I am facing issue while running a EXE. I ahve tried all possible way avialble on net as far as I did research.
1) Go to gpedit.msc-computer configuration-windows settings-security settings-local policies-security options.Change "User Account Control: Behavior of the elevation prompt for standard users:" to "prompt for credentials".
2) I tried keeping EXE entry in Applocker also and providing full access. Tried both path and Hash.
3) REG ADD HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ /v DefaultLevel /t REG_DWORD /d 0x00040000 /f
Tried even adding a new key name 0 under this. Which i checked somewhere for this issue.
4) User has full access on folder. I provided through admin user. and Everone also has full access to fodler and EXE.
EXE seems to working jsut fine with admin access.
Related
I need to verify if a chrome extension is installed or not installed on remote computers.
Extension id is unique value like that "234aljksdfklja3idffklsasf".
I need to search "HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings"
direction for extension id "234aljksdfklja3idffklsasf"
How to do that?
i think i will use code below but i need some help
WMIC /NameSpace:\root\default Class StdRegProv ....
Instead of WMIC, you should use the REG cmd, it's made to do this.
The HKCU is whatever the user running the command's registry key is.
Reg allows you to load and check the registry keys of any users not just the one running the command, even users who have not logged in since the last reboot.
Since this is a chrome extension you may need to check every used on the system to see if each has it enabled individually.
Alternatively there is probably an HKLM key that corresponds to the extension being installed, if all you want to know is if it's present at all so it can be removed.
Reg also allows you to query your computers through the network.
One issue you will have if you need to check every user's registry for the key is you need to know what the user's SIDs present on the systen are.
This is findable by querying HKLM, but I am on mobile and can't recall how without getting on my computer later to do this.
Alternatively you can also just load the reg hive file by looping the fire tory structure of the remote machine and loading each user.dat file through the reg command which is much simpler but then the code must execute on each remote machine through a login script or GPO script push.
Basically you can use reg in this manner on a local machine to check the reg of the user you are running as (HKCU)
(reg query "HKCU\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings" /s | FIND /I "234aljksdfklja3idffklsasf") && Echo.FOUND 234aljksdfklja3idffklsasf
Of course to run on another computer it's fairly simple to do, but HKCU will be the reg of the admin user you ran the command as with access to that other system, or you can try HKLM to see if that setting exists on the local machine key, which the following checks HKLM instead.
(reg query \\[Computer_Name_or_IP_Address]\hklm\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings /s | FIND /I "234aljksdfklja3idffklsasf") && Echo.FOUND 234aljksdfklja3idffklsasf
You could loop a set of computer names/IPs and check each using the above command inside the loop like so:
FOR %A IN (
Computer_A
192.168.12.13
192.168.12.31
Computer_C
) DO (
(
reg query \\%~A\hklm\SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings /s | FIND /I "234aljksdfklja3idffklsasf"
) && Echo.%~A -- FOUND 234aljksdfklja3idffklsasf || ECHO.%~A -- Key Not Found!
)
If you need to check the actual HKCU of every used on the system then you need to load each reg hive on the system and check it, this is true if you use WMIC as well, and Reg is faster.
From the MS reg page:
reg query <KeyName> [{/v <ValueName> | /ve}] [/s] [/se <Separator>] [/f <Data>] [{/k | /d}] [/c] [/e] [/t <Type>] [/z]
i got one more solution to this situation. But only works if extension is packed. Btw this solution also doesnt solve my problem because my extension is unpacked.
Packeted extensions are stored "AppData\Local\Google\Chrome\User Data\Default\Extensions".
wmic /node:remoteip datafile where "name='C:\Users\username\AppData\Local\Google\Chrome\User Data\Default\Extensions\extensionid\1.0.4_0\manifest.json'"
if extension installed command returns manifest.json file specs.
I got the solution;
wmic /node:ipaddr /NAMESPACE:"\\root\DEFAULT" class stdregprov call GetStringValue ^&H80000001,"SOFTWARE\Google\Chrome\PreferenceMACs\Default\extensions.settings","extensionid"
On localhost, it works but on remote computers access denied.
I searched all over and haven't found this answer yet.
I have a script to set up user accounts and windows customizations for new or reimaged computers. I'm mapping drive via a RUNONCE registry entry, and I'm having trouble. This local network is a Workgroup, not a domain, all PC's running Win7Pro or Win10Pro. The office manager's PC is the local file server, and I'm attempting to map a drive to it from the other computers.
Here is the portion of the RUNONCE batch file I'm having an issue with:
:PROMPTFORPMHOSTNAME
ECHO This PC was identified during InitialSetup as a Leasing Office PC.
ECHO This PC's Host Name is %computername%.
ECHO.
SET /P PMHOSTNAME="Enter the Property Manager PC Hostname: "
:MAPDRIVE
ECHO - Map M Drive
NET USE M: /delete >nul 2>&1
NET USE M: \\%PMHOSTNAME%\Data >nul 2>&1
NET USE M: \\%PMHOSTNAME%\Data /user:%computername%\[username] [password] /persistent:yes
NET USE /persistent:yes >nul 2>&1
TIMEOUT /T 5 /NOBREAK >nul 2>&1
In my scenario, the initial script uses a local admin account to create a user account via NET USER, then places the RUNONCE in the registry. After a reboot, I enter the newly created account, and the RUNONCE runs as planned.
The issue is that the RUNONCE is being run as administrator. So when it mapped the drives, it does so under the administrator-level and not the user-level. It says that the drive has been mapped successfully, but it doesn't show up.
I'm able to replicate this by running CMD in two instances, once as admin, and once as user. When I map the drive as admin, it says it's successful and doesn't show up in Explorer. When I map the drive as user, it's successful and shows as it should.
So I need to know how to get the RUNONCE to run as the logged in user so this mapped properly. Or show what in the hell I'm doing wrong and what I'm missing that should be obvious and just isn't given my current level of frustration. :P
Thanks so much everyone! I really appreciate your help in advance. :)
Persistent network drive mappings are always registered by Windows per user account and the network drives are connected only when the user logs in and are automatically disconnected on user logs out.
There are two RunOnce registry keys as described by the Microsoft documentation page Run and RunOnce Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
On 64-bit Windows there are even two more RunOnce keys as above are for 64-bit applications and below are for 32-bit applications which does not matter for this task:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
It is no good idea to use HKLM or HKCU of the administrator account on using the administrator account to register the batch file to be executed once for persistent mapping the share to drive letter M.
Better would be registering the batch file under
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
And the batch file uses reg delete for deleting itself from
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
But this works only if the user account on which the persistent drive mapping should be done once is not already created when registering the batch file in default user account registry hive.
I would be also possible not using RunOnce at all and create instead a shortcut (*.lnk) file in the directory read from registry with reg query from value Startup under registry key
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
And the batch file on execution deletes the shortcut file in the startup directory of the current user account, i.e. in directory read from registry with reg query from value Startup under registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
This approach, also working only with user account on which to execute the batch file does not already exist, is perhaps even better than running the batch file via RunOnce as the shortcut file can contain properties like window height and width suitable for this task.
By the way: The command line
NET USE M: \\%PMHOSTNAME%\Data /user:%computername%\[username] [password] /persistent:yes
is enough to create the drive mapping and enable persistent saving of all network drive connections in registry for current user account. The line above and the line below this line are counterproductive in worst case.
Please note that the option /PERSISTENT:YES changes the registry value SaveConnections under registry key HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Network\Persistent Connections to the string value yes which results in remembering from now on all network connections under registry key HKEY_CURRENT_USER\Network. The option /PERSISTENT:YES can be omitted if the registry value SaveConnections has already the string value yes on using NET USE to create the network connection and store it in Windows registry hive for current user.
For the deletion use:
%SystemRoot%\System32\net.exe USE M: /DELETE /YES 2>nul
It is better to specify in a batch file external Windows commands like NET with their fully qualified file names for a more fail-safe and faster execution because in this case the Windows command processor does not need to search for the file with name net in current directory and next in one directory after the other listed in value of environment variable PATH having a file extension listed in value of environment variable PATHEXT.
I am working with our End User Computing team to automate our domain migrations. We are using a method that involves changing permissions (including "Replace permission entries on all child objects with entries shown here that apply to child objects") on the local user folder and HKCU in regedit.
I was able to automate most of the steps with a simple batch script. For the local folder permissions I used icacls:
icacls C:\Users\%localprofile% /grant %domainuser%#contoso.com:(OI)(CI)F /T
And for the registry I used SetACL:
"C:\Win7ProfileTool\SetACL\64 bit\SetACL.exe" -on "hkcu" -ot reg -actn ace -ace "n:%domainuser%#contoso.com;p:full"
"C:\Win7ProfileTool\SetACL\64 bit\SetACL.exe" -on "hkcu" -ot reg -actn setprot -op dacl:np;sacl:np
If I follow the method manually, it works without a problem. When I run my script I get an error about not loading the profile (and a temp created / booted).
I believe I have narrowed it down to my 2 SetACL lines, but I don't know exactly what parameters are needed to emulate "Replace permission entries on all child objects with entries shown here that apply to child objects."
My googlefu led me to an icacls solution that can't be used in RegEdit and I've been poking around on SetACL's help page (specifically the set-protection-flags, but I'm not sure of the "protection" value)
Today I plan on taking a look into the Reset Children flag - but I'm not sure if I'm even on the right path.
tl;dr How do I emulate the Advanced Security tab checkbox "Replace permission entries on..." via CMD using SetACL.
I'm running setacl over batch file to set registry and it works like a charm. Maybe the way you command causing trouble. The way I use (with admin privileges)
setacl.exe -on "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.%vfilext%\UserChoice" -ot reg -actn clear -clr dacl -silent
To be more specific and failproof. The version I use is 3.0.6 from this page
Googling has yielded three methods of running a script at login so far:
Putting it into startup folder
Add a task to the task scheduler
Add it to the logon script in the group policy manager
Unfortunately, the software that I am using to configure VMs runs windows setup again in order to apply its settings to the VM after creating a clone of the template. This process seems to remove the changes to those areas. So, are there any other methods to set a script to run at logon?
There is a method through the Windows Registry.
The keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - Runs programs for all users.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - Runs programs for current user.
To make a script run using these registry keys, you just need to create a REG_SZ value inside them, its values must contain the path to the script. The value name doesn't matters.
You can check the values using Windows Registry Editor (Regedit.exe) or using reg query command:
reg query HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
You can also make these values using reg add command:
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v ValueName /t REG_SZ /d Path_to_script
You will need administrative privileges to add values.
In Windows 2003, I can start...
Control Panel -> Administrative Tools -> Local Security Policy
Then, if I go to...
Local Policies -> User Rights Assignment -> Deny log on through Terminal Services
... it lets me deny RDP access to a certain user account (even if that account is an admin).
How can I do the same thing from the command line, so I can automate it?
You should be able to use the reg command to modify the registry key that corresponds to this group policy setting.
To disable, try this from a batch file:
reg ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server"
/v fDenyTSConnections
/t REG_DWORD
/d 1
/f
I've wrapped the switches onto multiple lines for readability, make sure to put all that on one line in your batch file. I don't have access to a Windows 2003 server to confirm those two settings are one in the same but I believe they are. You could use Process Monitor to watch which registry key changes when you change that GP setting to sniff out which one it is in the event that I have the wrong key.
It appears you can also change this using the NTRights Utility and the SeDenyRemoteInteractiveLogonRight right. The syntax for that would be:
NTRights.exe -u user +r SeDenyRemoteInteractiveLogonRight