How do I auto-run a program from Pen drive before Windows logs in, starts or even before it boots up?
I want to open command prompt before login. To do this, I tried changing the command prompt name to sethc.exe (sticky keys) which might run before I login into my account and it actually worked, but to do this I must have password and administrator privileges, so without that how could I do it?
Is the program an executable file?
Did you try looking into Windows registry? The following key is where the virus/malware usually attached itself during windows logon. A warning though, any mistake will cause you unable to go into Windows, you have to remotely modify the registry using Bootdisk.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Related
I have a tablet running Windows 10, and I need to lock it down to only run my custom executables.
My launch executable require administrative privileges to perform some functions (e.g. change system clock, start other executables, open/close serial ports) and I have enabled "Run this program as an administrator" in the executable compatibility settings. Launching the application via double-click in an explorer window or via command line, the system is able to launch its other dependent executables and functions correctly.
However, I need to get this executable to launch on log-in, and research suggests replacing the registry key linking to explorer.exe with my own launch.exe to be the simplest approach. I proved this works with notepad.exe, but my launch.exe application doesn't start... I just get a black screen.
What am I missing here to get my own executable to launch?
Attempt Breakdown
By creating a registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell and setting its value to notepad.exe, I can get notepad to start on launch.
When I change the value of the Shell key to C:\Windows\notepad.exe, this works too.
When I change the value of the Shell key to my custom executable, e.g. C:\custom\launch.exe... I get a black screen and no evidence the executable was launched as no log files from my system are generated.
Workaround Solution:
I was able to use Task Scheduler to launch my application with highest privileges, thus side-stepping the problem in the question above.
To disable explorer.exe as required, I replaced the Shell key value with a custom do_nothing.bat script that does (almost) nothing... and thus doesn't trigger explorer.exe. The file cannot be empty as otherwise Windows throws an error.
do_nothing.bat:
rem ---DO SOMETHING TO PREVENT EXPLORER.EXE LAUNCHING---
cd \
Running the very nice BGInfo tool to uniquely identify various computers. However, in trying to run on Windows 2008 Server R2, I am getting following error:
"An error occured opening the Default Desktop registry key. Please ensure the current user has rights to change the Logon Desktop settings: Access is denied."
The program is started via a shortcut placed in "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup", and that shortcut is specifying a .BGI configuration file (versus reading settings from the Registry). Thoughts on why the error happens for user other than the Administrator?
On a more in-depth level, I am curious if anyone knows why BGInfo must open the "default desktop registry key" and what it is updating in the "logon desktop settings" (phrase in quotes taken from the original error message)?
BGInfo needs to update the registry to set a default login desktop for all RDP users.
You need to run BGInfo with elevated privileges initially. That can be done as described by creed929 or by right-clicking on bginfo.exe and running as administrator. Once the settings are saved, subsequent user logins will not need the elevated privilege to see the BGInfo background.
From an administrator account. I was able to right click on bginfo.exe. Go to Compatibility tab and check the Run this program as an administrator. This seemed to then allow me to apply the settings without the Default Desktop registry key error.
I have a VB6 application which links to several POS terminals from a Windows 7 32-bit machine. The POS terminals are mapped to the Windows 7 machine and I can access the POS terminals from the Windows 7 machine from Explorer or via the cmdline/shell.
The application has been updated to ADO 2.8 and all other controls and components I no longer had source code for have been re-written. After a few annoying hiccups, I got the application to recompile on the Windows 7 computer without errors.
Now come the problems. The VB6 application cannot see or navigate to any mapped drives! I have tried twiddling UAC settings; I have set the app to run in Windows XP SP3 mode; I have tried running as Administrator. None of these things (and many permutations of these) work.
Any suggestions on how to make this work?
Adding this registry setting solved the problem for me: http://technet.microsoft.com/en-us/library/ee844140%28v=ws.10%29.aspx.
To work around this problem, configure the EnableLinkedConnections
registry value. This value enables Windows Vista and Windows 7 to
share network connections between the filtered access token and the
full administrator access token for a member of the Administrators
group. After you configure this registry value, LSA checks whether
there is another access token that is associated with the current user
session if a network resource is mapped to an access token. If LSA
determines that there is a linked access token, it adds the network
share to the linked location. To configure the EnableLinkedConnections
registry value
Click Start, type regedit in the Start programs and files box, and
then press ENTER.
Locate and then right-click the registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
Point to New, and then click DWORD Value.
Type EnableLinkedConnections, and then press ENTER.
Right-click EnableLinkedConnections, and then click Modify.
In the Value data box, type 1, and then click OK.
Exit Registry Editor, and then restart the computer.
I believe you are having trouble because casual drive mapping is per-user, and on a UAC system Administrators group users have two separate contexts (one for each token: SU & elevated).
There is such a thing as a system level drive mapping, which is one done under the System user (NT Authority\System). When you map a drive under this account, and map it persistently, all users can see and use the mapping (subject to the usual access rights for files there).
The normal way you do this is via Domain-level GPOs (Group Policy Objects), which means bribing your local box jockeys if in a corporate managed LAN environment.
One way to do this in a Workgroup machine is to map the letter as System via the AT command, from an elevated command prompt:
at 8:53 am "net use m: \\MediaShare\MyLibrary
ThePW /user:MediaShare\TheUser /persistent:yes > nul"
There the remote server is MediaShare, user TheUser, password ThePW, and 8:53 AM is a minute or two in the future to avoid accidentally scheduling this for tomorrow.
But this fails on Vista and later due to Session 0 Isolation!
So... use the 3rd alternative at Run CMD.exe as Local System Account which is the same thing mentioned by ForcePush's reply to How to map a network drive to be used by a service.
I believe that's what you are after here.
don't know if you ever figured this one out but for me it was the ChDir command (even with the registry fix above).
I had in my code
ChDir "P:\Temp\VidCap\Cam1\" 'I almost never use ChDir
Open "list.txt" For Output As #1
and all the VB6 inbuilt file commands looked straight though any operations, no errors, no nothing. I solved it by explicitly having the path, (in my code it was in a string but you could have it explicitly):
dd = "P:\Temp\VidCap\Cam1\"
Open dd & "list.txt" For Output As #1
works as expected.
hope this helps
H
Try this:
Open command prompt as administrator, and type this in:
net use Z: \\IP Address\share /user:you passwd /persistent:Yes
Change "IP Address", the "share" name, and your username and password as needed.
The author of this is howtogeek (source).
I had same problem. VB6 kept crashing when trying to access USB and mapped drives using the Commondialog method, even though the drives and files were all accessible OK via Explorer. Problem is the drives were not set as shared.
Solved by selecting the connected USB drive in explorer and then right click to
select Properties.
Select Sharing Tab
Select Advanced Sharing
Set the sharing and user rights as needed. May need to have local admin rights.
In matlab, I used a windows standalone application. There is a line in this application that writes a file in C:\...\...\. When I run the output exe file produced from this windows standalone application, the exe doesn't write in C:\...\...\ neither tells me that there is a security issues in that partition. All the execution does is nothing. But, when I right-click and run the exe as administrator, it runs correctly.
I want to do it without right-click and run as administrator. Are there is a command in matlab that can do that?
If you create a shortcut to your application, you can go to the Properties of the shortcut, click on Advanced in the Shortcut tab, and select "Run as administrator". That way, whenever you start the application from the shortcut it will be run as an administrator.
(Disclaimer: applications really shouldn't "foul their own nest" by writing into Program Files. This is bad design.)
Starting from Vista, unprivileged processes are not allowed to write to protected folders such as Program Files, because Program Files is designed to store code and not data. However, since this limitation has not been enforced in XP, MS has provided a backward-compatibility hack in the form of Virtual Store. Now, when a program tries to write to protected folder, its output is being redirected into a dedicated folder. This way, the program still "thinks" it writes to its usual location, while in fact it writes to an unprotected location. However, when you later check the Program Files location, you might not see the file - because it's not really there.
You can find more details here: User Account Control Data Redirection.
If you are administrator, add full control permission for your username to the destination folder. You do that by right clicking on the folder, going to properties and then security tab. Then edit and add you username with Full Control rights. Then you don;t have to run the the program as an administrator.
There is no way you can elevate a process once it is started, so Matlab cannot possibly have a command for that. Just running Matlab elevated.
Does anybody know if there is a feasible way on Windows XP to programmatically create and configure a user account so that after logging in from the console (no terminal services) a specific app is launched and the user is "locked" to that app ?
The user should be prevented from doing anything else with the system (e.g.: no ctrl+alt+canc, no ctrl+shift+esc, no win+e, no nothing).
As an added optional bonus the user should be logged off when the launched app is closed and/or crashes.
Any existing free tool, language or any mixture of them that gets the job done would be fine (batch, VB-script, C, C++, whatever)
SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon has two values
UserInit points to the application that is executed upon successful logon. The default app there, userinit.exe processes domain logon scripts (if any) and then launches the specified Shell= application.
By creating or replacing those entries in HKEY_CURRENT_USER or in a HKEY_USERS hive you can replace the shell for a specific user.
Once you ahve your own shell in place, you have very little to worry about, unless the "kiosk user" has access to a keyboard and can press ctrl-alt-del. This seems to be hardcoded to launch taskmgr.exe - rather than replacing the exe, you can set the following registry key
[SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
Debugger="A path to an exe file that will be run instead of taskmgr.exe"
I guess you're building a windows kiosk?
Here's some background in replacing the windows login shell - http://blogs.msdn.com/embedded/archive/2005/03/30/403999.aspx
The above link talks about using IE as the replacement, but any program can be used.
Also check out Windows Steady State - http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx