Remotely turn off Sharing Wizard in Windows 7 - windows

I am trying to figure out the registry key in Windows 7 that will turn off Sharing Wizard for a computer (not just a user).
Is this the key?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SharingWizardOn
But here is my problem, there are many values, and I don't know which one to change to Disable the Sharing Wizard on the Windows 7 computer
Which key do I change to 0?

First, it isn't the key
HKEY_USERS\<userId>\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SharingWizardOn
but the REG_DWORD value called SharingWizardOn in the key:
HKEY_USERS\<userId>\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Second: replacing <userId> in the above path with .DEFAULT will only set it for new user accounts subsequently created (HKEY_USERS\.DEFAULT is used to initialise the new user's registry settings).
To set it for all users you need to change for each existing user profile. This can be done by setting for each user (represented by their security ID – SID – rather than their user name). Iterating through all the subsekeys of HKEY_USERS that *do not end with _Classes would work.
Here the value looks like this in regedit (for my account, hence the path starting HKEY_CURRENT_USER which is just an alias for HKEY_USERS\<My Account SID>):

Yes sure, you are rigth!
Apply For all users
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SharingWizardOn
Just change ..
CheckedValue to 0
And thats all
You do not need to restart!

Related

Windows Share Permissions for Domain Admins not working

I'm setting up a new share that I've enabled enumerated access on. I'm looking to limit people access to files on a certain folder. I've setup other folders that restrict access unless your in a security group. This folder thats giving me trouble was copied over from another network share. When I create a folder from scratch everything works fine so I'm curious if thats whats giving me issues.
The folder I'm trying to access is
x:/Limerock/Projects/"Project Name"
If I go into the security tab and check my effective access it says that I have full control:
The user I'm signed into is joe.jankowiak which is part of the Domain Admins security group. Domain Admins owns all the folders in above this and has full control.
When trying to enter the folder it tells me I need to request permission. I'm an admin so it goes through and adds "joe.jankowiak" to the full control list in the security permissions.
Why is it not taking my domain admin credentials to enter this folder? I'm seeing other weird behavior such as it saying "Unable to display current owner." and "You must have read permissions to view the properties of this object". Clicking continue lets me see it.
Everything looks right, I've setup 6 other new folders in the exact same manner and they work fine. I've signed in and out many times but it hasn't fixed it. Weird enough, another computer I signed into lets me access the folder just fine. Is there a way to reload file permissions since logging in/out doesn't seem to do it. Is there a command like gpupdate that I should run?
I have seen this before andyou might need to do the following operations in order:
-Replace Ownership on the folder and replace all child object ownership too=>apply or OK
-Close the security properties and re-open it again
-Add Domain Admins as full control and Replace all child object permissions... =>apply/OK
That should do it

NTUSER reg entries does not get reflected in Current user

I need to make customization to all new users and I chose modifying registry to achieve this. When I loaded default user NTUSER.DAT file and add, all current user changes. Though I see most customization keys are imported, I have problem with few keys.
Even though they are loaded in HKEY_USERS\NTUSER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer, i dont see the same in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.
this applies to few other keys as well.
any suggestion/help is appreciated
HKEY_CURRENT_USER holds the user settings for the currently logged in user (and is usually abbreviated HKCU). This is actually just a link to HKEY_USERS\<SID-FOR-CURRENT-USER> where <SID-FOR-CURRENT-USER> you can find in Win32_UserAccount class, e.g. as wmic.exe useraccount get Name, SID.
This hive is automatically loaded from file %USERPROFILE%\ntuser.dat on signing in, and you can see it running dir /A %USERPROFILE%\ntuser.dat.
The HKCU has nothing to do with a hive loaded to the registry from file C:\Users\Default\NTUSER.DAT (and named as NTUSER in your case). If you make changes to this default user profiles registry, all new user profiles will be equally affected.

Need to disable Sticky Keys for every account on computer

With a program that I'm working on, I have a need to be sure that keyboard access features like Sticky Keys is disabled for everyone.
I have code that can:
Change the active setting for the current user (enable or disable). This only affects the current user when they are logged in and is not something that is permanently set.
Change the registry setting for the current user (disabling by setting HKCU\Control Panel\Accessibility\StickyKeys\Flags to "506"). This only affects the current user's registry entry and will make sure that the settings are set for each time they log into Windows.
Change the registry setting for the ".DEFAULT" user in a similar way as item 2. This means that any new account that is set up on the computer will have Sticky Keys and the hot key for it disabled by default.
What I don't know how to do is to go about changing the setting for all of the existing users whose settings are in the registry when they are not logged in. Essentially, I want to be sure that Sticky Keys are disabled for them. Is there a convenient way that I can parse the registry for all existing user accounts and change that setting?
I Understand Your Problem, the answer is too long to post here,
Please Read this and it i think you will have your answer
let me know how you go
PS, The Link is safe and virus free, don't worry
DISABLING STICKY KEYS FOR ALL USERS
One Last thing, i thought might be useful in your situation
Please be advised that, when you Access a Hidden File called "Default" Under Users
C:\Users\Default
BE REALLY CAREFUL HERE (this file is critical)
Any Changes or settings made to this file will affect all users and all Future User Accounts

How do I set windows to perform auto login?

Windows has a feature that allows an administrator to perform auto-logon whenever it is started. How can this feature be activated?
Based on the advice, moved the answer to the answers section:
There are tools out there that give you a GUI for setting this easily, but you can also do it relatively easily by editing the registry.
Under the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Add the following values:
DefaultDomainName String < domain-name >
DefaultUserName String < username >
DefaultPassword String < password >
AutoAdminLogon String 1
Important: Using auto-logon is insecure and should, in general, never be used for standard computer configurations. The problem is not only that your computer is accessible to anyone with physical access to it, but also that the password is saved in plain-text in a well known location in your registry. This is usually used for test environments or for special setups. This is even more important to notice if you intend to perform auto-logon as an administrator.
If you don't want to store the clear-text password in the registry, use this method:
Start -> Run
enter "control userpasswords2"
disable checkbox "Users must enter a user name and password to use this computer"
click "OK"
enter a valid user name and password that is used for auto-logon

Windows / Active Directory - User / Groups

I'm looking for a way to find a the windows login associated with a specific group. I'm trying to add permissions to a tool that only allows names formatted like:
DOMAIN\USER
DOMAIN\GROUP
I have a list of users in active directory format that I need to add:
ou=group1;ou=group2;ou=group3
I have tried adding DOMAIN\Group1, but I get a 'user not found' error.
P.S. should also be noted that I'm not a Lan admin
Programatically or Manually?
Manually, i prefer AdExplorer, which is a nice Active directory Browser. You just connect to your domain controller and then you can look for the user and see all the details. Of course, you need permissions on the Domain Controller, not sure which though.
Programatically, it depends on your language of couse. On .net, the System.DirectoryServices Namespace is your friend. (I don't have any code examples here unfortunately)
For Active Directory, I'm not really an expert apart from how to query it, but here are two links I found useful:
http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm
http://en.wikipedia.org/wiki/Active_Directory (General stuff about the Structure of AD)
You need to go to the Active Directory Users Snap In after logging in as a domain admin on the machine:
Go to start --> run and type in mmc.
In the MMC console go to File -->
Add/Remove Snap-In Click Add Select
Active Directory Users and Computers and select Add.
Hit Close and then hit OK.
From here you can expand the domain tree and search (by right-clicking on the domain name).
You may not need special privileges to view the contents of the Active Directory domain, especially if you are logged in on that domain. It is worth a shot to see how far you can get.
When you search for someone, you can select the columns from View --> Choose Columns. This should help you search for the person or group you are looking for.
You do not need domain admin rights to look at the active directory. By default, any (authenticated?) user can read the information that you need from the directory.
If that wasn't the case, for example, a computer (which has an associated account as well) could not verify the account and password of its user.
You only need admin rights to change the contents of the directory.
I think it is possible to set more restricted permissions, but that's not likely the case.
OU is an Organizational Unit (sort of like a Subfolder in Explorer), not a Group, Hence group1, 2 and 3 are not actually groups.
You are looking for the DN Attribute, also called "distinguishedName". You can simply use DOMAIN\DN once you have that.
Edit: For groups, the CN (Common Name) could also work.
The full string from Active Directory normally looks like this:
cn=Username,cn=Users,dc=DomainName,dc=com
(Can be longer or shorter, but the important bit is that the "ou" part is worthless for what you're trying to achieve.
Well, AdExplorer runs on your Local Workstation (which is why I prefer it) and I believe that most users have read access to AD anyway because that's actually required for stuff to work, but I'm not sure about that.
Install the "Windows Support Tools" that is on the Windows Server CD (CD 1 if it's Windows 2003 R2). If your CD/DVD drive is D: then it will be in D:\Support\Tools\SuppTools.msi
This gives you a couple of additional tools to "get at" AD:
LDP.EXE - good for reading information in AD, but the UI kinda stinks.
ADSI Edit - another snap-in for MMC.EXE that you can both browse AD with and get to all those pesky AD attributes you're looking for.
You can install these tools on your local workstation and access AD from there without domain admin privileges. If you can log on to the domain, you can at least query/read AD for this information.
Thanks adeel825 & Michael Stum.
My problem is, though, i'm in a big corporation and do not have access to log in as the domain admin nor to view the active directory, so i guess my solution is to try and get that level of access.

Resources