I have already found out, how I create my own protocol for windows (LINK).
Now I have tried to create such an entry with my QT application, but I have some problems:
I'm not able to write in HKEY_CLASSES_ROOT. I think, I need administrator privileges, but how do I achieve that? I don't want, that my app is always running in Admin-mode.
I don't know, how to write the "(Standard)"-Entries. If I create this entries manually and export them as a reg-file this "(Standard)"-Entries look like
[HKEY_CLASSES_ROOT\myprotocol]
#="URL:SomeDescription"
Is there any possibility to create these entries with Qt's QSettings?
For the QSettings try this.
For the admin rights, NO, admin rights are needed to create the registry entries.
Related
I'm working on a tool that generates .rdp files and then invokes them using Microsoft RDP Client. This tool is running on Mac OS.
Everything works well, the only problem is that I can't figure out of how I can generate 'password 51:b' field properly. On Windows this can be done easily by using CryptProtectData method from Crypt32.dll library. How can I do the same on Mac.
Another option could be to use "rdp://" URL scheme, but it doesn't seem allow to pass password this way.
So the question is how can I implement auto-login on Mac if I use third-party RDP client.
As far as i know you can't. You can however create a "User Account" and a Server configuration and add both to the client. The connection will then be visible on the main window and you just need to double click it.
To do so, you need to add the password to the Keychain, use /usr/bin/security to do so from a script. It needs to be a generic-password and saved in com.microsoft.rdc.macos. Also be sure to generate an ID according to the RDP Clients scheme, like BFF77777-7777-7777-7777-777777777777.
You may also set the permissions to read that key using /usr/bin/security and set-generic-password-partition-list specifying the right teamid (UBF8T346G9) and again com.microsoft.rdc.macos. You need the admin password to do this step.
Then you can alter the RDP Clients config file, which is a .sqlite file located at /Users/$(whoami)/Library/Containers/com.microsoft.rdc.macos/Data/Library/Application Support/com.microsoft.rdc.macos/com.microsoft.rdc.application-data.sqlite. Add the user configuration in the ZCREDENTIALENTITY table and make sure the ZID matches the one added to the keychain.
To add a server configuration you need to alter the ZBOOKMARKENTITY table. Just add a configuration by hand using the UI and look at the table to get a feeling of how it needs to be setup. Basically you link your user configuration with the server configuratio by making sure that ZCREDENTIAL in ZBOOKMARKENTITY matches Z_PK in ZCREDENTIALENTITY of your user configuration.
I know the answer is a bit late, but it may give you a starting point. This will however not fully automate the process, you will still need to go to the UI and double click the connection you want to use.
i have a MSI installation package that is installed as SYSTEM User and adds an active setup entry to the registry. This setup makes sure when a new user(new = that has not executed this setup until now) is logging on msiexec adds all missing registry entries.
In the MSIEXEC i need to do a net use to mount the users home directory. This cannot be done as system user and needs to be done in the user context.
However i seem to be completely unable to detect that the setup is currently running on the user context. Thats why i thought it would be nice to give additional parameters to the StubPath in the active setup entry. I tried NETUSE=1. This however did nothing. The setup just ignored this parameter and uses the parameter given during installation. So NETUSE stays 0.
Any ideas what kind of condition i could use for my custom net-use action?
Why is an MSI mounting a users home directory? I would write a small utility to do all this work and just have the MSI put it in the Run registry key. Install once per machine as System and then when the user logs in the utility gets called and does whatever per-user work you need to have done.
If the installer legitimately needs to populate per user registry data then that is fine to continue the active setup pattern.
You can try to use your own custom action configured to run only when the LogonUser property is different tan SYSTEM.
I try to run the Zenoir project. I got stuck in the first interface because I do not know the access settings for an Administrator Module.
any help?
The problem is solved using the users table in the database and especially by changing one type to 1 which refers to an administrator.
First of all, I realize this is a messy situation, but it's not of my design, and I'm just trying to help, and for that I need your help.
App A is getting installed automatically via SMS installer under the Administrator account, not the PC owner's User account. App A has a registry key defined in HKEY_LOCAL_MACHINE hive.
After App A is installed, we want to edit the above mentioned registry key, to assign the User's C:\Users\USER_ID\Documents\ folder (I'm told we don't don't know who the user is and don't have access to USER_ID during step 1).
I know all about UAC, Application Manifest, and requestedExecutionLevel. However, I'm told we can't expect that all users will be in the Administrators group on their machine.
Solution must be backwards compatible with Windows XP as well.
I'm searching for options to get `C:\Users\USER_ID\Documents\' into the 'HKEY_LOCAL_MACHINE' hive under the above listed conditions.
I found this thread that might be related to a similar situation, but I don't fully understand it yet (so I will give credit to anyone that explain it better):
Find out (read) logged in user in a cmd started as a different user
I also read something that rules out ClickOnce:
Clickonce + HKEY_LOCAL_MACHINE
After App A is installed with admin privileges you are trying to run an additional script as the local user who does not have admin privileges . In order for your secondary script to write to the local machine key it will have to be run with administrative privileges ..period. That said, you have basically two choices:
1) Use the RunAs command to run the script with elevated privileges and have the user type in a admin username and password to run the script with elevated privileges.
2) This is the better way imo - Since SMS is being leveraged as the delivery tool, use its capability to detect and use local client configuration settings to write the key at the time of installation.
So basically the SMS package would have to be setup to run only when the local user logs on one time so that SMS can grab the current user and write it to a file somewhere.. after that is completed SMS can run a separate package as the admin (user will get prompted) to do the software install looking for the file containing the user and then consequently updating the local machine key to the correct user my document path.
Enjoy!
Is it possible to do at least one of the following:
1) Detect a setting of a Local Security Policy (Accounts: Limit local account use of blank passwords to console logon only)
2) Modify that setting
Using Win32/MFC?
Well, I think I figured out how to do the first part (detecting this setting). It's actually located in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
the key is "LimitBlankPasswordUse", if it's 1 then it's Enabled, otherwise Disabled.
So, reading that will at least show me if I need to tell the user to modify it or not. I doubt I can change it though...
I've been down this road before and ended up with:
http://groups.google.com/group/microsoft.public.platformsdk.security/browse_thread/thread/63d884134958cce7?pli=1
I was able to configure User Rights Assignments using the Lsa* functions in advapi32.dll but could never work out how to configure Security Options.
This may be of help though:
http://www.windowsdevcenter.com/pub/a/windows/2005/03/15/local_security_policies.html
http://support.microsoft.com/default.aspx?scid=214752
You could customise a template then run regsvr32 %windir%\system32\scecli.dll from inside your code.
Not elegant but might be a way.