Kullenen_Ask Posted December 7, 2013 Posted December 7, 2013 I want to disable security popups under winpe. Related keys should beWindows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE_00\Microsoft\Windows\CurrentVersion\Policies\System]"EnableVirtualization"=dword:00000001"EnableInstallerDetection"=dword:00000001"PromptOnSecureDesktop"=dword:00000001"EnableLUA"=dword:00000000"EnableSecureUIAPaths"=dword:00000001"ConsentPromptBehaviorAdmin"=dword:00000005"ValidateAdminCodeSignatures"=dword:00000000"EnableCursorSuppression"=dword:00000001"EnableUIADesktopToggle"=dword:00000001"ConsentPromptBehaviorUser"=dword:00000003"dontdisplaylastusername"=dword:00000000"legalnoticecaption"="""legalnoticetext"="""scforceoption"=dword:00000000"shutdownwithoutlogon"=dword:00000001"undockwithoutlogon"=dword:00000001"FilterAdministratorToken"=dword:00000001"EnableUIPI"=dword:00000001"FilterSystemToken"=dword:00000001Changing above keys looks like does not effect anything. At least in my winpes.Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE_00\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE]@="X:\\Program Files\\Internet Explorer\\IEXPLORE.EXE""Path"="X:\\Program Files\\Internet Explorer;"I think trusted applications adds path value to above keys. Tried adding on running winpe no change.Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]"CheckExeSignatures"="no""RunInvalidSignatures"=dword:00000001Maybe can be effective with downloaded programs from internet havent try.Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM_00\ControlSet001\Control\LsaInformation]"UACInstalled"=dword:00000001I do not know if effective also. Can be related to luav service?Any other opinions wellcome.
Tripredacus Posted December 9, 2013 Posted December 9, 2013 Last time I played with the idea of disabling those messages... I recall it was related to security zones in IE. However nowadays if I run into this type of message, I work around it by doing a different way. For example, if the security message is caused by running an application from a network share, I will copy it locally and run it there instead.
jaclaz Posted December 9, 2013 Posted December 9, 2013 IF the issue is related to "security zones", the thingy is an ADS (Alternate Data Stream) so all is needed is to rip it off through a tool *like*http://www.nirsoft.net/utils/alternate_data_streams.htmlhttp://www.heysoft.de/en/software/lads.phphttp://technet.microsoft.com/en-us/sysinternals/bb897440.aspxor save/copy the file on a non-NTFS filesystem and/or use Opera to download files.jaclaz
Kullenen_Ask Posted December 9, 2013 Author Posted December 9, 2013 (edited) Popups commonly related from the files under system32 folder. Especially cmd.exe,taskmgr.exe. All the 3rd party programs works without any popups. I checked the permissions on the explorer.exe and system32 folder and there was strange permissions. Forexample system or administrator does not have full permission on some of files but resetting permissions does not effect any.When i right click cmd.exe desktop icon and select run as administrator it fixes the popups related to cmd.exe and everything that run from that command prompt. But when i login as administrator i have same problems again. When i run cmd.exe it says administrator at header but taskmgr says runs under system account.I compiled a build with winbuilder it does not have such problem. I copied software hiv to my build problem exist again. Should not be registry related. I read lots of articles about it. They say if catroot2 does not have cat files or winsxs\catalogs does not exist, or cryptsvc does not work can be related but none of the solutions solves the problem.Only thing left me as suspicious and the diffence with winbuilder builds and mine build is difference at logon. In winbuilder it logons as system, also in my build logons as system but winbuilder uses 8kb sam and security hives and removes "audit" registry key but i keep 256kb sam and software and do not remove audit key. Edited December 9, 2013 by Kullenen_Ask
joakim Posted December 9, 2013 Posted December 9, 2013 Could you be so kind and translate the text in the messagebox into english? It's easier to understand then.
Kullenen_Ask Posted December 9, 2013 Author Posted December 9, 2013 same of this. But there is no checkbox "Always ask before opening this file"I changed sam and security with 8kb ones and login same as winbuilder and LSA registry key. it did not solve. I am glad from that because i want to protect system boot option as it is for more flexibility.
jaclaz Posted December 9, 2013 Posted December 9, 2013 See if you can in your PE find a way to replicate this:http://social.technet.microsoft.com/Forums/windows/en-US/5277371b-dea2-4a2b-802a-bbdc639f627f/disable-open-file-security-warning-unknown-publisher?forum=w7itprogeneral1. Local Computer Policy / User Configuration / Administrative Templates / Windows Components / Attachment Manager2. On the right pane, double click Inclusion list for low file types.3. Click Enable.4. Include the file types such as .exe;.bat;.reg;.vbs in the Options box.5. Click OK.(the end result should be some Registry key, so maybe what really happens can be traced in a "full" 7 install)jaclaz
Kullenen_Ask Posted December 9, 2013 Author Posted December 9, 2013 (edited) Good guess jaclaz When you were writing the comment i was trying it. And the following .reg file solved my problem. As it is winpe i want everything to run. It needs to be added offline i think. Maybe because of i try to add registry values in online winpe system it did not effect previously.It was my biggest problem until now. Because minimal touched full windows hivs gives this problem everytime. I always tought it is a "Policies" or LUA error. I do not know if other PE developers add this keys everytime and why i always need it. Maybe most of the builds does not contain Internet Explorer and does not need such a key.Because of i am working with offline hivs original path should start with [HKEY_CURRENT_USER\SoftwareI loaded DEFAULT hivWindows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\DEFAULT\Software\Microsoft\Internet Explorer\Download]"CheckExeSignatures"="no""RunInvalidSignatures"=dword:00000001[HKEY_LOCAL_MACHINE\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]"LowRiskFileTypes"=".exe;.bat;.com;.cmd;.reg;.nfo;.scr;.hta;.inf;.lnk;.msu;.msc;.cpl;.url;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.zip;.rar;.cab;.txt;.7z;.vbs;""DefaultFileTypeRisk"=dword:00001808 Edited December 9, 2013 by Kullenen_Ask
jaclaz Posted December 9, 2013 Posted December 9, 2013 Good .Now that the "area" of interest is delimited properly, this MS KB could contain relevant info :http://support.microsoft.com/kb/883260/en-usjaclaz
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now