Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
Kullenen_Ask

How to disable security popups under winpe

Recommended Posts

I want to disable security popups under winpe. Related keys should be

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE_00\Microsoft\Windows\CurrentVersion\Policies\System]"EnableVirtualization"=dword:00000001"EnableInstallerDetection"=dword:00000001"PromptOnSecureDesktop"=dword:00000001"EnableLUA"=dword:00000000"EnableSecureUIAPaths"=dword:00000001"ConsentPromptBehaviorAdmin"=dword:00000005"ValidateAdminCodeSignatures"=dword:00000000"EnableCursorSuppression"=dword:00000001"EnableUIADesktopToggle"=dword:00000001"ConsentPromptBehaviorUser"=dword:00000003"dontdisplaylastusername"=dword:00000000"legalnoticecaption"="""legalnoticetext"="""scforceoption"=dword:00000000"shutdownwithoutlogon"=dword:00000001"undockwithoutlogon"=dword:00000001"FilterAdministratorToken"=dword:00000001"EnableUIPI"=dword:00000001"FilterSystemToken"=dword:00000001

Changing above keys looks like does not effect anything. At least in my winpes.

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE_00\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE]@="X:\\Program Files\\Internet Explorer\\IEXPLORE.EXE""Path"="X:\\Program Files\\Internet Explorer;"

I think trusted applications adds path value to above keys. Tried adding on running winpe no change.

Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]"CheckExeSignatures"="no""RunInvalidSignatures"=dword:00000001

Maybe can be effective with downloaded programs from internet havent try.

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM_00\ControlSet001\Control\LsaInformation]"UACInstalled"=dword:00000001

I do not know if effective also. Can be related to luav service?

Any other opinions wellcome.

Share this post


Link to post
Share on other sites

Last time I played with the idea of disabling those messages... I recall it was related to security zones in IE. However nowadays if I run into this type of message, I work around it by doing a different way. For example, if the security message is caused by running an application from a network share, I will copy it locally and run it there instead.

Share this post


Link to post
Share on other sites

IF the issue is related to "security zones", the thingy is an ADS (Alternate Data Stream) so all is needed is to rip it off through a tool *like*

http://www.nirsoft.net/utils/alternate_data_streams.html

http://www.heysoft.de/en/software/lads.php

http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx

or save/copy the file on a non-NTFS filesystem and/or use Opera to download files.

jaclaz

Share this post


Link to post
Share on other sites

Popups commonly related from the files under system32 folder. Especially cmd.exe,taskmgr.exe. All the 3rd party programs works without any popups. I checked the permissions on the explorer.exe and system32 folder and there was strange permissions. Forexample system or administrator does not have full permission on some of files but resetting permissions does not effect any.

When i right click cmd.exe desktop icon and select run as administrator it fixes the popups related to cmd.exe and everything that run from that command prompt. But when i login as administrator i have same problems again. When i run cmd.exe it says administrator at header but taskmgr says runs under system account.

I compiled a build with winbuilder it does not have such problem. I copied software hiv to my build problem exist again. Should not be registry related. I read lots of articles about it. They say if catroot2 does not have cat files or winsxs\catalogs does not exist, or cryptsvc does not work can be related but none of the solutions solves the problem.

Only thing left me as suspicious and the diffence with winbuilder builds and mine build is difference at logon. In winbuilder it logons as system, also in my build logons as system but winbuilder uses 8kb sam and security hives and removes "audit" registry key but i keep 256kb sam and software and do not remove audit key.

vbxrp.png

Edited by Kullenen_Ask

Share this post


Link to post
Share on other sites

Could you be so kind and translate the text in the messagebox into english? It's easier to understand then.

Share this post


Link to post
Share on other sites

same of this. But there is no checkbox "Always ask before opening this file"

Windows-Security-Warning-Message.png

I changed sam and security with 8kb ones and login same as winbuilder and LSA registry key. it did not solve. I am glad from that because i want to protect system boot option as it is for more flexibility.

Share this post


Link to post
Share on other sites

See if you can in your PE find a way to replicate this:
http://social.technet.microsoft.com/Forums/windows/en-US/5277371b-dea2-4a2b-802a-bbdc639f627f/disable-open-file-security-warning-unknown-publisher?forum=w7itprogeneral

1. Local Computer Policy / User Configuration / Administrative Templates / Windows Components / Attachment Manager

2. On the right pane, double click Inclusion list for low file types.

3. Click Enable.

4. Include the file types such as .exe;.bat;.reg;.vbs in the Options box.

5. Click OK.

(the end result should be some Registry key, so maybe what really happens can be traced in a "full" 7 install)

jaclaz

Share this post


Link to post
Share on other sites

Good guess jaclaz :thumbup

When you were writing the comment i was trying it. And the following .reg file solved my problem. As it is winpe i want everything to run. It needs to be added offline i think. Maybe because of i try to add registry values in online winpe system it did not effect previously.

It was my biggest problem until now. Because minimal touched full windows hivs gives this problem everytime. I always tought it is a "Policies" or LUA error. I do not know if other PE developers add this keys everytime and why i always need it. Maybe most of the builds does not contain Internet Explorer and does not need such a key.

Because of i am working with offline hivs original path should start with [HKEY_CURRENT_USER\Software

I loaded DEFAULT hiv

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\DEFAULT\Software\Microsoft\Internet Explorer\Download]"CheckExeSignatures"="no""RunInvalidSignatures"=dword:00000001[HKEY_LOCAL_MACHINE\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]"LowRiskFileTypes"=".exe;.bat;.com;.cmd;.reg;.nfo;.scr;.hta;.inf;.lnk;.msu;.msc;.cpl;.url;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.zip;.rar;.cab;.txt;.7z;.vbs;""DefaultFileTypeRisk"=dword:00001808
Edited by Kullenen_Ask

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...