I'm writing a batch script and I have searched everywhere for a way to do this. I want to turn UAC all the way up (you know, the slider) via my batch script. I've already tried turning it on and off with this:
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 2 /f
But I can't find a way to turn it up! Please help! There has to be a way!
UAC slider is controlled by combination of several registry values. See this question: Set UAC Level with PowerShell. So, set desired UAC level, write down values for mentioned registry keys and apply them with reg.exe.
Related
So What I need is for when cmd.exe is open run a MsgBox and close cmd.exe
such as:
' Code for when cmd.exe loads
MsgBox("Command Prompt Disabled")
' closes command prompt
Thanks!
I need actual code
Don't use a vbscript to do this.... use a GPO.. because if someone disables that script your security control is broken.
If you're editing for a single user/single machine...
It might be faster to write a registry vb script or batch file with your control instead of using a GPO for each user you don't want using it. Create the system key if system does not exist in the Windows Key. The Caveat, is you have other controls that won't prevent disabling this with about 5-minutes of Google Searching.
reg add "HKCU\Software\Policies\Microsoft\Windows\System"
reg add "HKCU\Software\Policies\Microsoft\Windows\System" /t REG_DWORD /v DisableCmd /d 2
Using Gpedit or OU-Level assigned policies for Non-Admins
User configuration\Administrative Templates\System\Prevent access to the command prompt
Other policies to consider adding to Non-Admin User groups.
User configuration\Administrative Templates\System\Prevent access to registry editing tools
User configuration\Administrative Templates\System\Don't run specified Windows Applications
Overview:
I just have a quick question about the ability to remap keys for a single user in in the registry:
Resources used:
ASCII table used:
http://www.csee.umbc.edu/portal/help/theory/ascii.txt
https://superuser.com/questions/694465/remapping-a-keyboard-key-in-windows-8-1
Which pointed me towards: http://www.howtogeek.com/howto/windows-vista/disable-caps-lock-key-in-windows-vista/
Attempt:
That tutorial talked about making remapping keys at the machine level via:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout
So I thought to myself what the hell I would just try the same thing under: HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Keyboard Layout
Unfortunately and somewhat expected it did not work:
reg add "HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /f /d 00000000000000000400000012005b005b00A200A200120000000000
^^^ This was supposed to switch: ^^^
the recognized windows key to the control key
the recognized alt key to the windows key
the recognized control key to the alt key
I even killed explorer.exe via power-shell:
taskkill.exe -im explorer.exe /f | Out-Null; start explorer.exe
Questions:
Is what I am trying to to even possible for a single user?
If it is how would I accomplish this without third party software?
That registry key is used by the keyboard driver. It reads it when it starts up. So killing Explorer has no effect, you'll have to reboot to make changes effective. Use shutdown.exe -r. Restarting the driver without a reboot is not possible.
Do beware that hacking this key is fairly dangerous, you can lose control over the machine when you make a mistake. I recommend KeyTweak, it has let me put the Ctrl key where it belongs for the past 10 years.
If it was to work, it would hypothetically have been in the HKEY_CURRENT_USER\Keyboard Layout key in the Registry. However, in the section "Scan code mapper for keyboards" in "Keyboard and mouse class drivers", it is noted:
"The mappings stored in the registry work at system level and apply to all users. These mappings cannot be set to work differently depending on the current user."
so it seems impossible to do mapping this way per-user. (It is the keyboard driver that reads this setting and does the translation, not the session manager).
For people finding this from an Internet search.
Microsoft PowerToys includes a tool for remapping keys for a user.
Probably safer than directly editing the registry.
https://github.com/microsoft/PowerToys
I'm trying to document a work flow with a series of screen shots. At one point in the flow, a UAC prompt appears, and I'd like to grab a bitmap of it to make my storyboard complete. Because UAC prompts are on a virtual desktop (or something like that), the usual Alt+PrintScreen doesn't work. Any suggestions?
This method using the group policy editor should do the job:
1) Run gpedit.msc 2) Under Computer
Configuration\Windows
Settings\Security Settings\Local
Policies\SecurityOptions:
Change “User Account Control: Switch
to the secure desktop when prompting
for elevation” to disabled
Undo this change after the screenshot, because it makes the system less secure!
Change your UAC settings to disable the secure desktop, and then you can take the screenshot. In Windows 7, this is one of the options on the UAC slider, in Vista, I believe you need to configure the Security Policy.
Alternatively, run Windows in a VM and take a screenshot of that.
You can also remote desktop to the Windows 7 machine and run the screenshotter (or video capture) on the other machine. I've used this very successfully.
A step by step Guide
Step 1. Right click on the Program that you want to install and choose 'Run as administrator'.
Step 2. Now when the UAC Prompt appears, click on 'Change when these notifications appear'.
Step 3. Take the security Bar one-step down. Be sure to find that 'do not dim my desktop' is in the description. Now click on 'OK'.
Click on 'yes' when the UAC ask for permission.
Step 4. Now close all UAC Prompt dialog box. Again start from the beginning. You are now able to take a screenshot of the UAC Prompt dialog box with keyboard's print screen button or ms snipping tool.
Note that it will make your system less secure. So, make the security level as previous after the completion of your need.
Alternative to Michael Goldshteyns answer
You can more quickly achieve the same by copying the first registry command below and pasting it into an elevated command prompt, then hit enter.
To turn off PromptOnSecureDesktop:
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /V "PromptOnSecureDesktop" /T "REG_DWORD" /D "0x00000000" /F 1>NUL
This will turn off SecureDesktop, leaving the computer vulnerable, but you will be able to screenshot the UAC prompts.
All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
To turn on PromptOnSecureDesktop:
This will turn on SecureDesktop.
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /V "PromptOnSecureDesktop" /T "REG_DWORD" /D "0x00000001" /F 1>NUL
All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
⚠ Important: After you are done, make sure you revert the command by turning PromptOnSecureDesktop off.
Simple method: Use windows accessory SnippingTool from MS. It just works!
I am referring specifically to windows 7.
I have code that associates a certain extension with my application as proposed by webJose on the following page:
What registry keys are responsible for file extension association?
(However i correctly write to HKEY_CURRENT_USER\Software\Classes instead of HKEY_CLASSES_ROOT as suggested)
The above works initially, or if there are no other programs associated with the extension. However after using the Windows 7 built-in "Choose default program..." (found under the file-right-click context menu under "Open with") it re-associates the extension with whatever new program you choose.
What happens at this point is that "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\\UserChoice" is changed by the system, and so the newly selected program takes over.
Running the above code, to regain control over the extension will not work. The only way to regain control, is by either:
Editing the UserChoice -> Progid value, which is not allowed (neither programmatically nor using regedit.exe - access denied).
Or deleting the UserChoice value and making sure your application is the first in the MRUList value under \OpenWithList (this can be achieved using regedit.exe but not programmatically)
My question is: Is there a way to achieve this programmatically? What registry values can be changed to regain control of an extension, after is associated with another program?
I know it might seem obvious that if a user through explorer sets the associated application to an extension, that it would be expected to do it the same way again to re-associate the extension to a different application.
The problem however is I have a button in my application that uses the above mentioned code to check for extension association with my application. Unfortunately with the above situation, my application displays a message confirming that the extension is already successfully associated when its not! So is there a way around this?
Deleting UserChoice should revert the default program to the standard file association keys (which starts with the ProgID in HKCU). Barring that you could also delete OpenWithList, which would be reverting with extreme prejudice.
Edit:
Check out Registry Key Security and Access Rights on MSDN, particularly the RegSetKeySecurity function. Remember that you'll need to grant yourself administrative control to the key before you can delete it.
Well regarding file assoc in Window 7 a new 'problem' araised.
It's one of this: You've to fight for your rights.
Assuming you like to run
REG.exe DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice" /f /va
You'll get ACCESS DENYED.
When you check security setting of the key in Regedit 'UserChoice' you'll see that there's a setting windows made for you, to deny 'set' for the current user. Well you maybe change/delete this setting in regedit and now you can delete UserChoice.
However for programmer/scripters that setting is a little bitchy since there are now real tools to set ACLs in the registry. However here some workaround that at allows to delete keys with ACCESS DENYED (of course this only works incase you've the right to change permissions):
ResetMovAssoc.cmd
::create 'empty.hiv'
REG ADD "HKCU\emptyKey" /f
REG SAVE "HKCU\emptyKey" empty.hiv /y
#REG DELETE "HKCU\emptyKey" /f >nul
::^-note you can add #[...] >nul to the other entries as well to run them quite
:: Delete Reg key by replacing it with an empty hiv
REG RESTORE "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov" empty.hiv
del empty.hiv
To summarize this the major thing here is REG RESTORE + Registry hive file containing just and empty key.
In Regedit that'll equivalent to Import' with a just an empty registry structure file (Note: that's a hive file and not a *.reg file).
My solution was not to try to delete the UserChoice key (only administrators can do it), but to delete the key the ProgId is pointing to. If the user made a choice in the past the ProgId has a value like Applications\*.exe. The non-admin can delete the key in a batch:
REG DELETE HKCR\Applications\*.exe /f
This might be a bit of a hack, but worked for me.
Also on Windows 10, this command can't work:
Reg.exe delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v" /f
The solution is to delete the SID key by running a BAT file under TrustedInstaller (with NSudo, PowerRun, etc):
for /f "delims=\ tokens=2" %%A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do set SID=%%A
Reg.exe delete "HKU\%SID%\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v" /f
P.S.: Thanks to #SecurityAndPrivacyGuru for sharing the SID detection command.
One of the projects I work on need to read a registry key in order to determine some value. Usually the value will be written during installation.
Because I want to run the project locally as well (without installation) I want to write that value after the build has finished.
Is there a simple way I can do that?
Searching the web I've found this cool tool that comes with windows called REG.EXE
Using it from within VS is simple - REG ADD HKLM\SOFTWARE\\ /v NUnitDir /t REG_SZ /d /f
You can create a small program that creates your registry key and call that program in the post build event.
Edit
If you can extract your registry settings to a file, you can add this to you post build event:
regedit /s $(ProjectDir)test.reg
/s makes it silent.