Jump to content

HKEY_CURRENT_USER (HKCU) Question

COKEDUDEUSF
 Share

Recommended Posts

COKEDUDEUSF

COKEDUDEUSF

Posted
Posted

Can someone please explain this in more depth.

http://unattended.msfn.org/unattended.xp/view/web/17/

As the title suggests, these are the current user keys. Generally, the changes you make to this hive apply to the currently logged on user only. Certainly, you can import the HCKU tweaks upon the first logon. This is probably what you need to do, if you work under a built-in Administrator account and don't have any other accounts (which is not a very good practice) . Meanwhile, it is a good idea to work under a different account with the administrator rights and leave the built-in Administrator untouched just in case. The question is how to apply the HKCU tweaks for all accounts simultaneously.

Fortunately, there's an excellent resolution for those who configure more than one account and wish to have all accounts similarly tweaked. You can import registry tweaks at a certain stage of the unattended setup when nobody has logged on yet. This task can be accomplished from cmdlines.txt at T-12. Actually, the HKCU tweaks imported at T-12 modify the Default User account settings, because the Default User's hive is loaded into HKEY_CURRENT_USER at that moment. When a user logs on to a machine for the first time, the user settings are taken from the Default User account. Hence, the HKCU tweaks imported at T-12 apply to all accounts ever created. That is why I have two separate REG files (HKCU and HKLM). I import HKCU tweaks from cmdlines.txt, and no matter how many user accounts I create, they all have the same initial user settings.

Why can't you use the cmdlines.txt to import HKCU tweaks into the built-in Administrator account? Where is the built-in Administrator account during this time? Why does it really matter if you use the built-in Administrator account? If you don't have a good Firewall and AV you'll still get a virus, trojan, or spyware no matter if your using the built-in Administrator account or not.

Link to comment
Share on other sites

Martin H

Martin H

Posted
Posted
Why can't you use the cmdlines.txt to import HKCU tweaks into the built-in Administrator account? Where is the built-in Administrator account during this time?

The article dosen't say that...

It says that if you import current user keys from cmdlines.txt, then they will be applied to the default user hive and hence, all new created users will inherent those keys...

At T-12(cmdlines.txt) then the built-in administrator account is the only account available.

Why does it really matter if you use the built-in Administrator account?

The built-in administrator account is solely meant as a setup and recovery account only, which means that you use it during setup and then afterwards you instead use another account with admin-rights enabled and then leave the built-in administrator account untouched, so that you always have a backdoor into the system if something ever goes wrong and you e.g. cannot log into your primary user account or some other problem with your main account...

Link to comment
Share on other sites
COKEDUDEUSF

COKEDUDEUSF

Posted
  • Author
Posted
Why can't you use the cmdlines.txt to import HKCU tweaks into the built-in Administrator account? Where is the built-in Administrator account during this time?

The article dosen't say that...

It says that if you import current user keys from cmdlines.txt, then they will be applied to the default user hive and hence, all new created users will inherent those keys...

At T-12(cmdlines.txt) then the built-in administrator account is the only account available.

Any ideas why its not working then? That's the only thing I can think of. I can't think of anything why it isn't working.

Link to comment
Share on other sites
Worf

Worf

Posted
Posted

You can alway insert them straight into the hive files which is what i do.

Just edit the Hivedef.inf and look for the line that matches the line for your tweak and then just change that line, or add lines to the hivedef.inf if your line does not exist.

All my tweaks are inserted straight into all the Hive files.

Just make sure you make backup copies of the Hive files before you make any changes to them.

Hope this help?

Worf.

Link to comment
Share on other sites
COKEDUDEUSF

COKEDUDEUSF

Posted
  • Author
Posted
You can alway insert them straight into the hive files which is what i do.

Just edit the Hivedef.inf and look for the line that matches the line for your tweak and then just change that line, or add lines to the hivedef.inf if your line does not exist.

All my tweaks are inserted straight into all the Hive files.

Just make sure you make backup copies of the Hive files before you make any changes to them.

Hope this help?

Worf.

I have no idea what the Hivedef.inf is. Could you please explain it to me.

Link to comment
Share on other sites
Worf

Worf

Posted
Posted (edited)
I have no idea what the Hivedef.inf is. Could you please explain it to me.

The Hive Files are the files that write the registry when Windows is installing.

There are four hive file in the I386 folder, these are:

HiveDef.inf - HKey_Current_User

HiveCLS.inf - HKey_Classes_Roots

HiveSft.inf - HKey_Locol_Machine (Software)

HiveSys.inf - HKey_Local_Machine (System)

So, if you have some reg tweaks for HKey_Local_Machine (System)

HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management","ClearPageFileAtShutdown",0x00010001,0

HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management","DisablePagingExecutive",0x00010003,0

HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management","LargeSystemCache",0x00010003,0

You would open up HiveSys.inf in notepad and search for say, Memory Management and once found either insert you tweaks in that section if your tweak is not there, or just change the value for that tweak.

I.E.

HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management","LargeSystemCache",0x00010003,0

If your tweak is to set "LargeSystemCache" from '0' to '1' then you would change the '0' at the end of the line to '1'

HKLM,"SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management","LargeSystemCache",0x00010003,1

I hope this helps.

Worf

Edited by Worf
Link to comment
Share on other sites
Noise

Noise

Posted
Posted

Cokedudeusf,

Modifying the default user profile has always been a pain in the a** with Windows. Here is how I have been doing it since the NT4 days. This works for new Domain users logging in and it works for new Local users logging in.

First you need the reg files with the HKCU registry settings you want applied to all users on your XP machine. I create these reg files by using regshot on a brand new generic Windows installation. But I'm sure you already have a bunch of registry files you want to have applied to new users. When developing your reg files make them into small files that deal with only a particular function you want to modify, that way you can remove/modify them easily.

Here is a link with just a few of the registry files I load. The names I use are descriptive so I can figure them out later (I use around 40 of these registry files), it's important that the registry file names do not have spaces (use underscores).

Create the following directory in your $OEM$ directory in your distribution:

$OEM$\c\install\settings

And put all your registry files in the settings directory

Modify your $OEM$\cmdlines.txt file by adding the following line:

".\SETUP.CMD"

Note: the quotes are important

Then you need to create the setup.cmd file referenced above. In the $OEM% directory create a new text file (using notepad) called SETUP.CMD, and add the following:

for %%i in (C:\INSTALL\SETTINGS\*.reg) do regedit /s "%%i"

That's it. Any registry files you copy to $OEM$\c\install\settings will be applied to the Default User profile, and applied to all user accounts, including the Administrator account.

Link to comment
Share on other sites
g-force

g-force

Posted
Posted (edited)

The settings of the logged-on user are stored in HKCU. This part of the registry is located in

in a file "Documents and Settings\UserName\ntuser.dat" (locked while logged on).

Make your settings on a fresh XP, log on as a different user and copy "ntuser.dat"

to "$OEM$\$DOCS\Default User" - all your settings will be set for all users on the new system. :yes:

Edited by g-force
Link to comment
Share on other sites
Noise

Noise

Posted
Posted
The settings of the logged-on user are stored in HKCU. This part of the registry is located in

in a file "Documents and Settings\UserName\ntuser.dat" (locked while logged on).

Make your settings on a fresh XP, log on as a different user and copy "ntuser.dat"

to "$OEM$\$DOCS\Default User" - all your settings will be set for all users on the new system. :yes:

You don't want to do it that way g-force. The Default User NTUSER.DAT file contains special security settings, SSID's and REG_EXPAND_SZ keys that are unique to that particular installation. You will majorly screw up new user profiles if you do it that way.

Link to comment
Share on other sites
g555

g555

Posted
Posted
HiveDef.inf - HKey_Current_User

HiveCLS.inf - HKey_Classes_Roots

HiveSft.inf - HKey_Locol_Machine (Software)

HiveSys.inf - HKey_Local_Machine (System)

Anyone know if the tweaks edited into the hive files are still susceptible to being overwritten by later steps of a standard install?

Or are these hive files the settings that are used by these later steps of a standard install?

IOW, can editing hive files omit the need to do first logon imports via [GuiRunOnce]?

Thanks

Link to comment
Share on other sites
Worf

Worf

Posted
Posted (edited)
Anyone know if the tweaks edited into the hive files are still susceptible to being overwritten by later steps of a standard install?

Or are these hive files the settings that are used by these later steps of a standard install?

IOW, can editing hive files omit the need to do first logon imports via [GuiRunOnce]?

Thanks

First off, the Hive files is the registry, when windows installs setup uses the Hive files to write the registry.

Most of the tweaks inserted into hive files will not get overwritten although some like ones for Internet Explorer might and you will need to edit IE.inf and insert your tweaks to the registry entries in this inf file, (Trial and error). I have not fully tested all the tweaks yet, but the tweaks i have inserted in to the hive files did not get overwritten and worked, (i.e. Performance,Context Menu ect tweaks).

As for [GuiRunOnce], not sure have not done that plus i do not use this to install some of my apps. I write my own INF files to install my apps and then use SysSetup.inf to install my apps which then get installed at the T-13 stage with all there registry settings. Check in the Application Install section and look for my Vuze 3.1.1.0 Advanced Inf install and if you want to know how i do it then just PM me.

When i install apps using WinNT.sif i don't use [GuiRunOnce] as i don't want to have my apps installed at first logon, i use [setupParams] instead. Using this option the applications i don't write inf files for will get installed on the first reboot after Windows is installed.

I find the methods i use much better than using like Cmdline.txt ect.

Anyway, i hope this information is of any help to you and anyone else.

Regards

Worf

Edited by Worf
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...