Jump to content

How to disable security popups under winpe


Kullenen_Ask

Recommended Posts

I want to disable security popups under winpe. Related keys should be

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE_00\Microsoft\Windows\CurrentVersion\Policies\System]"EnableVirtualization"=dword:00000001"EnableInstallerDetection"=dword:00000001"PromptOnSecureDesktop"=dword:00000001"EnableLUA"=dword:00000000"EnableSecureUIAPaths"=dword:00000001"ConsentPromptBehaviorAdmin"=dword:00000005"ValidateAdminCodeSignatures"=dword:00000000"EnableCursorSuppression"=dword:00000001"EnableUIADesktopToggle"=dword:00000001"ConsentPromptBehaviorUser"=dword:00000003"dontdisplaylastusername"=dword:00000000"legalnoticecaption"="""legalnoticetext"="""scforceoption"=dword:00000000"shutdownwithoutlogon"=dword:00000001"undockwithoutlogon"=dword:00000001"FilterAdministratorToken"=dword:00000001"EnableUIPI"=dword:00000001"FilterSystemToken"=dword:00000001

Changing above keys looks like does not effect anything. At least in my winpes.

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE_00\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE]@="X:\\Program Files\\Internet Explorer\\IEXPLORE.EXE""Path"="X:\\Program Files\\Internet Explorer;"

I think trusted applications adds path value to above keys. Tried adding on running winpe no change.

Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]"CheckExeSignatures"="no""RunInvalidSignatures"=dword:00000001

Maybe can be effective with downloaded programs from internet havent try.

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM_00\ControlSet001\Control\LsaInformation]"UACInstalled"=dword:00000001

I do not know if effective also. Can be related to luav service?

Any other opinions wellcome.

Link to comment
Share on other sites


Last time I played with the idea of disabling those messages... I recall it was related to security zones in IE. However nowadays if I run into this type of message, I work around it by doing a different way. For example, if the security message is caused by running an application from a network share, I will copy it locally and run it there instead.

Link to comment
Share on other sites

IF the issue is related to "security zones", the thingy is an ADS (Alternate Data Stream) so all is needed is to rip it off through a tool *like*

http://www.nirsoft.net/utils/alternate_data_streams.html

http://www.heysoft.de/en/software/lads.php

http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx

or save/copy the file on a non-NTFS filesystem and/or use Opera to download files.

jaclaz

Link to comment
Share on other sites

Popups commonly related from the files under system32 folder. Especially cmd.exe,taskmgr.exe. All the 3rd party programs works without any popups. I checked the permissions on the explorer.exe and system32 folder and there was strange permissions. Forexample system or administrator does not have full permission on some of files but resetting permissions does not effect any.

When i right click cmd.exe desktop icon and select run as administrator it fixes the popups related to cmd.exe and everything that run from that command prompt. But when i login as administrator i have same problems again. When i run cmd.exe it says administrator at header but taskmgr says runs under system account.

I compiled a build with winbuilder it does not have such problem. I copied software hiv to my build problem exist again. Should not be registry related. I read lots of articles about it. They say if catroot2 does not have cat files or winsxs\catalogs does not exist, or cryptsvc does not work can be related but none of the solutions solves the problem.

Only thing left me as suspicious and the diffence with winbuilder builds and mine build is difference at logon. In winbuilder it logons as system, also in my build logons as system but winbuilder uses 8kb sam and security hives and removes "audit" registry key but i keep 256kb sam and software and do not remove audit key.

vbxrp.png

Edited by Kullenen_Ask
Link to comment
Share on other sites

same of this. But there is no checkbox "Always ask before opening this file"

Windows-Security-Warning-Message.png

I changed sam and security with 8kb ones and login same as winbuilder and LSA registry key. it did not solve. I am glad from that because i want to protect system boot option as it is for more flexibility.

Link to comment
Share on other sites

See if you can in your PE find a way to replicate this:
http://social.technet.microsoft.com/Forums/windows/en-US/5277371b-dea2-4a2b-802a-bbdc639f627f/disable-open-file-security-warning-unknown-publisher?forum=w7itprogeneral

1. Local Computer Policy / User Configuration / Administrative Templates / Windows Components / Attachment Manager

2. On the right pane, double click Inclusion list for low file types.

3. Click Enable.

4. Include the file types such as .exe;.bat;.reg;.vbs in the Options box.

5. Click OK.

(the end result should be some Registry key, so maybe what really happens can be traced in a "full" 7 install)

jaclaz

Link to comment
Share on other sites

Good guess jaclaz :thumbup

When you were writing the comment i was trying it. And the following .reg file solved my problem. As it is winpe i want everything to run. It needs to be added offline i think. Maybe because of i try to add registry values in online winpe system it did not effect previously.

It was my biggest problem until now. Because minimal touched full windows hivs gives this problem everytime. I always tought it is a "Policies" or LUA error. I do not know if other PE developers add this keys everytime and why i always need it. Maybe most of the builds does not contain Internet Explorer and does not need such a key.

Because of i am working with offline hivs original path should start with [HKEY_CURRENT_USER\Software

I loaded DEFAULT hiv

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\DEFAULT\Software\Microsoft\Internet Explorer\Download]"CheckExeSignatures"="no""RunInvalidSignatures"=dword:00000001[HKEY_LOCAL_MACHINE\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]"LowRiskFileTypes"=".exe;.bat;.com;.cmd;.reg;.nfo;.scr;.hta;.inf;.lnk;.msu;.msc;.cpl;.url;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;.zip;.rar;.cab;.txt;.7z;.vbs;""DefaultFileTypeRisk"=dword:00001808
Edited by Kullenen_Ask
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...