I am referring specifically to windows 7.
I have code that associates a certain extension with my application as proposed by webJose on the following page:
What registry keys are responsible for file extension association?
(However i correctly write to HKEY_CURRENT_USER\Software\Classes instead of HKEY_CLASSES_ROOT as suggested)
The above works initially, or if there are no other programs associated with the extension. However after using the Windows 7 built-in "Choose default program..." (found under the file-right-click context menu under "Open with") it re-associates the extension with whatever new program you choose.
What happens at this point is that "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\\UserChoice" is changed by the system, and so the newly selected program takes over.
Running the above code, to regain control over the extension will not work. The only way to regain control, is by either:
Editing the UserChoice -> Progid value, which is not allowed (neither programmatically nor using regedit.exe - access denied).
Or deleting the UserChoice value and making sure your application is the first in the MRUList value under \OpenWithList (this can be achieved using regedit.exe but not programmatically)
My question is: Is there a way to achieve this programmatically? What registry values can be changed to regain control of an extension, after is associated with another program?
I know it might seem obvious that if a user through explorer sets the associated application to an extension, that it would be expected to do it the same way again to re-associate the extension to a different application.
The problem however is I have a button in my application that uses the above mentioned code to check for extension association with my application. Unfortunately with the above situation, my application displays a message confirming that the extension is already successfully associated when its not! So is there a way around this?
Deleting UserChoice should revert the default program to the standard file association keys (which starts with the ProgID in HKCU). Barring that you could also delete OpenWithList, which would be reverting with extreme prejudice.
Edit:
Check out Registry Key Security and Access Rights on MSDN, particularly the RegSetKeySecurity function. Remember that you'll need to grant yourself administrative control to the key before you can delete it.
Well regarding file assoc in Window 7 a new 'problem' araised.
It's one of this: You've to fight for your rights.
Assuming you like to run
REG.exe DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice" /f /va
You'll get ACCESS DENYED.
When you check security setting of the key in Regedit 'UserChoice' you'll see that there's a setting windows made for you, to deny 'set' for the current user. Well you maybe change/delete this setting in regedit and now you can delete UserChoice.
However for programmer/scripters that setting is a little bitchy since there are now real tools to set ACLs in the registry. However here some workaround that at allows to delete keys with ACCESS DENYED (of course this only works incase you've the right to change permissions):
ResetMovAssoc.cmd
::create 'empty.hiv'
REG ADD "HKCU\emptyKey" /f
REG SAVE "HKCU\emptyKey" empty.hiv /y
#REG DELETE "HKCU\emptyKey" /f >nul
::^-note you can add #[...] >nul to the other entries as well to run them quite
:: Delete Reg key by replacing it with an empty hiv
REG RESTORE "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov" empty.hiv
del empty.hiv
To summarize this the major thing here is REG RESTORE + Registry hive file containing just and empty key.
In Regedit that'll equivalent to Import' with a just an empty registry structure file (Note: that's a hive file and not a *.reg file).
My solution was not to try to delete the UserChoice key (only administrators can do it), but to delete the key the ProgId is pointing to. If the user made a choice in the past the ProgId has a value like Applications\*.exe. The non-admin can delete the key in a batch:
REG DELETE HKCR\Applications\*.exe /f
This might be a bit of a hack, but worked for me.
Also on Windows 10, this command can't work:
Reg.exe delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v" /f
The solution is to delete the SID key by running a BAT file under TrustedInstaller (with NSudo, PowerRun, etc):
for /f "delims=\ tokens=2" %%A in ('reg query hku ^| findstr /i "S-1-5-21-" ^| findstr /v /i "_Classes"') do set SID=%%A
Reg.exe delete "HKU\%SID%\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v" /f
P.S.: Thanks to #SecurityAndPrivacyGuru for sharing the SID detection command.
Related
I'd like to reset a file association, created using the "Open With" dialog.
I am on Windows 7 ULT.
I have associated *.part files with VLC.exe an I can see that this association is accomplished by a special "UserChoice" entry under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.part.
However I can only see this by a special registry search tool that browses the registry keys and values using the Win32 API. I can not see the entry in the "Windows Registry Editor" aka RegEdit.
Regedit indirectly knows this key, because if I try an create a new reg key with the path HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.part RegEdit says that the key .part already exists (which is true).
Also I can delete this key using the cmdline tool reg.exe by:
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.part" /f /va
If the key wouldn't exist reg.exe would print out an err msg.
Anyhow the key isn't really actually deleted because I can repeat the command over and over again which indicates that the key is still there. Also in Windows Explorer if I select a *.part file and check the file association it says it's still associated with VLC.exe. So it seems to be recretaed immediately anytime i gtes deleted, which indicates a protection mechanism.
So the simple questions is:
How can I really delete this Registry entry and how can I reset this file association?
And, optionally, how can I make RegEdit display it?
I do not want to change it using the "Open With" dialog, because it would create yet another UserChoice entry under ...FileExt.part
But my goal is to add multiple Commands to .part files that I can select with the right click context menu.
This used to work by simply associating the extension with a progid and adding the commands you want to the ProgId's Shell subkey.
Any one any clues?
For what it's worth...
I finally found the reason why the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.part was not displayed in my local RegEdit install.
And why I thus could not modify / delete it using RegEdit.
For whatever reason in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\ I had reg sub keys with square brackets in their name, like: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.02]
Since RegEdit seems to use this character as a meta character to denote the end of a key name, it didn't seem to have managed displaying all subsequent subkeys properly. It only showed those that alphabetically came before the first key with a ']' in its name.
I realized this by exporting the whole FileExt key into a reg file.
And I also could remove these junk entries with a reg file.
As for how to delete reg entries using reg files see: How to delete registry subkeys using a .reg file
So now I finally could add the additional entries to the part_auto_file key
and the show up in the context menu and even execute. Cheerio. 🤣
So What I need is for when cmd.exe is open run a MsgBox and close cmd.exe
such as:
' Code for when cmd.exe loads
MsgBox("Command Prompt Disabled")
' closes command prompt
Thanks!
I need actual code
Don't use a vbscript to do this.... use a GPO.. because if someone disables that script your security control is broken.
If you're editing for a single user/single machine...
It might be faster to write a registry vb script or batch file with your control instead of using a GPO for each user you don't want using it. Create the system key if system does not exist in the Windows Key. The Caveat, is you have other controls that won't prevent disabling this with about 5-minutes of Google Searching.
reg add "HKCU\Software\Policies\Microsoft\Windows\System"
reg add "HKCU\Software\Policies\Microsoft\Windows\System" /t REG_DWORD /v DisableCmd /d 2
Using Gpedit or OU-Level assigned policies for Non-Admins
User configuration\Administrative Templates\System\Prevent access to the command prompt
Other policies to consider adding to Non-Admin User groups.
User configuration\Administrative Templates\System\Prevent access to registry editing tools
User configuration\Administrative Templates\System\Don't run specified Windows Applications
Overview:
I just have a quick question about the ability to remap keys for a single user in in the registry:
Resources used:
ASCII table used:
http://www.csee.umbc.edu/portal/help/theory/ascii.txt
https://superuser.com/questions/694465/remapping-a-keyboard-key-in-windows-8-1
Which pointed me towards: http://www.howtogeek.com/howto/windows-vista/disable-caps-lock-key-in-windows-vista/
Attempt:
That tutorial talked about making remapping keys at the machine level via:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout
So I thought to myself what the hell I would just try the same thing under: HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Keyboard Layout
Unfortunately and somewhat expected it did not work:
reg add "HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /f /d 00000000000000000400000012005b005b00A200A200120000000000
^^^ This was supposed to switch: ^^^
the recognized windows key to the control key
the recognized alt key to the windows key
the recognized control key to the alt key
I even killed explorer.exe via power-shell:
taskkill.exe -im explorer.exe /f | Out-Null; start explorer.exe
Questions:
Is what I am trying to to even possible for a single user?
If it is how would I accomplish this without third party software?
That registry key is used by the keyboard driver. It reads it when it starts up. So killing Explorer has no effect, you'll have to reboot to make changes effective. Use shutdown.exe -r. Restarting the driver without a reboot is not possible.
Do beware that hacking this key is fairly dangerous, you can lose control over the machine when you make a mistake. I recommend KeyTweak, it has let me put the Ctrl key where it belongs for the past 10 years.
If it was to work, it would hypothetically have been in the HKEY_CURRENT_USER\Keyboard Layout key in the Registry. However, in the section "Scan code mapper for keyboards" in "Keyboard and mouse class drivers", it is noted:
"The mappings stored in the registry work at system level and apply to all users. These mappings cannot be set to work differently depending on the current user."
so it seems impossible to do mapping this way per-user. (It is the keyboard driver that reads this setting and does the translation, not the session manager).
For people finding this from an Internet search.
Microsoft PowerToys includes a tool for remapping keys for a user.
Probably safer than directly editing the registry.
https://github.com/microsoft/PowerToys
I'm writing a batch script and I have searched everywhere for a way to do this. I want to turn UAC all the way up (you know, the slider) via my batch script. I've already tried turning it on and off with this:
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 2 /f
But I can't find a way to turn it up! Please help! There has to be a way!
UAC slider is controlled by combination of several registry values. See this question: Set UAC Level with PowerShell. So, set desired UAC level, write down values for mentioned registry keys and apply them with reg.exe.
One of the projects I work on need to read a registry key in order to determine some value. Usually the value will be written during installation.
Because I want to run the project locally as well (without installation) I want to write that value after the build has finished.
Is there a simple way I can do that?
Searching the web I've found this cool tool that comes with windows called REG.EXE
Using it from within VS is simple - REG ADD HKLM\SOFTWARE\\ /v NUnitDir /t REG_SZ /d /f
You can create a small program that creates your registry key and call that program in the post build event.
Edit
If you can extract your registry settings to a file, you can add this to you post build event:
regedit /s $(ProjectDir)test.reg
/s makes it silent.