Hi everyone I am lost...
I have admin rights.
I want to modify registry key in HKEY_CURRENT_USER\Software.... on remote PC where another user is logged.
I don't want to use PowerShell because we don't have remote registry enabled.
I am stuck with cmd
Therefore I use PSexec.
If I want to change something in global HKLM its pretty easy
psexec \\COMPUTERNAME reg add HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\...... /t REG_DWORD
since I call the psexec as admin it allows me to change anything in HKLM on the remote machine
but when I need to change something in HKCU I need the SID of the user to plug it into HKEY_USERS\SID\SOFTWARE\ and that's where I hit a wall...
I tried something like this (it didn't work, the syntax is probably all wrong)
psexec \\COMPUTERNAME for /F "skip=1 tokens=1" %%i in ('query user') do set varusername=%%i
this was supposed to get remote logged users name into variable 'varusername' to later use it to get SID
something like this (again the syntax is probably wrong):
psexec \\COMPUTERNAME wmic useraccount where name='%varusername%' get sid
this completely blew up since wmic on the remote computer when executed as admin (via psexec) doesn't see the same users as query user...
here is the output of the respective commands
query user give me the logged user name 'johndoe'
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
johndoe console 1 Active none 9/10/2018 5:27
wmic useraccount get name, sid does not see the 'johndoe' at all
Name SID
DefaultAccount S-1-5-21-3285310242-2953612481-1302521585-503
defaultuser0 S-1-5-21-3285310242-2953612481-1302521585-1002
LocalAdmin S-1-5-21-3285310242-2953612481-1302521585-500
Guest S-1-5-21-3285310242-2953612481-1302521585-501
so as you can see I hit the wall
query user gives me logged user on remote PC "johndoe" but I have no way to get SID of "johndoe" using wmic useraccount to plug it into:
psexec \\COMPUTERNAME reg add HKEY_USERS\SID\SOFTWARE\Microsoft\...... /t REG_DWORD
any ideas how to get around this?
I just need to edit HKCU on remote PC for a currently logged user without using PowerShell
Firstly, if you have access to PowerShell, you may be able to use it to get the SID, to then run PSExec on your machine. Try running:
Get-AdUser USERNAME -Properties SID | Select name,Sid
in PowerShell, replacing USERNAME with the person's username you're trying to edit.
This should get the SID from the active directory, as local commands such as WMIC will not get what you are looking for.
Once you have the SID, you can whack it in your PSExec command and let loose the angels of hell.
I mention using PowerShell because even without remote registry enabled, you should be able to run this command as a System Administrator. If not, you can also just go into the Active Directory.
In cmd you can get the SID with PsGetSid.
I'm trying the same process as admin..
Related
i want to automate something, but it only works if i manually accept the uac window, so i tried to change the registry value with this commads:
c:\Windows\System32\cmd.exe /k c:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
But it only works if i run the cmd as administrator. So again i need to accept the uac window to deactivate the uac windows...
Is there a good way to make this with a script ore something like that, or is there a bypass solution? (for automation puroses)
If you want to modify a registry hive without administrative privileges, you have to do it offline1.
To do so, you can boot into WinRE and then use regedit to modify your hives offline. You can also remove your hard disk and put it into another computer where you have administrative privileges and modify it there.
You can find an example here.
1 Offline in this case means, the hives are not mounted. Or in other words, the Windows installation is not running.
I need to delete specific user example "UserExample" from around 400 windows PCs remotely so I made this batch file but this will delete local PC user not the remote any one can help me to improve that batch
note there is no domain server linked to these pcs
thanks
#echo On
Title %1 - DeleteUser from
:NETUSE
Net use "\\%1\c$" 123456 /user:admin
if %errorlevel% NEQ 0 goto :NETUSE
net user UserExample /delete
pause
EXIT
I would assume you could use WMIC to connect to all the units listed in a text file and delete the user from them.
Something along the lines of this, perhaps:
WMIC /Output:UserDelete.log /Node:#PCList.txt /User:Administrator /Password:Pa55w0rd UserAccount Where "Name='UserExample' And LocalAccount='TRUE'" Delete
I do find it hard to believe that a single user has created accounts on 400 PC's though
I want that, when my program runs, it adds itself to Windows startup (if it doesn't exist there).
I tried this:
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v mycompany /d C:\ProgramFiles\mycompany\demo.exe /f
I also tried to copy the shortcut of the program to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
But, I need administrator privileges for both. What should I do?
I need administrator privileges for both. What should I do?
If you want your app to run for all users with a single installation, you need to install it as an admin so you can update the global users profile. So either make a separate installer that runs with admin rights, or make your app run an elevated copy of itself so it can gain temporary admin rights when it needs to access the global profile.
The only way to avoid that is to have each user run the app separately so it can install itself into each individual user's profile. You don't need admin rights for that.
You can change to:
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v mycompany /d C:\ProgramFiles\mycompany\demo.exe /f
Which should be able to write to that part of the registry
The HKLM key has read access for standard users by default. Whereas the HKCU key has write access for the currently logged in user.
If you want the program to run for all users then you could run a setup program with administrator privileges. Usually, you would run installers as administrator or equivalent on Windows.
I have a domain network, and I am working on organizing the IP addresses on this domain using DHCP. Sometimes I need to shut down the server for some maintenance, then turn it on again, so when I do some end users get their IP's wrong, they just need to renew the addresses or press "Diagnose" in the local area connection status.
I don't want to waste my time following up each host to diagnose their ip addresses to get them fixed, so I thought about a way to sum it all up in a double click, but google doesn't seem to be helping me this time.
The steps are the following (from the cmd / batch):
1-enable administrative privileges
2-ipconfid /release
3-ipconfig /renew
4-convert the .txt into .bat
I am not sure that there is a step between 1 and 2, if it is mandatory to state the echo on/off.
But what I want to be sure of is, when I open the cmd, then I want to enable the administrative rights to open the local area connection status, and then do the rest.
As I could see that the code to open a file through admin rights is
runas /profile /user:administrator “HERE THE NAME OF THE FILE TO OPEN”
But there is no need to open a specific file to edit them, so if you could help me find the way just to run as admin through the cmd and the rest is easy.
You can invoke Powershell from batch file to invoke another batch file to run under elevated privilege.
Launcher.bat
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& { Start-Process "C:\Users\..\AdminProc.bat" -Verb Runas}"
AdminProc.bat
# Run any task that requires elevated privilege.
Net Stop "Sql Server (SQLEXPRESS)"
In second batch file you can run the ipconfig /release and ipconfig /renew with anyother command.
Create a .bat or .cmd file past the below save and run as Admin
ipconfig /release
ipconfig /renew
arp -d *
nbtstat -R
nbtstat -RR
ipconfig /flushdns
ipconfig /registerdns
exit
I need help in making a script (bat, vbs, whatever) that runs at startup as a different user (admin) the following command:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome /f /v RestoreOnStartup /t REG_DWORD /d 1
I've tried combining that with "runas /savecred /user:administrator", without any success..
Background
On my work computer, in Chrome, the Startup Options are disabled. The only way to change them is through the registry, but after every restart, it reverts back to its original form (Continue where left off disabled).
So I would like a script that does enables it every time, so I don't have to do it manually.
If you have default settings use RunAs with the administrator account, except it will be disabled (but if it isn't is will run elevated as if standard settings apply).
This is a security not a programming question.
net user administrator /active:yes
You then have to allow logon with blank password in Local Security Policy.
Then
runas /user server\administrator "notepad.exe \"c:\windows\win.ini\""
The server is YOUR computer name.
I just turn offf UAC.