Jump to content

Recommended Posts

Has this code been tested on a Domain Controller? It doesn't appear to work correctly.

Edit:

This appears to be because the _Security__LookupAccountSid and _Security__LookupAccountName functions do not return the expected values. This would be because there are no local accounts.

I was hoping someone would test that and report back.

I will take a look at that. There should be a way to fix that.

Anyway. I was hoping it would work on domain controllers. The AutoIt documentation suggests it:

Name of the system. This string can be the name of a remote computer. If this string is blank,

the account name translation begins on the local system. If the name cannot be resolved on the local system,

this function will try to resolve the name using domain controllers trusted by the local system.

Edited by engine

My contributions:Local account UDF Registry UDFs DriverSigning UDF Windows Services UDF [url="http://www.autoitscript.com/forum/index.php?showtopic=81880"][/url]

Link to post
Share on other sites
  • Replies 61
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

SecurityEx.au3 Reg.au3 (Requires SecurityEx.au3 from above) Current functions: _RegLoadHive _RegRestoreHive _RegSaveHive _RegUnloadHive Features: These functions support remote computers. Notes:

Posted Images

I was hoping someone would test that and report back.

I will take a look at that. There should be a way to fix that.

Anyway. I was hoping it would work on domain controllers. The AutoIt documentation suggests it:

I made a quick modification to the GetProfile() function to check for the validity of $avArray, if it's not set then I assume it's a domain controller. I didn't spend too much time on it, but the part where you are using _Security__LookupAccountName($sComputer, $sComputer) to retrieve the computer SID is the part that fails.

Link to post
Share on other sites

I made a quick modification to the GetProfile() function to check for the validity of $avArray, if it's not set then I assume it's a domain controller. I didn't spend too much time on it, but the part where you are using _Security__LookupAccountName($sComputer, $sComputer) to retrieve the computer SID is the part that fails.

Thanks.

That part can be removed if needed. The computer SID is used only to generate a temporary SID for the "Defaut User" account. I will review that as soon as possible.

My contributions:Local account UDF Registry UDFs DriverSigning UDF Windows Services UDF [url="http://www.autoitscript.com/forum/index.php?showtopic=81880"][/url]

Link to post
Share on other sites
  • 3 weeks later...
  • 2 months later...

First off, let me say that I think you've done a really nice job here. I've tried converting Visual BASIC examples of this into AUTOIT, but with extremely limited success.

I did, however, try _RegSaveHive() on HKLM\SECURITY and it returned an error. Other hives under HKLM worked, like SAM and SOFTWARE...am I doing something wrong? I figured, since REG.AU3 UDFs sets privileges, it should work saving and restoring, but this is not the case. I tried playing with the privileges a bit, but can't get it to work. Using the DOS command AT, (in XP), I can bypass privileges and get to the HKLM\SECURITY hive and even save or restore it. Though this method is messy and I'd really prefer to use an API call.

Again, nice work on this, and thanks for all your efforts. Hope someone can help me out here, I feel kinda stupid. :)

Cheers,

OldCoder

:)

"Intelligence is the ability to adapt to change."                                      - Stephen Hawking                                        "...not the ability to exploit others."                                                  - OldCoder
Link to post
Share on other sites
  • 1 year later...
  • 4 weeks later...

There is an error on line 425 in the ProfileAdd function in the HKCUReg.au3 that was updated for AutoIt 3.3.2.0. After calling _Security__LookupAccountSid there is no way to deal with an $avUser result of 0 that can be returned with no error in the updated _Security__LookupAccountSid function in Security.au3. Here is an example that throws an error when the GetProfile function calls the ProfileAdd function.

#include "HKCUReg.au3"
#include <Array.au3>  
$aResult = _HKCU_Read("Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders", "AppData") 
_ArrayDisplay($aResult, "AppData")

This code will throw a "Subscript used with non-Array variable." error due to $avUser not being an array. This was returned by SciTE:

C:\Registry UDF\HKCUReg.au3 (426) : ==> Subscript used with non-Array variable.:

If $avUser[2] = 1 Then

If $avUser^ ERROR

If you look at the code segment for ProfileAdd.

Local $avUser = _Security__LookupAccountSid($sSID)
    If Not @error Then
    If $avUser[2] = 1 Then

You will notice that only @error is tested for, and does not check $avUser to see if it is a 0 or not. To test a fix for this problem, I changed line 425 from

If Not @error Then

to

If Not @error And $avUser <> 0 Then

This seem to have corrected the problem.

Link to post
Share on other sites

Thanks you for your quick response. The statement

If Not ( @error And $avUser ) Then

does not solve the problem and throws the same error due to the statement executing when $avUser = 0. It should only execute when there is not an error and $avUser <> 0. Here is a simple script to see how the statement is acting:

;Testing a variable when it is a integer or an array and leaving $iError at 0.  

$iError = 0

$avTest = 0

If Not $iError And $avTest <> 0 Then
    MsgBox(0, "Test", "$aTest is an array") ;Is NOT executed due to it NOT being an array.
ElseIf Not ( $iError And $avTest ) Then
    MsgBox(0, "Test", "$aTest is NOT an array") ;Is executed.
EndIf

Dim $avTest[3] = [1, 2, 3]

If Not $iError And $avTest <> 0 Then
    MsgBox(0, "Test", "$avTest is an array") ;Is executed.
ElseIf Not ( $iError And $avTest ) Then
    MsgBox(0, "Test", "$avTest is NOT an array") ;Is NOT executed due to it being an array.
EndIf

I believe that the statment that I proposed

If Not @error And $avUser <> 0 Then

solves the problem due to it checking that there is not an error first then checking the state of $avUser. When $avUser is an array, when it is not equal to zero, is when the statement should execute.

I would also like to thank you for your work on the very nice UDF. It has helped me greatly in quite a few projects I have worked on.

Link to post
Share on other sites

I'm having some difficulty understanding just how to use this udf. I have a need to modify the users registry while my application is running in administrative mode (executed using, run as administrator). Currently, when i write to HKCU, it doesnt write the information to the users HKCU, which is where I need the information to go. A small example of this specific usage would be highly appreciated.

To be even more specific, From my script I use

RunWait('Reg.exe import ' & @ScriptDir & '\hkcu.reg', @SystemDir, @SW_HIDE)
but it is not going to the users HKCU, because of the need to run the script in administative mode to accomplish other tasks. The registry file contains over 2000 entries so I'm hoping this can still be accomplished using the reg import command. Edited by Shark007
Link to post
Share on other sites

The reason that your HKCU keys do not change the information for the user that launched the script is due to the script being executed as an administrator. The registry edits are editing the administrator's profile HKCU keys. When you "run as admin", the admin user profile hive is loaded into the registry with its SID and that is all the script knows to edit. This UDF loads each profile hive found on the system into the registry and edits them and then unloads them, or it can do a specifically named profile. The function in this UDF that will do what you want to do with a REG file is _HKCU_Import. As the description in the UDF states for _HKCU_Import: "Imports a previously exported reg file to the registry". This function will only work on the local system, it will not work with remote registry. The other functions will.

An example using your REG file to edit HKCU for all profiles on the system.

#include "HKCUReg.au3"


_HKCU_Import(@ScriptDir & '\hkcu.reg')

An example using your REG file to edit HKCU only for the "TestUser" profile on the system.

#include "HKCUReg.au3"

_HKCU_Import(@ScriptDir & '\hkcu.reg', 'TestUser')

The comment section above each function in the UDF have some really good examples on how to use each function. The examples are at the bottom of each comment section.

Since your script is running as admin, you will need some way to see what the user profile name is before the script is launched under the admin account, so the script knows which hive to edit. Here is how I usually do it at the top of my scripts that need admin rights to edit the registry.

$sUserNameFile = @ScriptDir & "\UserName.dat"
If Not FileExists($sUserNameFile) Then
    FileWriteLine($sUserNameFile, @UserName)
    FileSetAttrib($sUserNameFile, "+H")
EndIf

Global $sProgramName = "Run As Admin " & StringTrimRight(@ScriptName, 4)
If WinExists($sProgramName) Then Exit; To prevent the script from running itself over and over and over if the specified admin user is not found...

AutoItWinSetTitle($sProgramName) ; To prevent the script from running itself over and over and over if the specified admin user is not found...

Global $sAdminUser = "Admin" ;Have encrypted and decrypt here.

If @UserName <> $sAdminUser And Not IsAdmin() And @Compiled Then ;Checks to see if is is running under the admin user.
    Global $sAdminPassword = "password" ;Have encrypted and decrypt here.
    RunAs($sAdminUser, @ComputerName, $sAdminPassword, 0, @AutoItExe) ;For running under local admin account.  
    If @error Then 
        MsgBox(16, "ERROR!", "Unable to run under administrator account.") ;If admin elevation fails.
        FileDelete($sUserNameFile)
    EndIf
    Exit
EndIf

#include "HKCUReg.au3"
$sUserName = FileReadLine($sUserNameFile, 1)
FileDelete($sUserNameFile)

_HKCU_Import(@ScriptDir & '\hkcu.reg', $sUserName)

;Rest of the script.
Link to post
Share on other sites

Thanks AdamUL for reporting and testing. And helping Shark007 !

I think that:

If Not @error And $avUser Then

Is equivalent to your statement. Note the parenthesis are now absent. Please test. If it works I will make it permanent.

Thanks.

My contributions:Local account UDF Registry UDFs DriverSigning UDF Windows Services UDF [url="http://www.autoitscript.com/forum/index.php?showtopic=81880"][/url]

Link to post
Share on other sites

Thanks AdamUL for reporting and testing. And helping Shark007 !

I think that:

If Not @error And $avUser Then

Is equivalent to your statement. Note the parenthesis are now absent. Please test. If it works I will make it permanent.

Thanks.

No, it's not work but

If Not @error And $avUser <> 0 Then

Or

If Not @error And isarray($avUser) Then

seems work ==> try this

Local $test

For $i = 0 To 2
    $test = Test($i)
    If Not @error And IsArray($test) Then
        ConsoleWrite("Test Array OK ==> " & $test[2] & @LF)
    Else
        ConsoleWrite("Error" & @LF)
    EndIf

    $test = Test($i)
    If Not @error And $test <> 0 Then
        ConsoleWrite("Test <> 0 OK ==> " & $test[2] & @LF)
    Else
        ConsoleWrite("Error" & @LF)
    EndIf

    $test = Test($i)
    If Not @error And $test Then
        ConsoleWrite("Test exist KO ==> " & $test[2] & @LF)
    Else
        ConsoleWrite("Error Test exist KO" & @LF)
    EndIf
Next
Exit

Func Test($vSID)
    Local $pSID, $aAcct[3]

    If $vSID = 1 Then Return SetError(-1, 0, 0)

    If $vSID = 2 Then Return 0

    Local $aAcct[3]
    $aAcct[0] = "Name"
    $aAcct[1] = "Domain"
    $aAcct[2] = "SNU"
    Return $aAcct
EndFunc   ;==>Test
Link to post
Share on other sites
  • 3 weeks later...

Did anyone of you test _HKCU_Read on a Windows 7 machine?

I ran the script as LocalSystem and try to read data from Domain users registry who is logged in at that moment.

But the function did not return anything for this user, even so the registry key exists for this user.

Link to post
Share on other sites
  • 4 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...