Security tab, ACLs in XP Home! Yeah!

[KJxp]

Ever wanted a simple way of getting that pro-only security tab on XP-home? Yeah, yeah, you can get it by booting into safe mode, but how do you get it under normal operation? One way I have seen is to install the SCE/SCM for NT Server 4.0, but that puts in an older version of the dll without the "Effective Permissions" feature (and possibly with other problems as well).

I ran across this simple way of doing it... I mean really simple!

Two methods...

1. Go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option" and set a DWORD value named "OptionValue" to 1. This takes effect immediately. However, if you restart with this value still in, Windows will function, but it won't load Visual Styles and other normal-mode-only things. It's best to just use a reg file to set it to 1 when you want the tab functionality.

2. Easier yet is a patch: http://www.rt-sw.de/en/freeware/freeware.html It changes ONE BYTE in rshx32.dll (a backslash to a space at 0x9F0), saves it under a new dll name, and registers it (HKEY_CLASSES_ROOT\CLSID\{1F2E5C40-9550-11CE-99D2-00AA006E086C}\InProcServer32). This also takes effect immediately, and works perfectly in SP2!

[maxXPsoft]

Nice Find!!

I was using this http://maxxpsoft.com/files/hometab.php?

but will modify my Unattend for this now.

[KJxp]

http://maxxpsoft.com/files/hometab.php -> http://www.dougknox.com/xp/tips/xp_home_sectab.htm -> that's where I got the info from. I installed SCESP4I.EXE, but it looked too simple. Just stuck a couple of files in there. RegShot told me that registry entry was the only major change it made. So I went back with System Restore and did it manually. It worked by just putting the dll in and editing the registry value. Then I found the patch.

The dll is looking at only three keys in the registry:

Key: SYSTEM\CurrentControlSet\Control\SafeBoot\Option

Value: OptionValue

Key: SYSTEM\CurrentControlSet\Control\LSA

Value: ForceGuest

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Value: NoSecurityTab

The patch changes the path of that first one to

SYSTEM\CurrentControlSet\Control\SafeBoot Option (slash to a space)

which causes the dll to not even find the key. What I don't understand is that under safe mode, that Option value is set to 1 (AFAIK). Under normal operation, it (and the key containing it) doesn't exist. So by causing the dll to not find it even in safe mode sounds like it would disable the tab altogether, making the dll think your always in normal-mode. But... it works.

[maxXPsoft]

I used to use SCESP4I.EXE but your method works so I'm not arguing.

Regshot, nope try something different

I did use SCESP4I.EXE even with Unattend and it works, installing itself and moding several files.

Who would have thunk it be as simple as changing one byte in a file.

Edited July 3, 2005 by maxXPsoft

[Takeshi]

I wasn't aware of the rshx32.dll method.

The NoSecurityTab policy key (actually a GP item) should normally apply in XP Pro only and not in XP HE (because it's never present in XP HE in normal mode) and in XP Pro the Security Tab only appears when SFS has been disabled. The reg key to implement "disable SFS" would not work in XP HE.

So it seems to be a bit more complicated than it looks.

Edited July 10, 2005 by Takeshi

[flabdablet]

Thanks, KJxp! Just made myself a couple of little .reg files, and they work a treat!

sec-tab-on.reg adds the value that turns on the security tab:

---cut---

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]

"OptionValue"=dword:00000001

---cut---

sec-tab-off.reg restores things to the way they were before sec-tab-on.reg was merged:

---cut---

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]

---cut---

My machine (unusually for an XP Home box) is set up with a single Admin user and a handful of limited accounts for me and the rest of the family to use day-to-day. The limited accounts can't make changes under HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\, so the above .reg files only work from Admin (which is exactly what should happen).

Interestingly, if I merge sec-tab-on.reg and then switch out to the Welcome screen, the only users that appear on it are Admin and Administrator - exactly as if I'd booted into Safe mode. It seems that rshx32.dll isn't the only thing that looks for this value.