Is it possible to block access to a specific registry key?
-
Can I restrict or block access to a specific registry key in HKLM? Or maybe hook it so that another process cannot read it? My goal is to temporarily block/obscure access to an HKLM registry key by the winlogon process, remotely. Thanks!
The only way to do that would be to setup permissions on that key preventing the user from reading it. You can NOT prevent WinLogon from reading it's values. Why? Because even Windows has to login to itself! Various accounts, including Local System and service accounts, need access to WinLogon to execute. I cannot think of a single reason why you would want to do this.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
The only way to do that would be to setup permissions on that key preventing the user from reading it. You can NOT prevent WinLogon from reading it's values. Why? Because even Windows has to login to itself! Various accounts, including Local System and service accounts, need access to WinLogon to execute. I cannot think of a single reason why you would want to do this.
A guide to posting questions on CodeProject[^]
Dave KreskowiakI will give you a single reason :) I want to write a remote desktop application with the ability to stop the legal banner from popping up therefore not requiring user action before the login/password/domain are sent, because that hoses the entire process since that window handle cannot be identified (because the contents are encrypted) I cannot close that legal banner pop up window ... however if I can stop it from opening then the result is the same.
-
I will give you a single reason :) I want to write a remote desktop application with the ability to stop the legal banner from popping up therefore not requiring user action before the login/password/domain are sent, because that hoses the entire process since that window handle cannot be identified (because the contents are encrypted) I cannot close that legal banner pop up window ... however if I can stop it from opening then the result is the same.
You might want to check with your legal department first. You might not get away with circumventing that little screen, as annoying as it is.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
You might want to check with your legal department first. You might not get away with circumventing that little screen, as annoying as it is.
A guide to posting questions on CodeProject[^]
Dave KreskowiakIf I can figure out how to do it, I will then ask ... no point in asking ahead of time if I can't do it. Any idea how to do the block?
-
If I can figure out how to do it, I will then ask ... no point in asking ahead of time if I can't do it. Any idea how to do the block?
That's ass end backwards. Is there any reason to waste time researching how to do this if your legal department tells you that you can't do it? You're just costing your company money here.
I'm not a stalker, I just know things. Oh by the way, you're out of milk.
Forgive your enemies - it messes with their heads
-
If I can figure out how to do it, I will then ask ... no point in asking ahead of time if I can't do it. Any idea how to do the block?
Sure, you just have to add Deny permissions to the SYSTEM account to key immediately above what you want to block. I'd open regedit first, try setting this by hand yourself, and then see what happens. You may not be able to reverse what you've done. That being the case, I highly suggest trying this on a virtual machine or a machine you don't care about rebuilding. Since WinLogon is also responsbile for loading the User Profile, you may get the ability to skip the legal screen, but lose the ability to completely login to the machine. You may also never get a shell, and you may lose all network connectivity to off-machine resources, such as network shares, ..., among other things... Do you still think this is a good idea?? I know I wouldn't consider it a supportable solution in an Enterprise environment, or any other environment for that matter.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
Sure, you just have to add Deny permissions to the SYSTEM account to key immediately above what you want to block. I'd open regedit first, try setting this by hand yourself, and then see what happens. You may not be able to reverse what you've done. That being the case, I highly suggest trying this on a virtual machine or a machine you don't care about rebuilding. Since WinLogon is also responsbile for loading the User Profile, you may get the ability to skip the legal screen, but lose the ability to completely login to the machine. You may also never get a shell, and you may lose all network connectivity to off-machine resources, such as network shares, ..., among other things... Do you still think this is a good idea?? I know I wouldn't consider it a supportable solution in an Enterprise environment, or any other environment for that matter.
A guide to posting questions on CodeProject[^]
Dave KreskowiakSince RDP encrypts the window and no one seems to have cracked that, I'm not sure if there is another solution besides this one? I'd much rather go the route of decrypting the window contents, looking for the legal banner window handle to appear and sending an enter key to that the moment it appears, but I'm not even sure that is possible. I'm all ears if anyone has any other ideas ...
-
That's ass end backwards. Is there any reason to waste time researching how to do this if your legal department tells you that you can't do it? You're just costing your company money here.
I'm not a stalker, I just know things. Oh by the way, you're out of milk.
Forgive your enemies - it messes with their heads
If you have another way to do this, I am all ears
-
Since RDP encrypts the window and no one seems to have cracked that, I'm not sure if there is another solution besides this one? I'd much rather go the route of decrypting the window contents, looking for the legal banner window handle to appear and sending an enter key to that the moment it appears, but I'm not even sure that is possible. I'm all ears if anyone has any other ideas ...
Hey, I told you how to test this little theory out by hand. What's the point in trying to type in a bunch of code if the entire concepts won't work from the start. I can see a bunch of reasons why it won't, but I'm not going to test this for you. That's what you're getting paid to do.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
Hey, I told you how to test this little theory out by hand. What's the point in trying to type in a bunch of code if the entire concepts won't work from the start. I can see a bunch of reasons why it won't, but I'm not going to test this for you. That's what you're getting paid to do.
A guide to posting questions on CodeProject[^]
Dave KreskowiakI will be testing it that way, I'm just throwing it out there that if someone has a better idea on how to do this, I'm open to that. When I'm done testing I will report back on how it worked.
-
Sure, you just have to add Deny permissions to the SYSTEM account to key immediately above what you want to block. I'd open regedit first, try setting this by hand yourself, and then see what happens. You may not be able to reverse what you've done. That being the case, I highly suggest trying this on a virtual machine or a machine you don't care about rebuilding. Since WinLogon is also responsbile for loading the User Profile, you may get the ability to skip the legal screen, but lose the ability to completely login to the machine. You may also never get a shell, and you may lose all network connectivity to off-machine resources, such as network shares, ..., among other things... Do you still think this is a good idea?? I know I wouldn't consider it a supportable solution in an Enterprise environment, or any other environment for that matter.
A guide to posting questions on CodeProject[^]
Dave KreskowiakThis did work manually ... I'm having a very difficult time finding information on how to do this programatically though. I haven't found any code examples that do this remotely, and that specify as to which group is the permission change is being done to.
-
This did work manually ... I'm having a very difficult time finding information on how to do this programatically though. I haven't found any code examples that do this remotely, and that specify as to which group is the permission change is being done to.
Ok I finally got this to work programatically, it was quite a pain ... at least for me. If you remove query access and then put it back, it works. It's quite simple I think.
-
Can I restrict or block access to a specific registry key in HKLM? Or maybe hook it so that another process cannot read it? My goal is to temporarily block/obscure access to an HKLM registry key by the winlogon process, remotely. Thanks!