Topic: Admin Account Registry Changes  (Read 1309 times)

0 Members and 1 Guest are viewing this topic.

Admin Account Registry Changes
« on: September 15, 2017, 12:41:53 PM »

bob.omb

  • Chef
  • ***
  • Location: USA
  • Date Registered: Jul 2017
  • Posts: 103
I pulled registry keys from keys from HKCU from inside the running PE that I need to be permanent, then rebooted my PC booted normally without PE and loaded the builder, I used the .reg file I made from the keys inside PE and ran RegCPE to convert my HKCU keys, -> which it converted into the below RegCPE created keys.

The problem I'm having is when creating a plugin to import the below RegCPE created keys during the build process, they DO get imported to the users\.default user key, but they DO NOT get carried over to the HKCU (x:\users\Administrator\ntuser.dat) when the administrator account is created on boot.  From my digging it looks like the Administrator gets its ntuser.dat from system32\config\default (Which is the same as the Users\.Default registry key isn't it?) Then shouldn't any keys in .Default be copied into the Administrator ntuser.dat when it is created during LoginAsAdmin?

[RegCPE Created Keys -- Put under [Process] section in Plugin Script]  -- These Keys are supposed to create a right click context menu item while right clicking on, or in, a folder. It runs TreeSize
RegHiveLoad,Tmp_Default,%RegDefault%    //  <-------Should I be changing %RegDefault% to something else?????
RegWrite,HKLM,0x1,Tmp_Default\Software\Classes\Directory\Background\shell\Treesize,,&Treesize
RegWrite,HKLM,0x1,Tmp_Default\Software\Classes\Directory\Background\shell\Treesize,Icon,"Y:\Programs\TreeSize Pro_Prg\TreeSize.exe,0"
RegWrite,HKLM,0x1,Tmp_Default\Software\Classes\Directory\Background\shell\Treesize\command,,"#$qY:\Programs\TreeSize Pro_Prg\TreeSize.exe#$q #$q#$pV#$q"
RegWrite,HKLM,0x1,Tmp_Default\Software\Classes\Folder\shell\Treesize,,&Treesize
RegWrite,HKLM,0x1,Tmp_Default\Software\Classes\Folder\shell\Treesize,Icon,"Y:\Programs\TreeSize Pro_Prg\TreeSize.exe,0"
RegWrite,HKLM,0x1,Tmp_Default\Software\Classes\Folder\shell\Treesize\command,,"#$qY:\Programs\TreeSize Pro_Prg\TreeSize.exe#$q #$q#$p1#$q"
RegHiveUnLoad,Tmp_Default

[Regular Registry Keys Before Conversion]
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Classes\Directory]

[HKEY_CURRENT_USER\Software\Classes\Directory\Background]

[HKEY_CURRENT_USER\Software\Classes\Directory\Background\shell]

[HKEY_CURRENT_USER\Software\Classes\Directory\Background\shell\Treesize]
@="&Treesize"
"Icon"="Y:\\Programs\\TreeSize Pro_Prg\\TreeSize.exe,0"

[HKEY_CURRENT_USER\Software\Classes\Directory\Background\shell\Treesize\command]
@="\"Y:\\Programs\\TreeSize Pro_Prg\\TreeSize.exe\" \"%V\""

[HKEY_CURRENT_USER\Software\Classes\Folder]

[HKEY_CURRENT_USER\Software\Classes\Folder\shell]

[HKEY_CURRENT_USER\Software\Classes\Folder\shell\Treesize]
@="&Treesize"
"Icon"="Y:\\Programs\\TreeSize Pro_Prg\\TreeSize.exe,0"

[HKEY_CURRENT_USER\Software\Classes\Folder\shell\Treesize\command]
@="\"Y:\\Programs\\TreeSize Pro_Prg\\TreeSize.exe\" \"%1\""

--

I can always add the reg keys during boot with a batch file but was hoping I was just overlooking something and theres an easy way to include this in the build.  As a bonus fixing this issue I'm sure would correct another thread I started about admin login screen color, those keys are located in HKCU too, So figuring this out would probably make it easy to fix the ComponentsY\TweaksExplorer\Appearance BackgroundColor.script as well.
« Last Edit: September 15, 2017, 06:11:02 PM by bob.omb »

Re: Admin Account Registry Changes
« Reply #1 on: September 15, 2017, 11:17:21 PM »

ChrisR

  • Moderator, Win7PE SE Baker
  • Grand Chef
  • *****
  • Date Registered: Mar 2011
  • Posts: 2895
Yes bob, the Config\default reg hive is copied to ntuser.dat inside LoginAsAdmin pugin.
FileCopy,%target_sys%\config\DEFAULT,%TargetProfilesUserDir%\NTUSER.DAT
To copy all keys, "Logon as Admin" is done at the end of building.
If you add some keys, you can manually copy DEFAULT to NTUSER.DAT or replay the plugin before rebuilding boot.wim & ISO


Re: Admin Account Registry Changes
« Reply #2 on: September 16, 2017, 04:36:22 AM »

bob.omb

  • Chef
  • ***
  • Location: USA
  • Date Registered: Jul 2017
  • Posts: 103
Yes I understand how it is supposed to work but what I'm saying is something is wrong.  Even if I open the WIM after building and manually inject the keys into x:\windows\system32\config\default AND x:\users\default\ntuser.dat the above keys do not carry over to the Administrator HKEY_CURRENT_USER --during BOOT time-- when admin account is created.  The above keys are NEVER present in HKEY_CURRENT_USER in Admin account after boot no matter where I inject them...only in the HKEY_USERS\.Default.  I am lost on this

I am trying to learn as much as possible to contribute but I need help with this one. I believe If you try to put those keys in you will see that they wont work even though it looks like it should.

I have always had issues getting the HKEY_CURRENT_USER in the registry to reflect keys - Every other area works perfectly

*****************

I will do more testing, the agent ransack context menu's transfer over perfectly for admin account.  I will inject these keys for TreeSize into Agent Ransack's plugin script and see if they work during build.
« Last Edit: September 16, 2017, 05:02:11 AM by bob.omb »

Re: Admin Account Registry Changes
« Reply #3 on: September 16, 2017, 05:21:03 AM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7239
I will do more testing, the agent ransack context menu's transfer over perfectly for admin account.  I will inject these keys for TreeSize into Agent Ransack's plugin

Downloads\AppYGS\FileTasks\'TreeSizeFreeware" plugin also works fine.

ps: http://theoven.org/index.php?topic=1208.0

I feel it is about your plugin registry settings.
ex:
We never use hardcoded things like Y: as in your previous post on registry with apps plugins.


Read plugin related things at FAQ topic:
http://theoven.org/index.php?topic=834.0

Utils\PC Packed - PluginCreator Packed and more
Utils\PC Innounp - PluginCreator with innounp setup

also check other plugins available on project servers.
Most recent dated ones have most up to date syntax.

After some practice spending some time, it is all easy.

:turtle:

Re: Admin Account Registry Changes
« Reply #4 on: September 16, 2017, 05:41:32 AM »

bob.omb

  • Chef
  • ***
  • Location: USA
  • Date Registered: Jul 2017
  • Posts: 103
Ok I am sorry if I am wasting time, some of this is stupidity on my part because I wasn't paying attention to where the keys are supposed to be placed.  I managed to get it working, I try to look through the FAQ a lot, but sometimes I am stuck.

But the problem has been found.

Changing to

RegHiveLoad,Tmp_Software,%RegSoftware%
RegWrite,HKLM,0x1,Tmp_Software\Classes\Directory\Background\shell\Treesize,,&Treesize
RegWrite,HKLM,0x1,Tmp_Software\Classes\Directory\Background\shell\Treesize,Icon,"Y:\Programs\TreeSize Pro_Prg\TreeSize.exe,0"
RegWrite,HKLM,0x1,Tmp_Software\Classes\Directory\Background\shell\Treesize\command,,"#$qY:\Programs\TreeSize Pro_Prg\TreeSize.exe#$q #$q#$pV#$q"
RegWrite,HKLM,0x1,Tmp_Software\Classes\Folder\shell\Treesize,,&Treesize
RegWrite,HKLM,0x1,Tmp_Software\Classes\Folder\shell\Treesize,Icon,"Y:\Programs\TreeSize Pro_Prg\TreeSize.exe,0"
RegWrite,HKLM,0x1,Tmp_Software\Classes\Folder\shell\Treesize\command,,"#$qY:\Programs\TreeSize Pro_Prg\TreeSize.exe#$q #$q#$p1#$q"
RegHiveUnLoad,Tmp_Software

Now it works fine.

--->RegCPE and RegReConvert<--- were giving me the wrong keys.  They both were taking the HKCU\Software location and converting to keys that put it in the HKU\.Default location.  These didn't load into HKCU at boot. (Because of the Login as admin script the normal conversion to HKU\.Default location doesn't work and for keys to work they need to be placed directly into the HKLM\Software hive (%RegSoftware%))  Looking at similar plugins was able to see the correct key location and correct my plugin by putting it directly in the software hive.

I wouldn't have spent this time if you guys weren't in here checking on me so thank you very much. 

Thank you for your time and help.

Have to keep an eye on HKCU keys in the future..
« Last Edit: September 23, 2017, 08:24:27 AM by bob.omb »

Re: Admin Account Registry Changes
« Reply #5 on: September 16, 2017, 06:30:10 AM »

bob.omb

  • Chef
  • ***
  • Location: USA
  • Date Registered: Jul 2017
  • Posts: 103
ex:We never use hardcoded things like Y: as in your previous post on registry with apps plugins.

This is confirmed working, just FYI for future projects, you probably have a reason for not doing it

Re: Admin Account Registry Changes
« Reply #6 on: September 16, 2017, 12:25:26 PM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7239
--->RegCPE and RegReConvert<--- were giving me the wrong keys.
They output what you input, so they do not give you wrong keys.
It is about the experience you need to input correct registry, than they will output correct conversion.

We all create plugins with RegCPE without any trouble.  :cool:

You must not use RegReConvert plugin to create any of your plugin.
RegReConvert plugin is for old users to convert old plugin registry to new registry,
with ability to revert .reg files to their original state. ( at around 2010 )
After passing years, It is now for advanced users only. I will remove RegReConvert plugin from projects to avoid confusion.


Ok I am sorry if I am wasting time, some of this is stupidity on my part because I wasn't paying attention to where the keys are supposed to be placed.  I managed to get it working, I try to look through the FAQ a lot, but sometimes I am stuck.
All info about registry writing to plugins is there with related links as much as we can.
 Others on topic, make a google search on theoven.org forum as instructed with example on FAQ top.
    Rest is about practice.

As written, it is a self-learning road, and there are hundreds of apps plugins on servers giving you working examples of the correct way to write plugins.

ex:We never use hardcoded things like Y: as in your previous post on registry with apps plugins.

This is confirmed working, just FYI for future projects, you probably have a reason for not doing it

Sure, TreeSizeFreeware plugin last updated at "2013.01.25" (4 years ago, with a bit old syntax) and still working without any trouble.  :wink:
You plugins also can work 4, 7 ..... years later with other projects as long as you write them without hardcoded way.

I wouldn't have spent this time if you guys weren't in here checking on me so thank you very much.

Thank you for your time and help.
:thumbsup: :great:

:turtle:

Re: Admin Account Registry Changes
« Reply #7 on: September 23, 2017, 08:31:42 AM »

bob.omb

  • Chef
  • ***
  • Location: USA
  • Date Registered: Jul 2017
  • Posts: 103
Is there any way one script can see if another is active? Specifically so RegCPE can see if I have LoginAsAdmin script selected? If I had a way to check if that script was active, I could add some code to automatically convert the %tmp_default%\Software\* keys to %tmp_software%\ when that script is enabled and it would make RegCPE produce perfect keys without the need to edit anything.  this is only to change the location of the %tmp_default%\software\ hive keys and no other area, its should work perfectly that way.

Once builders have in their hands solutions to these small issues that we already have answers to the community will be able to move forward faster together, someone who may get stuck on this may be able to help in other areas...
« Last Edit: September 23, 2017, 08:35:53 AM by bob.omb »

Re: Admin Account Registry Changes
« Reply #8 on: September 24, 2017, 03:45:31 AM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7239
You need some time bob.omb,

There are some false logics you have, after practicing you will get rid of them.

you need to learn more about windows registry and other things.  :wink:

Give time to yourself.

:turtle:


Re: Admin Account Registry Changes
« Reply #9 on: September 24, 2017, 05:11:09 AM »

bob.omb

  • Chef
  • ***
  • Location: USA
  • Date Registered: Jul 2017
  • Posts: 103
I will test some more but anything from hcu\.default\software I enter anywhere other than the HKLM\Software hive does not work at all and ive tested several time.  RegCPE Takes HKCU\software keys and puts the in HKU\.Default\Software key "WHICH SEEMS CORRECT" however if you actually try it it wont work lol


I know you have been doing this much longer than me, but if you try to use they keys above in the first post with RegCPE they don't work, I have been testing this for days I promise with LoginAsAdmin the default user hive is not the only hive that gets loaded, And HKLM\Software -overwrites- HCU\.default\Software on boot into Administrator
« Last Edit: September 24, 2017, 05:18:51 AM by bob.omb »

Re: Admin Account Registry Changes
« Reply #10 on: September 24, 2017, 05:16:36 AM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7239
I did not wrote "wrong"
I wrote
Give time to yourself.
:thumbsup:

Re: Admin Account Registry Changes
« Reply #11 on: September 24, 2017, 06:31:38 AM »

bob.omb

  • Chef
  • ***
  • Location: USA
  • Date Registered: Jul 2017
  • Posts: 103
Lancelot I am a seasoned technician.  You are better than me at PE, but I know a lot about windows. I was not explaining correctly at first because PE is different and I was learning how keys were imported during boot creation of account.  This is outside windows normal behavior, so learning curve....but read below link.

https://blogs.msdn.microsoft.com/oldnewthing/20070302-00/?p=27783   <--- Is older post but still true...

I know the Admin NTUSER.dat is copied from Default User BUT HKLM takes precedent for software. The place RegCPE is putting the keys is only compatible with the system account and the plugin needs to be changed to be compatible with the LoginAsAdmin.script -OR- people will have to make edit when importing keys and using admin account.  This seems to only apply to the SOFTWARE section of Admin(maybe only software\microsoft?)....Because HKLM\Software  ---->overwrites<---- anything carried over from HKU\.Default\Software AND HKCU\Software during Admin login

PLEASE BELIEVE ME! lmao j/k - It has proven true in all my testing..  :wink:

.Default Account does not carry over correctly over to Admin below ----- (This NTUSER.dat was copied from default user why different? - Keys imported with RegCPE to %tmp_default% with AdditionalRegistry.script at end of build but before LoginAsAdmin, when files compared they are the same, after boot they show different values ****HKLM\Software is fix for this.)
ila_renderedila_rendered

Admin Account IGNORES these values anyway and pulls from HKLM\Software directly...(My accents are -Grey- these are the keys being used while I am writing this from within PE - These screenshots are from inside my build - User software keys are ignored)
ila_rendered

Every key I've changed in the HKLM\Software hive has overridden anything I've put in .default\software or HKU\Software hives when boot occurs....Every time i've tested it.

This all has to do with the way PE behaves differently than regular windows.
« Last Edit: September 24, 2017, 07:55:11 AM by bob.omb »

Re: Admin Account Registry Changes
« Reply #12 on: September 24, 2017, 09:26:16 AM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7239
Hi bob.omb

7-zip plugin uses Tmp_Default to write its settings

See with normal Win10PESE boot
ila_rendered

and with Admin login Win10PESE boot
ila_rendered

It works fine, RegCPE works ok, "Logon as Admin" plugin is ok.  :thumbsup:


*
Your changing Accent keys or any other special Windows key may not work time to time
They are "special" cases.
You can find many topics with special cases....

I remember we have a solution for Accent special case on other topic
http://theoven.org/index.php?topic=2185.msg24030#msg24030



******
As I wrote before:

Give time to yourself.
:thumbsup:

Give time to yourself.   :thumbsup:
« Last Edit: September 24, 2017, 09:27:08 AM by Lancelot »

Re: Admin Account Registry Changes
« Reply #13 on: September 24, 2017, 09:41:32 AM »

bob.omb

  • Chef
  • ***
  • Location: USA
  • Date Registered: Jul 2017
  • Posts: 103
No 7zip is the special case not the other way around.  7zip was written to look in HKCU specifically for its data.  It depends on the program. But for system settings keys it is always overridden by HKLM\Software

Example is PENetwork - (Software look where developer makes it look) HKLM are settings that are active and keys are diff in HKCU for this.  For programs it depends how they were written.  For OS HKLM overrides

Registry makes even techs heads spin and PE adds extra twist with admin account creation automatically during boot, and BTW what is explanation for imported keys into .Default NTUSER.DAT being different than Admin NTUSER.DAT? I showed you screenshots...File is a direct copy but keys are different. (Above post not these pics, these are PENetwork)

ila_renderedila_rendered
« Last Edit: September 24, 2017, 09:50:33 AM by bob.omb »

Re: Admin Account Registry Changes
« Reply #14 on: September 24, 2017, 09:54:10 AM »

bob.omb

  • Chef
  • ***
  • Location: USA
  • Date Registered: Jul 2017
  • Posts: 103
HKLM\Software <-----All Users (System Settings usually read from here)

HKCU\Software <-----Current User only (Software setting most likely saved here)

HKU\.Default\Software <------ System account software hive only (Copied to Admin acct but some keys are different after boot?)

Therefore, for admin, all users is safest bet.

I promise I'm not trying to annoy you, above info is true.

CONCLUSION:  I will give it time  :great:  Obviously there is no one size fits all solution so as many tests I can find to prove my point you can find to prove against.  Different things require different solutions, not always the same.

You are the best for taking time with me, appreciate you.  I will keep pushing forward...with other things... lol
« Last Edit: September 24, 2017, 10:11:19 AM by bob.omb »

Re: Admin Account Registry Changes
« Reply #15 on: September 24, 2017, 11:40:59 PM »

Lancelot

  • Gena Baker
  • Grand Chef
  • *****
  • Date Registered: Sep 2010
  • Posts: 7239
Hi bob.omb,

It is better you show a registry setting of an application that does not work with Admin Login.
Practice is better than Theory.  :thumbsup:
I am sure there will be a solution for such situation.

Overall, I do not have big free time to dig things down,
 My free time now very low with the end of summer.
   Time to make money....
   At these times, I mostly do not make build or tests with development related, but only feedback forum as much as I can.

Spend some time how plugins and projects works,
 we are more than 7 years around now, take it easy.

:turtle:

 

Powered by EzPortal