How to add program to Windows startup - winapi

I want that, when my program runs, it adds itself to Windows startup (if it doesn't exist there).
I tried this:
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v mycompany /d C:\ProgramFiles\mycompany\demo.exe /f
I also tried to copy the shortcut of the program to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
But, I need administrator privileges for both. What should I do?

I need administrator privileges for both. What should I do?
If you want your app to run for all users with a single installation, you need to install it as an admin so you can update the global users profile. So either make a separate installer that runs with admin rights, or make your app run an elevated copy of itself so it can gain temporary admin rights when it needs to access the global profile.
The only way to avoid that is to have each user run the app separately so it can install itself into each individual user's profile. You don't need admin rights for that.

You can change to:
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v mycompany /d C:\ProgramFiles\mycompany\demo.exe /f
Which should be able to write to that part of the registry
The HKLM key has read access for standard users by default. Whereas the HKCU key has write access for the currently logged in user.
If you want the program to run for all users then you could run a setup program with administrator privileges. Usually, you would run installers as administrator or equivalent on Windows.

Related

How can i change values in Windows registy without admin permissions

i want to automate something, but it only works if i manually accept the uac window, so i tried to change the registry value with this commads:
c:\Windows\System32\cmd.exe /k c:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
But it only works if i run the cmd as administrator. So again i need to accept the uac window to deactivate the uac windows...
Is there a good way to make this with a script ore something like that, or is there a bypass solution? (for automation puroses)
If you want to modify a registry hive without administrative privileges, you have to do it offline1.
To do so, you can boot into WinRE and then use regedit to modify your hives offline. You can also remove your hard disk and put it into another computer where you have administrative privileges and modify it there.
You can find an example here.
1 Offline in this case means, the hives are not mounted. Or in other words, the Windows installation is not running.

How does Nircmd do some processes without admin privileges?

For example, if i want to empty recycle bin, i use rd /s %systemdrive%\$Recycle.bin in cmd. But it is necessary to run cmd with administrator privileges. Otherwise, access will be denied.
Besides, there is a small command-line tool called Nircmd. It is only 115 kb. For the process I mentioned, i write nircmd emptybin and there is no need to start nircmd with admin privileges.
What is the explanation for a batch command I wrote asking administrator privileges when a third-party tool can do this without any privileges?

Remote registry change HKCU using only cmd and psexec

Hi everyone I am lost...
I have admin rights.
I want to modify registry key in HKEY_CURRENT_USER\Software.... on remote PC where another user is logged.
I don't want to use PowerShell because we don't have remote registry enabled.
I am stuck with cmd
Therefore I use PSexec.
If I want to change something in global HKLM its pretty easy
psexec \\COMPUTERNAME reg add HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\...... /t REG_DWORD
since I call the psexec as admin it allows me to change anything in HKLM on the remote machine
but when I need to change something in HKCU I need the SID of the user to plug it into HKEY_USERS\SID\SOFTWARE\ and that's where I hit a wall...
I tried something like this (it didn't work, the syntax is probably all wrong)
psexec \\COMPUTERNAME for /F "skip=1 tokens=1" %%i in ('query user') do set varusername=%%i
this was supposed to get remote logged users name into variable 'varusername' to later use it to get SID
something like this (again the syntax is probably wrong):
psexec \\COMPUTERNAME wmic useraccount where name='%varusername%' get sid
this completely blew up since wmic on the remote computer when executed as admin (via psexec) doesn't see the same users as query user...
here is the output of the respective commands
query user give me the logged user name 'johndoe'
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
johndoe console 1 Active none 9/10/2018 5:27
wmic useraccount get name, sid does not see the 'johndoe' at all
Name SID
DefaultAccount S-1-5-21-3285310242-2953612481-1302521585-503
defaultuser0 S-1-5-21-3285310242-2953612481-1302521585-1002
LocalAdmin S-1-5-21-3285310242-2953612481-1302521585-500
Guest S-1-5-21-3285310242-2953612481-1302521585-501
so as you can see I hit the wall
query user gives me logged user on remote PC "johndoe" but I have no way to get SID of "johndoe" using wmic useraccount to plug it into:
psexec \\COMPUTERNAME reg add HKEY_USERS\SID\SOFTWARE\Microsoft\...... /t REG_DWORD
any ideas how to get around this?
I just need to edit HKCU on remote PC for a currently logged user without using PowerShell
Firstly, if you have access to PowerShell, you may be able to use it to get the SID, to then run PSExec on your machine. Try running:
Get-AdUser USERNAME -Properties SID | Select name,Sid
in PowerShell, replacing USERNAME with the person's username you're trying to edit.
This should get the SID from the active directory, as local commands such as WMIC will not get what you are looking for.
Once you have the SID, you can whack it in your PSExec command and let loose the angels of hell.
I mention using PowerShell because even without remote registry enabled, you should be able to run this command as a System Administrator. If not, you can also just go into the Active Directory.
In cmd you can get the SID with PsGetSid.
I'm trying the same process as admin..

Script that runs "reg add" as admin

I need help in making a script (bat, vbs, whatever) that runs at startup as a different user (admin) the following command:
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome /f /v RestoreOnStartup /t REG_DWORD /d 1
I've tried combining that with "runas /savecred /user:administrator", without any success..
Background
On my work computer, in Chrome, the Startup Options are disabled. The only way to change them is through the registry, but after every restart, it reverts back to its original form (Continue where left off disabled).
So I would like a script that does enables it every time, so I don't have to do it manually.
If you have default settings use RunAs with the administrator account, except it will be disabled (but if it isn't is will run elevated as if standard settings apply).
This is a security not a programming question.
net user administrator /active:yes
You then have to allow logon with blank password in Local Security Policy.
Then
runas /user server\administrator "notepad.exe \"c:\windows\win.ini\""
The server is YOUR computer name.
I just turn offf UAC.

Need help adding registry key via batch file

I am trying to add the following registry key through cmd. I am not able to get other users to be able to add this registry key using regedit.exe /s "Location\Project.reg".
[HKEY_CURRENT_USER\Software\Autodesk\Fabrication 2014\Configuration\1011-Shady-Grove]
"Path"="C:/Autodesk/Profiles/05MA/1011-Shady-Grove"
You are using the wrong tool. Regedit is a GUI tool. Yes you can use the /s switch, but fundamentally this is the wrong tool. Plus it is built with the highestAvailable option in the UAC manifest.
What you need is reg. Use it like this:
reg add "HKCU\Software\Autodesk\Fabrication 2014\Configuration\1011-Shady-Grove" /v Path /d C:/Autodesk/Profiles/05MA/1011-Shady-Grove
AFAIK, regedit will refuse to do anything if the user doesn't have administrative access, even if he has access to the registry keys.
Try the reg add command.

Resources