2 registry questions

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

indigowindow

Thread Starter
Joined
Oct 24, 2001
Messages
211
there are registry tweaks to disable the RUN command. if i do this how do i get back into the registry? how do i edit the registry in MS-DOS? :rolleyes:
 
Joined
Aug 17, 2001
Messages
7,486
Regedit is in C:\windows

Open the windows folder and find it. Double click on it. Or create a shortcut to it .

Sorry. I forgot about your DOS regedit question. What did you have in mind? Editing the registry in Dos is not easy. You can import reg files you have created already in the GUI. You can do a few things, but it's safer to use Windows.
 
Joined
Dec 9, 2000
Messages
45,855
The reg tweak you are referring to will only remove the run command from the start menu. It will not prevent anything from being run by clicking on the exe or a shortcut.

That can be done, but then you must specifiy exactly which files can be run. And it takes some real expertise or experienced help to do that properly.
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
By the way,

Even if the Registry itself has been 'disabled' through a restriction, there are reg files you can run in order to undo that.

Greetz,
 
Joined
Aug 17, 2001
Messages
7,486
indigowindow,
There's nothing more frustrating than trying to restrict a computer. I can help you learn how to edit in DOS. You can restrict RUN. DisableRegistryTools.(be careful not to do both at the same time)

You can do many things. Here's something which the sneaky already know. No Run? OK . Open Notepad. Go to File Save as.
You can use this dialog to browse and open anything you like. Also, Have the command prompt? Getting the picture?



Mo
 

indigowindow

Thread Starter
Joined
Oct 24, 2001
Messages
211
that's what i'm getting at. if i can't do START - RUN and type in REGEDIT, what do i do?

and then, how do i get the registry open again if i have to go thru dos? :rolleyes:
 

indigowindow

Thread Starter
Joined
Oct 24, 2001
Messages
211
mo - you posted as i was typing, but your post is unclear, or you forgot to add what command to save in notepad, or how to use it.
:p

btw i found the unlock.reg on the winguides site, so i imagine there are similar reg merges to undo other restrictions.
 
Joined
Aug 17, 2001
Messages
7,486
Indigowindw,
I answered you in my first reply. Go to My Computer\C:\Windows\rededit.exe Double click on it.

Or find files regedit.exe
Or create a shortcut to regedit on the desktop.


If you would post your goal, someone could help you to achieve it and possibly keep you from having a very bad day.


Mo
 
Joined
Aug 17, 2001
Messages
7,486
sorry.
No. I was showing you how to use a Dialog Box to get around.
You are not really making a text file, just bringing up a save dialog so you can browse to someplace and open a file. There are a lot of these workarounds.
 

indigowindow

Thread Starter
Joined
Oct 24, 2001
Messages
211
mo - there's an "o" between the "d" and the "w" at the end of INDIGOWINDOW. it's a good thing my name's not in the registry. :p
at this point my goal is to overcome restrictions of all kinds. and how to get around better in dos.


i'm a little slow, but i figured out what you mean with the notepad FILE - SAVE AS. :D

also to roger and tony, i figured out the difference between the run window and clicking on the .exe.
 
Joined
Aug 17, 2001
Messages
7,486
indigowindow,
Sorry about the typos. Now you know why I have so many edits. Not only do I think of things to add, but I am not the world's greatest typist . Especially when I am tired. And I am that right now. Make you a deal. You go in and get more familiar with the registry and I will post step by step details of everything. But not tonight.

You can go into the registry and remove the Dword yourself to remove a restriction.

There are several other ways to do it, too. Exporting the key and editing it. Editing the reg in Dos. Importing through DOS. I will type it out later.


It takes practice. I am so grateful for scanreg /restore.
 
Joined
Aug 17, 2001
Messages
7,486
indigowindow,
I remembered I had posted these for other people. I saved those posts.

#1
Here's the technique to remove a DWORD, String Value or Binary Value using a registry file.



I'll show you step by step how to do this.
GoTO
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Export it. Right click on the file and choose edit. that will open it in Notepad.

Here's mine:
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TCASUTIEXE"="TCAUDIAG.EXE -off"
"ScanRegistry"="c:\\windows\\scanregw.exe /autorun"
"SystemTray"="SysTray.Exe"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"HPScanPatch"="C:\\WINDOWS\\SYSTEM\\HPScanFix.exe"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"VetTray"="d:\\INOCUL~1\\VETTRAY.EXE"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"ScriptSentry"="D:\\SCRIPT SENTRY\\SCRIPTSENTRY.exe /check"
"Rain"="C:\\Rain\\Rain.exe -IntelPentiumPro"
"USBMMKBD"="usbmmkbd.exe"
"Vet Alert"="C:\\WINDOWS\\System\\VetMsg9x.exe"



Let's say I wanted to remove Rain from the startup Here's what I would do. I would erase everything else but rain. You don't need al those other entries. They are going to stay the same. The result would be this:
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Rain"="C:\\Rain\\Rain.exe -IntelPentiumPro"




To remove the string value I would erase everything to the right of the equals sign and then place a minus after the equals sign Like this:
"Rain"=-




Now the Final product should look like this:
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Rain"=-




If you execute that registry file it will remove Rain from the startup group.
-----------------------------------------------------------------------------

#2 If for instance you saved it as change.reg on the desktop and wanted to exectute from dos
At the C:\>
regedit C:\windows\desktop\change.reg
Press enter

So, to import a reg file through DOS
regedit Path to file press enter

--------------------------------------------------------------------------------
#3
This can get confusing. I apologize for the length, but it is better to show you how rather than merely explain.
To remove a key from the left pane. Let's use this as an example. This is the policies key
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=hex:00,00,00,00
"NoLogOff"=hex:01,00,00,00
"NoFavoritesMenu"=dword:00000001
"ClassicShell"=hex:00,00,00,00
"EditLevel"=dword:00000000
"NoFileMenu"=dword:00000000
"NoDrives"=dword:00000000
"NoNetHood"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]



You place a minus sign inside the far left bracket to remove a key or subkey.
Like this:

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]
That removes WinOldApp.
If I wanted to remove the whole Policies Key I could do that too. Like this:
REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=hex:00,00,00,00
"NoLogOff"=hex:01,00,00,00
"NoFavoritesMenu"=dword:00000001
@=hex:00,00,00,00
"ClassicShell"=hex:00,00,00,00
"EditLevel"=dword:00000000
"NoFileMenu"=dword:00000000
"NoDrives"=dword:00000000
"NoNetHood"=dword:00000001

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
@=""

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]

To remove the Key, you also have to remove all the subkeys under it. Just putting a minus sign here
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]
Does nothing.



Now for DWORDs, String Values and Binary Values in the right pane. If you remove a key or a subkey, all the values in the right pane associated with that key are also removed. However, in this case,for instance, let's say I wanted to remove only a DWORD.
Here is how to do that. Let's use this one:
"NoLogOff"=hex:01,00,00,00
To remove the NoLogOff Value you again use the minus sign, but you also delete everything to the right of the =
Like this:
"NoLogOff"=-
Here's the entire Policies key and all the subkeys file again. Here's how it would look if I wanted to remove the NoLogOff entirely. And let's get rid of NoFavoritesMenu too.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=hex:00,00,00,00
"NoLogOff"=-
"NoFavoritesMenu"=-

"ClassicShell"=hex:00,00,00,00
"EditLevel"=dword:00000000
"NoFileMenu"=dword:00000000
"NoDrives"=dword:00000000
"NoNetHood"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]


That is using the entire key. Although, you do not have to. You don't have to reenter the entire key. Just the Heading
REGEDIT4
The Keys you are changing and /or the values.
For instance. To remove the NoLogOff and leave everything else as is:

REGEDIT4


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoLogOff"=-


Or to only remove one of the subkeys:In this case the "restrict Run" subkey

REGEDIT4



[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun]



Practice these and get comfortable with manipulating exported registry files.
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Hi Mo,

Just wondering:

If you run

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Rain"=-


Will the entire 'Rain' value disappear from [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Cur
rentVersion\Run], or will you just have 'disabled' it.



[edit] don't you just love how this board renders reg files... :rolleyes: [/edit]
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top