so here are some things to consider.
What you want to do will possibly look very much like a virus that wants to prevent things from being fixed. So if you do find a way, I strongly encourage you to test it with a number of AV apps - and then register it with them so they don't add it later.
You do have an option to check the version of the drivers in use for given hardware items. Then, if your app sees a new driver, it can at least warn the user that a new driver was installed (and log that fact) and to roll the update back if they have problems.
I've got an uninstaller that performs some actions and then prompts the user to reboot. I'd like a directory to be deleted after the reboot takes place. I know there's a way to do this, I'm just not sure how.
I'm using a WiX installer, and I'd imagine I could use that to do so, somehow, but I'm open to alternatives (whatever's simplest is just fine with me). My target platform is Windows 7, though it would be nice if this worked with older versions of Windows as well.
What's the simplest way to mark this directory for deletion after a reboot?
If you have a locked file condition Windows Installer can handle the deletion after the reboot but there is no built-in way of instructing it to only delete it after a reboot. I think the only way you could do it would be to use a custom action to record a RunOnce registry entry that instructs it to do the delete. You can't use the Registry table for this as Windows Installer has no way of recording to the registry as part of an uninstall.
Still, you are coloring outside the lines on this one so I'd want to understand the why of this requirement in determining if it's valid.
Try using SysInternal's "MoveFile". Specify "" as the target and poof! Assuming you don't end up in permission hell... :(