KJxp Posted July 2, 2005 Share Posted July 2, 2005 Ever wanted a simple way of getting that pro-only security tab on XP-home? Yeah, yeah, you can get it by booting into safe mode, but how do you get it under normal operation? One way I have seen is to install the SCE/SCM for NT Server 4.0, but that puts in an older version of the dll without the "Effective Permissions" feature (and possibly with other problems as well).I ran across this simple way of doing it... I mean really simple!Two methods...1. Go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option" and set a DWORD value named "OptionValue" to 1. This takes effect immediately. However, if you restart with this value still in, Windows will function, but it won't load Visual Styles and other normal-mode-only things. It's best to just use a reg file to set it to 1 when you want the tab functionality.2. Easier yet is a patch: http://www.rt-sw.de/en/freeware/freeware.html It changes ONE BYTE in rshx32.dll (a backslash to a space at 0x9F0), saves it under a new dll name, and registers it (HKEY_CLASSES_ROOT\CLSID\{1F2E5C40-9550-11CE-99D2-00AA006E086C}\InProcServer32). This also takes effect immediately, and works perfectly in SP2! Link to comment Share on other sites More sharing options...
maxXPsoft Posted July 2, 2005 Share Posted July 2, 2005 Nice Find!! I was using this http://maxxpsoft.com/files/hometab.php?but will modify my Unattend for this now. Link to comment Share on other sites More sharing options...
KJxp Posted July 2, 2005 Author Share Posted July 2, 2005 http://maxxpsoft.com/files/hometab.php -> http://www.dougknox.com/xp/tips/xp_home_sectab.htm -> that's where I got the info from. I installed SCESP4I.EXE, but it looked too simple. Just stuck a couple of files in there. RegShot told me that registry entry was the only major change it made. So I went back with System Restore and did it manually. It worked by just putting the dll in and editing the registry value. Then I found the patch.The dll is looking at only three keys in the registry:Key: SYSTEM\CurrentControlSet\Control\SafeBoot\OptionValue: OptionValueKey: SYSTEM\CurrentControlSet\Control\LSAValue: ForceGuestKey: Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerValue: NoSecurityTabThe patch changes the path of that first one toSYSTEM\CurrentControlSet\Control\SafeBoot Option (slash to a space)which causes the dll to not even find the key. What I don't understand is that under safe mode, that Option value is set to 1 (AFAIK). Under normal operation, it (and the key containing it) doesn't exist. So by causing the dll to not find it even in safe mode sounds like it would disable the tab altogether, making the dll think your always in normal-mode. But... it works. Link to comment Share on other sites More sharing options...
maxXPsoft Posted July 3, 2005 Share Posted July 3, 2005 (edited) I used to use SCESP4I.EXE but your method works so I'm not arguing.Regshot, nope try something differentI did use SCESP4I.EXE even with Unattend and it works, installing itself and moding several files.Who would have thunk it be as simple as changing one byte in a file. Edited July 3, 2005 by maxXPsoft Link to comment Share on other sites More sharing options...
Takeshi Posted July 10, 2005 Share Posted July 10, 2005 (edited) I wasn't aware of the rshx32.dll method.The NoSecurityTab policy key (actually a GP item) should normally apply in XP Pro only and not in XP HE (because it's never present in XP HE in normal mode) and in XP Pro the Security Tab only appears when SFS has been disabled. The reg key to implement "disable SFS" would not work in XP HE.So it seems to be a bit more complicated than it looks. Edited July 10, 2005 by Takeshi Link to comment Share on other sites More sharing options...
flabdablet Posted August 1, 2005 Share Posted August 1, 2005 Thanks, KJxp! Just made myself a couple of little .reg files, and they work a treat!sec-tab-on.reg adds the value that turns on the security tab:---cut---Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]"OptionValue"=dword:00000001---cut---sec-tab-off.reg restores things to the way they were before sec-tab-on.reg was merged:---cut---Windows Registry Editor Version 5.00[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]---cut---My machine (unusually for an XP Home box) is set up with a single Admin user and a handful of limited accounts for me and the rest of the family to use day-to-day. The limited accounts can't make changes under HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\, so the above .reg files only work from Admin (which is exactly what should happen).Interestingly, if I merge sec-tab-on.reg and then switch out to the Welcome screen, the only users that appear on it are Admin and Administrator - exactly as if I'd booted into Safe mode. It seems that rshx32.dll isn't the only thing that looks for this value. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now