Jump to content
Sign in to follow this  
barrikid

Creating and editing a registry entry and Permissions

Recommended Posts

barrikid

I am trying to create anti-procrastination software, basically by utilizing the DisallowRun parameter in the Group Policy. I am adding registry values into the register to add the programs I want disallowed through the restricted.txt file (each line in the file is a program I want to disallow)

So, this is what I have so far and it does work, but There was a time that it didn't, and the only reason is because of permissions.

;Anti-Procrastinator V0.1

;Checks version of windows, if 32x or 64x
Dim $registryKey
If @OSType = "WIN32_NT" Then
   $registryKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
EndIf

Dim $restrictionFile

startup()

Func startup()
   RegWrite($registryKey, "DisallowRun", "REG_DWORD", 1)
   $registryKey &= "\DisallowRun"
   addToReg()
EndFunc

;Adds programs in Restricted.txt into the registry
Func addToReg()
   $restrictionFile = FileOpen("Restricted.txt")
   Dim $str = FileReadLine($restrictionFile), $count = 1
   While Not @error
      While $str <> ""
         RegWrite($registryKey, ""&$count, "REG_SZ", $str)
         $str = FileReadLine($restrictionFile)
         $count += 1
      WEnd
   WEnd
   FileClose($restrictionFile)
EndFunc

;...

What I had to do, to get this working, is go into the registry and manually set the Explorer folders permissions to full access for my account. If I use #REQUIREADMIN it will work (assuming that access is given, but I don't want to ask for admin privileges, well, unless I can brute force a yes). I have also noticed in other posts, it doesn't mention you need to change permissions, something I had to piece together myself!

So, what I want to know, is how to I get the permissions to be full control to me, without having to manually set them. Or be able to brute force admin rights (which I don't think is possible)

Share this post


Link to post
Share on other sites
orbs

you will need to set the permission at least once (assuming nothing reverts the permissions to default). you can accomplish this with the ACL UDF here: https://www.autoitscript.com/forum/topic/134508-set-acl-permissions-udf/

that will require elevation once at first run, but unless you are domain admin, i see no way to overcome this (and actually i think there shouldn't be one).

b.t.w you should have noticed it, along with several other related topics, in the forum search.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • cahsobo
      By cahsobo
      Hello,

      I need help inserting these keys and values to registry
       
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\WK.1.exe]
      "Flags"=hex:00,08,00,00
      "ID"=hex:ec,33,74,3b
       
      Still can't figure out how...
    • nitron
      By nitron
      Hy to all, 
      I am really Sorry to come up with this question but i can't seem to solve the Problem.
      Its quite easy, I have been using RegNumKey for Years, but i seemed to lose track of something.
      For $ZaehlerLocal = 1 to 1200
            $RegKey = RegEnumKey("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall", $ZaehlerLocal)
            If @error <> 0 then ExitLoop
            $RegKey2=RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\"&$RegKey,"DisplayName")
            $RegKey3=RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\"&$RegKey,"UninstallString")
            $RegKey4=RegRead("HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\"&$RegKey,"QuietUninstallString")

            if StringInStr($RegKey,"_Office15")==0 and StringInStr($RegKey2,"(German) 2013")==0 and StringInStr($RegKey,".KB")==0 and StringInStr($RegKey2,"Security update")==0 and StringInStr($RegKey2,"Framework")==0 Then
              FileWrite($FileHandleLocal,$RegKey&";")
              FileWrite($FileHandleLocal,$RegKey2&";")
              FileWrite($FileHandleLocal,$RegKey3&";")
              FileWriteline($FileHandleLocal,$RegKey4&";")
           EndIf
         Next
       
      Ive been using this to get all uninstall Strings from the Registry but for some reason, this doesn't work anymore. 
      I get some keys but not all, nore does it start with the first registry.
      As you can see in the picture, the Registry starts with {13DA9C7C-EBFB-40D0-94A1-55B42883DF21}
      but RegNumKey starts with Adressbook.
      Any Ideas what I am doing wrong? I tried HKLM64 instead as well, but with same result.
      Again sorry to bother, but i can't Find the mistake.
       

    • DrLarch
      By DrLarch
      Curious if anyone knows if the permissions UDF can be used with certificates and if so, how.
      This is the code in the UDF for $_SE_OBJECT_TYPE which doesn't state anything about certs and not sure if it would fall under one of the object types listed:
      Global Enum _ ;$_SE_OBJECT_TYPE $SE_UNKNOWN_OBJECT_TYPE = 0, _ ;Unknown object type. $SE_FILE_OBJECT, _ ;Indicates a file or directory. Can be an absolute path, such as FileName.dat, C:\DirectoryName\FileName.dat, or a handle to an opened file $SE_SERVICE, _;Indicates a Windows service. A service object can be a local service, such as ServiceName, or a remote service, such as \\ComputerName\ServiceName, or a handle to a service $SE_PRINTER, _;Indicates a printer. A printer object can be a local printer, such as PrinterName, or a remote printer, such as \\ComputerName\PrinterName. $SE_REGISTRY_KEY, _;Indicates a registry key. The names can be in the format 'HKLM\SOFTWARE\Example', or 'HKEY_LOCAL_MACHINE\SOFTWARE\Example'. It can also be a handle to a registry key $SE_LMSHARE, _;Indicates a network share. A share object can be local, such as ShareName, or remote, such as \\ComputerName\ShareName. $SE_KERNEL_OBJECT, _;Indicates a local kernel object. All types of kernel objects are supported. ie, A process handle obtained with _Permissions_OpenProcess $SE_WINDOW_OBJECT, _;Indicates a window station or desktop object on the local computer. $SE_DS_OBJECT, _;Indicates a directory service object or a property set or property of a directory service object. e.g.CN=SomeObject,OU=ou2,OU=ou1,DC=DomainName,DC=CompanyName,DC=com,O=internet $SE_DS_OBJECT_ALL, _;Indicates a directory service object and all of its property sets and properties. $SE_PROVIDER_DEFINED_OBJECT, _;Indicates a provider-defined object. $SE_WMIGUID_OBJECT, _;Indicates a WMI object. $SE_REGISTRY_WOW64_32KEY;Indicates an object for a registry entry under WOW64. ;$_SE_OBJECT_TYPE What I'm trying to do is add another user to a cert in Certificates (Local  Computer) > Personal > Certificates as if using the "manage private keys" command via the MMC.
      Thanks...
    • Simpel
      By Simpel
      Hi,
      I wondered why negative integers I wrote into registry (e.g. negative x-coordinates of a gui if using two monitors and the right one is the main one) wouldn't return right when reading. Now I know: it is saved as an unsigned integer (without algebraic sign). So here is a snippet that is changing unsigned to signed integer:
      Global Const $g_sRegKey = "HKEY_CURRENT_USER\Software\" & @ScriptName ; path to registry RegWrite($g_sRegKey, "Value", "REG_DWORD", -2147483647) ; write some negative integer into registry; -2147483647 highest possible negative integer , 2147483648 highest possible positive integer if talking of 32bit Local $sValue = RegRead($g_sRegKey, "Value") ; read out registry ConsoleWrite("Value: " & $sValue & @CRLF) ; show real value in console Local $sResult = _SignedInteger($sValue) ; change to signed value ConsoleWrite("Result: " & $sResult & @CRLF) ; and show it in console Func _SignedInteger($iUnsignedInteger) Local $iSignedInteger If $iUnsignedInteger > (2^31) Then ; then it means a negative integer $iSignedInteger = $iUnsignedInteger - (2^32) Else $iSignedInteger = $iUnsignedInteger EndIf Return $iSignedInteger EndFunc It took me some time to find out the problem and so I hope I can help somebody with this.
      Regards, Conrad
    • GreenSparks
      By GreenSparks
      Hi!
      I post here because i was wonderring if someone in this forum could help me with my script.
      What i'm trying to do, is to basically install a new keyboard layout in Windows and activate it. I want to acheive by the registry or the command line, but not with the autoit automation tools, i don't find it stable...
      Thanks for your help and have a good day!
×