Removing low security settings after installation

[Djé]

I had this annoying problem of the open file security warning showing up when installing Scite.

My friend the Search tool gave me answers as for solving this issue.

So far the best post I found about it is here. It is short yet gives 2 solutions.

I'm using the 'Download & Policies settings' solution successfuly by importing the keys to HKU\.DEFAULT at T-12.

I don't know if it is the best solution (I'd appreciate comments about that) but at least it works for what purpose it has.

Moreover, attempts to import them to HKCU at the beginning of RunOnce (just after the first user logs in) failed so far, at least without a reboot after the import.

The problem is that now my internet security setting are lowered.

As I do NOT fully understand what it exactly implies, i'd like to set those setting back to what they were before.

So here is the solution I came to. It is meant to be used in cleanup.cmd at the end of RunOnceEx, just before last reboot.

It removes the settings from 3 locations:

A- HKU\.DEFAULT where it has been imported

B- HKCU where it has been so usefull

C- Default User hive where it has transited from the the 1st to the 2nd at default and current users profiles creation time.

FEATURE: it tries to find that 'Default User hive' automatically.

:*************************************************************************
:**********	 Remove low security settings previously set	 **********
:**********   for installing unsigned programs (namely Scite!)  **********
:*************************************************************************

:-- Remember those setting you imported to HKU\.DEFAULT at T12 
SET KeyDownload=Software\Microsoft\Internet Explorer\Download
SET KeyPolicies=Software\Microsoft\Windows\CurrentVersion\Policies

:Let's remove them. First the easy ones:

:A- HKU\.DEFAULT, where you imported the setting first
REG DELETE "HKEY_USERS\.DEFAULT\%KeyDownload%" /f
REG DELETE "HKEY_USERS\.DEFAULT\%KeyPolicies%\Attachments" /f
REG DELETE "HKEY_USERS\.DEFAULT\%KeyPolicies%\Associations" /f

:B- HKCU, where it went, eventually
REG DELETE "HKEY_CURRENT_USER\%KeyDownload%" /f
REG DELETE "HKEY_CURRENT_USER\%KeyPolicies%\Attachments" /f
REG DELETE "HKEY_CURRENT_USER\%KeyPolicies%\Associations" /f


:C- But in between, those setting went through the Default User profile. And if we let them there, 
:they will be duplicated to every new user. So we must load this profile and delete the keys in it.

:C1- Get Default User profile's path and Name
SET profKEY=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
FOR /F "skip=4 tokens=2*" %%I IN ('REG QUERY "%profKEY%" /v ProfilesDirectory') DO CALL SET ProfilesDir=%%J
FOR /F "skip=4 tokens=2*" %%G IN ('REG QUERY "%profKEY%" /v DefaultUserProfile') DO SET DefaultUserProf=%%H

:C2- Look for Default User hive and load it
SET DefaultUserHive=%ProfilesDir%\%DefaultUserProf%\NTUSER.DAT
IF NOT EXIST "%DefaultUserHive%" GOTO:Error_NODefaultUserHive
REG LOAD HKU\defaultUser "%DefaultUserHive%"

:C3- Remove Reg Keys
REG DELETE "HKEY_USERS\defaultUser\%KeyDownload%" /f
REG DELETE "HKEY_USERS\defaultUser\%KeyPolicies%\Attachments" /f
REG DELETE "HKEY_USERS\defaultUser\%KeyPolicies%\Associations" /f

:C4- Clean!
REG UNLOAD HKU\defaultUser
echo Default User UPDATED...........
GOTO:EndCleaningSecurity

:Error_NODefaultUserHive
echo Default User hive not found :-( !!!!!!!!!!!

:EndCleaningSecurity


:Thanks to Simon Sheppard for his A-Z Index of the Windows NT/XP command line
:available at http://www.ss64.com/nt/index.html
:And of course thanks to my best friends: Google and /?

The first 'FOR /F ...' instruction was tricky but the rest came smoothly...

Anyway, I hope you'll find it usefull.

Also, please note that the trick can be used to remove any setting imported to HKU\.DEFAULT at T12 (going to ALL users) but in fact only meant to be used for ONE user (don't use the HKCU removing then) and/or temporarily.

Oppositely, if you import those settings to HKCU at RunOnceEx,

1- you don't need A- & C-,

2- I'd like to know about because it did not work for me last time I tried (but maybe I did not do it correctly???)

Edited March 6, 2006 by Djé