Running the very nice BGInfo tool to uniquely identify various computers. However, in trying to run on Windows 2008 Server R2, I am getting following error:
"An error occured opening the Default Desktop registry key. Please ensure the current user has rights to change the Logon Desktop settings: Access is denied."
The program is started via a shortcut placed in "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup", and that shortcut is specifying a .BGI configuration file (versus reading settings from the Registry). Thoughts on why the error happens for user other than the Administrator?
On a more in-depth level, I am curious if anyone knows why BGInfo must open the "default desktop registry key" and what it is updating in the "logon desktop settings" (phrase in quotes taken from the original error message)?
BGInfo needs to update the registry to set a default login desktop for all RDP users.
You need to run BGInfo with elevated privileges initially. That can be done as described by creed929 or by right-clicking on bginfo.exe and running as administrator. Once the settings are saved, subsequent user logins will not need the elevated privilege to see the BGInfo background.
From an administrator account. I was able to right click on bginfo.exe. Go to Compatibility tab and check the Run this program as an administrator. This seemed to then allow me to apply the settings without the Default Desktop registry key error.
Related
i am developing a desktop application.
how can i make it to always run as admin for non-admin user without UAC and admin password by making change in windows registry.
windows change registry option would be preferred but if there is any other option please tell.
any help will be appreciated
thanks
There is no such feature. The point of UAC is to ensure the user is aware that the program being started will have access to admin privileges. If there were a way to turn that off, then malware would do it.
The user can disable the UAC prompts via a control panel setting, but not for a particular program.
If your program always requires admin privileges to do what it needs to do, you should have an entry in its manifest. Modern versions of Visual Studio have options in the project settings for the executable for setting common items like this in the manifest automatically.
I'm using Windows Server 2012, and I want to disable the cmd and the PowerShell for the clients. I've searched in the Group Policies but i didn't find where I can do this. Please can somebody help me?
Disable access to powershell:
In the Group Policy window for those users, on the left-hand side, scroll down to User Configuration > Administrative Templates > System > Don’t run specified Windows applications.
In the properties window that opens, click the “Enabled” option and then click the “Show” button.
In the “Show Contents” window add --> powershell.exe
User Cfg - Admin Templates - System - Prevent access to the command prompt
Prevents users from running the interactive command prompt, Cmd.exe. This setting also determines whether batch files (.cmd and .bat) can run on the computer.
If you enable this setting and the user tries to open a command window, the system displays a message explaining that a setting prevents the action.
Note: Do not prevent the computer from running batch files if the computer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Terminal Services.
I have no idea about powershell anything.
I have a VB6 application which links to several POS terminals from a Windows 7 32-bit machine. The POS terminals are mapped to the Windows 7 machine and I can access the POS terminals from the Windows 7 machine from Explorer or via the cmdline/shell.
The application has been updated to ADO 2.8 and all other controls and components I no longer had source code for have been re-written. After a few annoying hiccups, I got the application to recompile on the Windows 7 computer without errors.
Now come the problems. The VB6 application cannot see or navigate to any mapped drives! I have tried twiddling UAC settings; I have set the app to run in Windows XP SP3 mode; I have tried running as Administrator. None of these things (and many permutations of these) work.
Any suggestions on how to make this work?
Adding this registry setting solved the problem for me: http://technet.microsoft.com/en-us/library/ee844140%28v=ws.10%29.aspx.
To work around this problem, configure the EnableLinkedConnections
registry value. This value enables Windows Vista and Windows 7 to
share network connections between the filtered access token and the
full administrator access token for a member of the Administrators
group. After you configure this registry value, LSA checks whether
there is another access token that is associated with the current user
session if a network resource is mapped to an access token. If LSA
determines that there is a linked access token, it adds the network
share to the linked location. To configure the EnableLinkedConnections
registry value
Click Start, type regedit in the Start programs and files box, and
then press ENTER.
Locate and then right-click the registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
Point to New, and then click DWORD Value.
Type EnableLinkedConnections, and then press ENTER.
Right-click EnableLinkedConnections, and then click Modify.
In the Value data box, type 1, and then click OK.
Exit Registry Editor, and then restart the computer.
I believe you are having trouble because casual drive mapping is per-user, and on a UAC system Administrators group users have two separate contexts (one for each token: SU & elevated).
There is such a thing as a system level drive mapping, which is one done under the System user (NT Authority\System). When you map a drive under this account, and map it persistently, all users can see and use the mapping (subject to the usual access rights for files there).
The normal way you do this is via Domain-level GPOs (Group Policy Objects), which means bribing your local box jockeys if in a corporate managed LAN environment.
One way to do this in a Workgroup machine is to map the letter as System via the AT command, from an elevated command prompt:
at 8:53 am "net use m: \\MediaShare\MyLibrary
ThePW /user:MediaShare\TheUser /persistent:yes > nul"
There the remote server is MediaShare, user TheUser, password ThePW, and 8:53 AM is a minute or two in the future to avoid accidentally scheduling this for tomorrow.
But this fails on Vista and later due to Session 0 Isolation!
So... use the 3rd alternative at Run CMD.exe as Local System Account which is the same thing mentioned by ForcePush's reply to How to map a network drive to be used by a service.
I believe that's what you are after here.
don't know if you ever figured this one out but for me it was the ChDir command (even with the registry fix above).
I had in my code
ChDir "P:\Temp\VidCap\Cam1\" 'I almost never use ChDir
Open "list.txt" For Output As #1
and all the VB6 inbuilt file commands looked straight though any operations, no errors, no nothing. I solved it by explicitly having the path, (in my code it was in a string but you could have it explicitly):
dd = "P:\Temp\VidCap\Cam1\"
Open dd & "list.txt" For Output As #1
works as expected.
hope this helps
H
Try this:
Open command prompt as administrator, and type this in:
net use Z: \\IP Address\share /user:you passwd /persistent:Yes
Change "IP Address", the "share" name, and your username and password as needed.
The author of this is howtogeek (source).
I had same problem. VB6 kept crashing when trying to access USB and mapped drives using the Commondialog method, even though the drives and files were all accessible OK via Explorer. Problem is the drives were not set as shared.
Solved by selecting the connected USB drive in explorer and then right click to
select Properties.
Select Sharing Tab
Select Advanced Sharing
Set the sharing and user rights as needed. May need to have local admin rights.
No matter how I open it, cmd.exe always opens with admin privileges. How can I open it without? Is there some registry setting missing? Even if I open it directly from the run dialog or by double clicking in the system32 folder it still opens with admin privs.
Thanks.
Found out I was missing a registry key. In HKEY_CLASSES_ROOT\Directory\shell\cmd I was missing the String Value "Extended". Added this back in and restarted the machine got rid of the defaulting to admin privileges.
EDIT: I had UAC turned off for my profile (to stop incessant "are you sure you want to open this .exe" warnings), and turning that back on has stopped cmd always running with greater privileges.
After some unclear actions (switch UAC on/off ?) I ended up in the same situation as described above:
Cmd.exe always starts in Adminstration mode.
Linking in VS failed with the message:
Project : error PRJ0003 : Error spawning 'C:\windows\system32\cmd.exe'.
The Properties | Compatibility tab is greyed out, so switching this off seems impossible (Compatibility modes cannot be set on this program because it is part of this version of Windows).
To recover from this situation you have to edit the registry to remove the RUNASADMIN preferences that is associated with cmd.exe.
The 'RUNASADMIN' preference is stored in these registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
Delete the values named c:\windows\system32\cmd.exe and you are back in business !
Kees
Right click on the cmd.exe, select properties and check the compatibility tab. Is the Run this program as an administrator checkbox checked?
This is only happening because you're logged in as a user with administrative privileges.
Since doing so defeats the entire Windows security model, you shouldn't be doing that in the first place. Create a standard user account and log in with that, instead. The command prompt should then not open with administrative privileges since you don't have administrative privileges.
If, as a standard user, you need to open a command prompt with administrative privileges, you'll need to right-click on the shortcut and select the "Run as Administrator" option (just look for the UAC shield). You'll need to provide sufficient credentials to authenticate yourself as an administrator, and then you'll have the authority to wreak whatever havoc you wish.
Found a way to run as a specific user even when UAC is turned off from http://www.sevenforums.com/general-discussion/235987-run-cmd-exe-given-user-administrator-command-line.html
This is the way to start cmd.exe as any user. Replace "username" with the correct one:
cmd.exe> runas /user:username "cmd.exe"
Right click on the cmd shortcut, navigate to properties, select advanced options and uncheck the 'Run as admin' option.
Check this video for better understanding - https://www.youtube.com/watch?v=3Mxh5TNSIl8&list=PLg8CURsOKswrzPs9fMhnmdy9TP7AkOOX1&index=1
i am using Vista . I designed MSi file through Visual Studio 2008 Setup and deployment project in which I added one custom action. In the custom action, I am opening OpenFile dialog. This Open File dialog is not showing mapped drive or network locations. so how can i make the open file dialog to mapthe network drives.
This is a known problem with Vista User Account Control. When your installation program is started, the non-admin session of the user is elevated to an admin session. The problem is: Network drives mapped in the non-admin session of the user do not automatically carry over to the admin session.
Unfortunately, there is not much you can do about it. (You can start an elevated command prompt prior to starting your setup project and manually net use the drive letters there, but I guess that's not something you can expect your customers to do.)
Related question: Preserve mapped drive letter information during UAC elevation