Jump to content

Creating and editing a registry entry and Permissions


Recommended Posts

I am trying to create anti-procrastination software, basically by utilizing the DisallowRun parameter in the Group Policy. I am adding registry values into the register to add the programs I want disallowed through the restricted.txt file (each line in the file is a program I want to disallow)

So, this is what I have so far and it does work, but There was a time that it didn't, and the only reason is because of permissions.

;Anti-Procrastinator V0.1

;Checks version of windows, if 32x or 64x
Dim $registryKey
If @OSType = "WIN32_NT" Then
   $registryKey = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
EndIf

Dim $restrictionFile

startup()

Func startup()
   RegWrite($registryKey, "DisallowRun", "REG_DWORD", 1)
   $registryKey &= "\DisallowRun"
   addToReg()
EndFunc

;Adds programs in Restricted.txt into the registry
Func addToReg()
   $restrictionFile = FileOpen("Restricted.txt")
   Dim $str = FileReadLine($restrictionFile), $count = 1
   While Not @error
      While $str <> ""
         RegWrite($registryKey, ""&$count, "REG_SZ", $str)
         $str = FileReadLine($restrictionFile)
         $count += 1
      WEnd
   WEnd
   FileClose($restrictionFile)
EndFunc

;...

What I had to do, to get this working, is go into the registry and manually set the Explorer folders permissions to full access for my account. If I use #REQUIREADMIN it will work (assuming that access is given, but I don't want to ask for admin privileges, well, unless I can brute force a yes). I have also noticed in other posts, it doesn't mention you need to change permissions, something I had to piece together myself!

So, what I want to know, is how to I get the permissions to be full control to me, without having to manually set them. Or be able to brute force admin rights (which I don't think is possible)

Link to comment
Share on other sites

you will need to set the permission at least once (assuming nothing reverts the permissions to default). you can accomplish this with the ACL UDF here: https://www.autoitscript.com/forum/topic/134508-set-acl-permissions-udf/

that will require elevation once at first run, but unless you are domain admin, i see no way to overcome this (and actually i think there shouldn't be one).

b.t.w you should have noticed it, along with several other related topics, in the forum search.

Signature - my forum contributions:

Spoiler

UDF:

LFN - support for long file names (over 260 characters)

InputImpose - impose valid characters in an input control

TimeConvert - convert UTC to/from local time and/or reformat the string representation

AMF - accept multiple files from Windows Explorer context menu

DateDuration -  literal description of the difference between given dates

Apps:

Touch - set the "modified" timestamp of a file to current time

Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes

SPDiff - Single-Pane Text Diff

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...