Jump to content
Sign in to follow this  
barrikid

Creating and editing a registry entry and Permissions

Recommended Posts

I am trying to create anti-procrastination software, basically by utilizing the DisallowRun parameter in the Group Policy. I am adding registry values into the register to add the programs I want disallowed through the restricted.txt file (each line in the file is a program I want to disallow)

So, this is what I have so far and it does work, but There was a time that it didn't, and the only reason is because of permissions.

;Anti-Procrastinator V0.1

;Checks version of windows, if 32x or 64x
Dim $registryKey
If @OSType = "WIN32_NT" Then
   $registryKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
EndIf

Dim $restrictionFile

startup()

Func startup()
   RegWrite($registryKey, "DisallowRun", "REG_DWORD", 1)
   $registryKey &= "\DisallowRun"
   addToReg()
EndFunc

;Adds programs in Restricted.txt into the registry
Func addToReg()
   $restrictionFile = FileOpen("Restricted.txt")
   Dim $str = FileReadLine($restrictionFile), $count = 1
   While Not @error
      While $str <> ""
         RegWrite($registryKey, ""&$count, "REG_SZ", $str)
         $str = FileReadLine($restrictionFile)
         $count += 1
      WEnd
   WEnd
   FileClose($restrictionFile)
EndFunc

;...

What I had to do, to get this working, is go into the registry and manually set the Explorer folders permissions to full access for my account. If I use #REQUIREADMIN it will work (assuming that access is given, but I don't want to ask for admin privileges, well, unless I can brute force a yes). I have also noticed in other posts, it doesn't mention you need to change permissions, something I had to piece together myself!

So, what I want to know, is how to I get the permissions to be full control to me, without having to manually set them. Or be able to brute force admin rights (which I don't think is possible)

Share this post


Link to post
Share on other sites

you will need to set the permission at least once (assuming nothing reverts the permissions to default). you can accomplish this with the ACL UDF here: https://www.autoitscript.com/forum/topic/134508-set-acl-permissions-udf/

that will require elevation once at first run, but unless you are domain admin, i see no way to overcome this (and actually i think there shouldn't be one).

b.t.w you should have noticed it, along with several other related topics, in the forum search.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • By joseLB
      Hi
      This piece of code creates and reads OK a key at  "HKEY_LOCAL_MACHINE" and can be changed for a key at "HKEY_CURRENT_USER"
      $sta= RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor", "wav", "REG_SZ", "5555") MsgBox(4096,"wrote", $sta &@cr& @error) $zz= RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor", "wav") MsgBox(4096,"readed","="&$zz &@cr& @error) Exit With  HKEY_CURRENT_USER, in RegEdit we can see the created key, and we can create the key by hand/RegEdit and everything Works OK.
      At  HKEY_LOCAL_MACHINE we can´t see the created key above  thru RegEdit, but it Works (even not seeing, I can read). But  if I create "by hand"/RegEdit  the key,  it can´t read it with   $zz= RegRead  ("HKEY_LOCAL_MACHINE.... above.
      I´m the PC´s WIN.7 administrator. Even so I ran RegEdit as administrator and also the compiled AU3 and also plain. No changes.
      edit: even if Try   "HKEY_LOCAL_MACHINE\SOFTWARE\AAA", "wav", the same holds true.
      $sta= RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\AAA", "wav", "REG_SZ", "4444") MsgBox(4096,"wrote", $sta &@cr& @error) $zz= RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\AAA", "wav") MsgBox(4096,"readed","="&$zz &@cr& @error) Exit Seems that it creates this key at another place.... I can read the above value ("4444"), even after a boot, even the key not showing in regedit. And if I create it by hand key AAA/wav with a distinct value (666), t, it continues Reading the old value = 444.
      Thanks
      Jose
       
    • By nacerbaaziz
      good morning everybody.
      today i liked to share an small example with you
      which it an function to read the registry values as an array
      the result array is 2d array witch
      $a_array[n][0] = value name
      $a_array[n][1] = value Data
      $a_array[0][0] = values count
      here's the function

      #include <Array.au3> #include <WinAPIReg.au3> #include <APIRegConstants.au3> Local $a_array = _RegReadToArray("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run") If @error Then     MsgBox(16, "error", @error)     Exit EndIf _ArrayDisplay($a_array) Func _RegReadToArray($s_RegKey)     Local $a_KeySplitInfo = StringSplit($s_RegKey, "\\", 2)     If UBound($a_KeySplitInfo) <= 1 Then         $a_KeySplitInfo = StringSplit($s_RegKey, "\", 2)         If UBound($a_KeySplitInfo) <= 1 Then Return (1, 1, 0)     EndIf     Local $H_KeyInfo = "", $s_RegKeyInfo = ""     Switch $a_KeySplitInfo[0]         Case "hklm", "HKEY_LOCAL_MACHINE", "hklm64", "HKEY_LOCAL_MACHINE64"             $H_KeyInfo = $HKEY_LOCAL_MACHINE         Case "hkCu", "HKEY_CURRENT_USER", "hkCU64", "HKEY_CURRENT_USER64"             $H_KeyInfo = $HKEY_CURRENT_USER         Case "hkCr", "HKEY_CLASSES_ROOT", "HKCR64", "HKEY_CLASSES_ROOT64"             $H_KeyInfo = $HKEY_CLASSES_ROOT         Case "HKU", "HKEY_USERS", "HKU64", "HKEY_USERS64"             $H_KeyInfo = $HKEY_USERS         Case Else             Return SetError(2, 2, 0)     EndSwitch     _ArrayDelete($a_KeySplitInfo, 0)     $s_RegKeyInfo = _ArrayToString($a_KeySplitInfo, "\")     Local $H_KeyInfoOpen = _WinAPI_RegOpenKey($H_KeyInfo, $s_RegKeyInfo, $KEY_READ)     Local $A_KeyInfo = _WinAPI_RegQueryInfoKey($H_KeyInfoOpen)     If @error Then Return SetError(1, 1, 0)     _WinAPI_RegCloseKey($H_KeyInfoOpen)     Local $A_RegVal[$A_KeyInfo[2] + 1][2]     Local $iV = 1, $s_RegRead = ""     While 1         $s_RegVal = RegEnumVal($s_RegKey, $iV)         If @error <> 0 Then ExitLoop         $s_RegRead = RegRead($s_RegKey, $s_RegVal)         If Not (@error) Then             $A_RegVal[$iV][0] = $s_RegVal             $A_RegVal[$iV][1] = $s_RegRead         EndIf         $iV += 1     WEnd     $A_RegVal[0][0] = UBound($A_RegVal) - 1     If $A_RegVal[0][0] >= 1 Then         Return $A_RegVal     Else         Return SetError(3, 3, 0)     EndIf EndFunc   ;==>_RegReadToArray
      i hope you benefit from it
      with my greetings
    • By Simpel
      Hi,
      I wondered why negative integers I wrote into registry (e.g. negative x-coordinates of a gui if using two monitors and the right one is the main one) wouldn't return right when reading. Now I know: it is saved as an unsigned integer (without algebraic sign). So here is a snippet that is changing unsigned to signed integer:
      Global Const $g_sRegKey = "HKEY_CURRENT_USER\Software\" & @ScriptName ; path to registry RegWrite($g_sRegKey, "Value", "REG_DWORD", -2147483647) ; write some negative integer into registry; -2147483647 highest possible negative integer , 2147483648 highest possible positive integer if talking of 32bit Local $sValue = RegRead($g_sRegKey, "Value") ; read out registry ConsoleWrite("Value: " & $sValue & @CRLF) ; show real value in console Local $sResult = _SignedInteger($sValue) ; change to signed value ConsoleWrite("Result: " & $sResult & @CRLF) ; and show it in console Func _SignedInteger($iUnsignedInteger) Local $iSignedInteger If $iUnsignedInteger > (2^31) Then ; then it means a negative integer $iSignedInteger = $iUnsignedInteger - (2^32) Else $iSignedInteger = $iUnsignedInteger EndIf Return $iSignedInteger EndFunc It took me some time to find out the problem and so I hope I can help somebody with this.
      Regards, Conrad
    • By copyleft
      I've looked at a bunch of SetACL examples on this site and none seem to be able to convert this batch script into a working AutoIt script.
      BATCH
      @echo off "%~dp0setacl.exe" -on "HKEY_CLASSES_ROOT\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" -ot reg -actn setowner -ownr n:administrators >nul 2>nul "%~dp0setacl.exe" -on "HKEY_CLASSES_ROOT\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" -ot reg -actn ace -ace "n:administrators;p:full" >nul 2>nul Reg.exe add "HKCR\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" /ve /t REG_EXPAND_SZ /d "C:\My.ico" /f NON-WORKING AUTOIT
      RunWait('setacl.exe "HKCR64\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" -ot reg -actn setowner -ownr "n:administrators"') RunWait('setacl.exe "HKCR64\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon" -ot reg -actn setowner -ownr "n:administrators;p:full"') RegWrite('HKCR64\CLSID\{9C60DE1E-E5FC-40f4-A487-460851A8D915}\DefaultIcon', '','REG_EXPAND_SZ','C:\Windows\My.ico') Any ideas on what I'm doing wrong?
       
    • By Psyllex
      I'm trying to install some setup stuff on Win10. 
       
      One part of the script requires just regular user privileges but the other requires admin privileges.  When I run it from the Autoit Editor it works like a champ.  When I build it, Windows slaps the admin stamp on it and then when I attempt to run the part that only requires regular users....it gets all hosed up. 
      Is there a way to remove #RequireAdmin? 

      I've tried RunAs(username, "", myPassword, "", "cmd.exe", "") but that never seems to work.
      Can someone help me out?
×
×
  • Create New...