1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

2 registry questions

Discussion in 'Earlier Versions of Windows' started by indigowindow, Dec 2, 2001.

Thread Status:
Not open for further replies.
Advertisement
  1. indigowindow

    indigowindow Thread Starter

    Joined:
    Oct 24, 2001
    Messages:
    211
    there are registry tweaks to disable the RUN command. if i do this how do i get back into the registry? how do i edit the registry in MS-DOS? :rolleyes:
     
  2. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    Regedit is in C:\windows

    Open the windows folder and find it. Double click on it. Or create a shortcut to it .

    Sorry. I forgot about your DOS regedit question. What did you have in mind? Editing the registry in Dos is not easy. You can import reg files you have created already in the GUI. You can do a few things, but it's safer to use Windows.
     
  3. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    The reg tweak you are referring to will only remove the run command from the start menu. It will not prevent anything from being run by clicking on the exe or a shortcut.

    That can be done, but then you must specifiy exactly which files can be run. And it takes some real expertise or experienced help to do that properly.
     
  4. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    By the way,

    Even if the Registry itself has been 'disabled' through a restriction, there are reg files you can run in order to undo that.

    Greetz,
     
  5. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    indigowindow,
    There's nothing more frustrating than trying to restrict a computer. I can help you learn how to edit in DOS. You can restrict RUN. DisableRegistryTools.(be careful not to do both at the same time)

    You can do many things. Here's something which the sneaky already know. No Run? OK . Open Notepad. Go to File Save as.
    You can use this dialog to browse and open anything you like. Also, Have the command prompt? Getting the picture?



    Mo
     
  6. indigowindow

    indigowindow Thread Starter

    Joined:
    Oct 24, 2001
    Messages:
    211
    that's what i'm getting at. if i can't do START - RUN and type in REGEDIT, what do i do?

    and then, how do i get the registry open again if i have to go thru dos? :rolleyes:
     
  7. indigowindow

    indigowindow Thread Starter

    Joined:
    Oct 24, 2001
    Messages:
    211
    mo - you posted as i was typing, but your post is unclear, or you forgot to add what command to save in notepad, or how to use it.
    :p

    btw i found the unlock.reg on the winguides site, so i imagine there are similar reg merges to undo other restrictions.
     
  8. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    Indigowindw,
    I answered you in my first reply. Go to My Computer\C:\Windows\rededit.exe Double click on it.

    Or find files regedit.exe
    Or create a shortcut to regedit on the desktop.


    If you would post your goal, someone could help you to achieve it and possibly keep you from having a very bad day.


    Mo
     
  9. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    sorry.
    No. I was showing you how to use a Dialog Box to get around.
    You are not really making a text file, just bringing up a save dialog so you can browse to someplace and open a file. There are a lot of these workarounds.
     
  10. indigowindow

    indigowindow Thread Starter

    Joined:
    Oct 24, 2001
    Messages:
    211
    mo - there's an "o" between the "d" and the "w" at the end of INDIGOWINDOW. it's a good thing my name's not in the registry. :p
    at this point my goal is to overcome restrictions of all kinds. and how to get around better in dos.


    i'm a little slow, but i figured out what you mean with the notepad FILE - SAVE AS. :D

    also to roger and tony, i figured out the difference between the run window and clicking on the .exe.
     
  11. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    indigowindow,
    Sorry about the typos. Now you know why I have so many edits. Not only do I think of things to add, but I am not the world's greatest typist . Especially when I am tired. And I am that right now. Make you a deal. You go in and get more familiar with the registry and I will post step by step details of everything. But not tonight.

    You can go into the registry and remove the Dword yourself to remove a restriction.

    There are several other ways to do it, too. Exporting the key and editing it. Editing the reg in Dos. Importing through DOS. I will type it out later.


    It takes practice. I am so grateful for scanreg /restore.
     
  12. indigowindow

    indigowindow Thread Starter

    Joined:
    Oct 24, 2001
    Messages:
    211
    thanks mo - always looking forward to your posts........:p
    pleasant dreams.
     
  13. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    indigowindow,
    I remembered I had posted these for other people. I saved those posts.

    #1
    Here's the technique to remove a DWORD, String Value or Binary Value using a registry file.



    I'll show you step by step how to do this.
    GoTO
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

    Export it. Right click on the file and choose edit. that will open it in Notepad.

    Here's mine:
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "TCASUTIEXE"="TCAUDIAG.EXE -off"
    "ScanRegistry"="c:\\windows\\scanregw.exe /autorun"
    "SystemTray"="SysTray.Exe"
    "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
    "HPScanPatch"="C:\\WINDOWS\\SYSTEM\\HPScanFix.exe"
    "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
    "VetTray"="d:\\INOCUL~1\\VETTRAY.EXE"
    "Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
    "ScriptSentry"="D:\\SCRIPT SENTRY\\SCRIPTSENTRY.exe /check"
    "Rain"="C:\\Rain\\Rain.exe -IntelPentiumPro"
    "USBMMKBD"="usbmmkbd.exe"
    "Vet Alert"="C:\\WINDOWS\\System\\VetMsg9x.exe"



    Let's say I wanted to remove Rain from the startup Here's what I would do. I would erase everything else but rain. You don't need al those other entries. They are going to stay the same. The result would be this:
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    "Rain"="C:\\Rain\\Rain.exe -IntelPentiumPro"




    To remove the string value I would erase everything to the right of the equals sign and then place a minus after the equals sign Like this:
    "Rain"=-




    Now the Final product should look like this:
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    "Rain"=-




    If you execute that registry file it will remove Rain from the startup group.
    -----------------------------------------------------------------------------

    #2 If for instance you saved it as change.reg on the desktop and wanted to exectute from dos
    At the C:\>
    regedit C:\windows\desktop\change.reg
    Press enter

    So, to import a reg file through DOS
    regedit Path to file press enter

    --------------------------------------------------------------------------------
    #3
    This can get confusing. I apologize for the length, but it is better to show you how rather than merely explain.
    To remove a key from the left pane. Let's use this as an example. This is the policies key
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=hex:91,00,00,00
    "CDRAutoRun"=hex:00,00,00,00
    "NoLogOff"=hex:01,00,00,00
    "NoFavoritesMenu"=dword:00000001
    "ClassicShell"=hex:00,00,00,00
    "EditLevel"=dword:00000000
    "NoFileMenu"=dword:00000000
    "NoDrives"=dword:00000000
    "NoNetHood"=dword:00000001

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    @=""

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]



    You place a minus sign inside the far left bracket to remove a key or subkey.
    Like this:

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]
    That removes WinOldApp.
    If I wanted to remove the whole Policies Key I could do that too. Like this:
    REGEDIT4

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=hex:91,00,00,00
    "CDRAutoRun"=hex:00,00,00,00
    "NoLogOff"=hex:01,00,00,00
    "NoFavoritesMenu"=dword:00000001
    @=hex:00,00,00,00
    "ClassicShell"=hex:00,00,00,00
    "EditLevel"=dword:00000000
    "NoFileMenu"=dword:00000000
    "NoDrives"=dword:00000000
    "NoNetHood"=dword:00000001

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun]

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    @=""

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]

    To remove the Key, you also have to remove all the subkeys under it. Just putting a minus sign here
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
    Does nothing.



    Now for DWORDs, String Values and Binary Values in the right pane. If you remove a key or a subkey, all the values in the right pane associated with that key are also removed. However, in this case,for instance, let's say I wanted to remove only a DWORD.
    Here is how to do that. Let's use this one:
    "NoLogOff"=hex:01,00,00,00
    To remove the NoLogOff Value you again use the minus sign, but you also delete everything to the right of the =
    Like this:
    "NoLogOff"=-
    Here's the entire Policies key and all the subkeys file again. Here's how it would look if I wanted to remove the NoLogOff entirely. And let's get rid of NoFavoritesMenu too.
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "NoDriveTypeAutoRun"=hex:91,00,00,00
    "CDRAutoRun"=hex:00,00,00,00
    "NoLogOff"=-
    "NoFavoritesMenu"=-

    "ClassicShell"=hex:00,00,00,00
    "EditLevel"=dword:00000000
    "NoFileMenu"=dword:00000000
    "NoDrives"=dword:00000000
    "NoNetHood"=dword:00000001

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    @=""

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]


    That is using the entire key. Although, you do not have to. You don't have to reenter the entire key. Just the Heading
    REGEDIT4
    The Keys you are changing and /or the values.
    For instance. To remove the NoLogOff and leave everything else as is:

    REGEDIT4


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

    "NoLogOff"=-


    Or to only remove one of the subkeys:In this case the "restrict Run" subkey

    REGEDIT4



    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun]



    Practice these and get comfortable with manipulating exported registry files.
     
  14. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Hi Mo,

    Just wondering:

    If you run

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

    "Rain"=-


    Will the entire 'Rain' value disappear from [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur
    rentVersion\Run], or will you just have 'disabled' it.



    [edit] don't you just love how this board renders reg files... :rolleyes: [/edit]
     
  15. Mosaic1

    Mosaic1

    Joined:
    Aug 17, 2001
    Messages:
    7,486
    Tony,
    It removes the entire String Value.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/60454

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice