Registry Edit in Login Script

Forums

My Profile

Inbox

Address Book

My Subscription

My Forums

Registry Edit in Login Script

Logged in as: Guest

arrSession:exec spGetSession 2,2,57372

	Active Users: There are 0 members and 0 guests.
	Users viewing this topic: none

Printable Version

All Forums >> [Scripting] >> WSH & Client Side VBScript >> Registry Edit in Login Script
Do you like VisualBasicScript.com? Link to us and help spread the word about our forum. Thanks!

Page: [1]

Message

<< Older Topic Newer Topic >>

Registry Edit in Login Script - 3/3/2008 8:12:04 PM

4scriptmoni

Posts: 203
Score: 0
Joined: 5/3/2007
Status: offline

So i have a login script witch shuold set some values to HKEY_CURRENT_USER\Software\Policies
The problem is the user executing the script has no Write Permission here.
I have tried using RunAs or cpau.exe to call the .bat ( the .bat has for example "reg import myreg.reg")
But It is not working, I need help to solve this.
I have thought of using other tools like
subinacl (not working at the moment), will try RegDAcl, and regrant.
Wish I could do all by VB. Maybe if I impersonate System and then try to write?
I could not find a simple example of importing Registry keys from a .txt, is tehre any?
Thanks in advance

_____________________________

Enterprise Microsoft Scripts
Exchange, Login/Logout Monitor,TS, Monitoring, Security, AD, etc...
http://www.felipeferreira.net

Post #: 1

RE: Registry Edit in Login Script - 3/3/2008 10:52:02 PM

TomRiddle

Posts: 188
Score: 4
Joined: 2/7/2008
Status: offline

I would have thought the user should have permission to that key area?
I guess you could edit the domain security template to grant users permission and then you could just run plain vbscript in the user context.

But here is a solution I did for a similar problem, I created a service type account with just enough permissions to do the job.

and used a script like this.

Runas.vbs

then for a bit of extra security obfuscated it with SCRENC Microsoft Script encoder like this

Runas.vbe

(in reply to 4scriptmoni)

Post #: 2

RE: Registry Edit in Login Script - 3/3/2008 11:58:17 PM

4scriptmoni

Posts: 203
Score: 0
Joined: 5/3/2007
Status: offline

Hey Tom,
thanks for the tip. I was heading that way before but my RunAs function was not working, I added some of your lines.
But the whole problem here is "user context", if one makes changes to HKEY_CURRENT_USER, it has to be that user.
Witch does not happen if I runas the .reg file.
So for Now I am using cpau.exe 3 times. (cpau.exe its kind of runas but you can preset password, it encrypt as well =:)
1st. put userX in local admin
2nd run, runas with userX to update Registry (admin previlegis dont take effect immediatly, but thru runas it does!)
3rd remove userX from local admin group

Anyways, the script is not very dynamic, but at the moment its working!

ahh. cool about the little encryption u made, can you explain more how it works? I see no ref. to .vbe...

I can post my script it if you are interested.

_____________________________

Enterprise Microsoft Scripts
Exchange, Login/Logout Monitor,TS, Monitoring, Security, AD, etc...
http://www.felipeferreira.net

(in reply to TomRiddle)

Post #: 3

RE: Registry Edit in Login Script - 3/4/2008 12:04:00 AM

gdewrance

Posts: 587
Score: 3
Joined: 3/16/2006
Status: offline

and here's the one to decode it again

Decode all files encoded with screnc

option explicit
Dim oArgs, NomFichier
'Optional argument : the encoded filename
NomFichier=""
Set oArgs = WScript.Arguments
Select Case oArgs.Count
Case 0 'No Arg, popup a dialog box to choose the file
   NomFichier=BrowseForFolder("Choose an encoded file", &H4031, &H0011)
Case 1
   If Instr(oArgs(0),"?")=0 Then '-? ou /? => aide
       NomFichier=oArgs(0)
   End If
Case Else
   WScript.Echo "Too many parameters"
End Select
Set oArgs = Nothing

If NomFichier<>"" Then
   Dim fso
   Set fso=WScript.CreateObject("Scripting.FileSystemObject")
   If fso.FileExists(NomFichier) Then
       Dim fic,contenu
       Set fic = fso.OpenTextFile(NomFichier, 1)
       Contenu=fic.readAll
       fic.close
       Set fic=Nothing

Const TagInit="#@~^" '#@~^awQAAA==
       Const TagFin="==^#~@" '& chr(0)
       Dim DebutCode, FinCode
       Do
           FinCode=0
           DebutCode=Instr(Contenu,TagInit)
           If DebutCode>0 Then
               If (Instr(DebutCode,Contenu,"==")-DebutCode)=10 Then 'If "==" follows the tag
                   FinCode=Instr(DebutCode,Contenu,TagFin)
                   If FinCode>0 Then
                       Contenu=Left(Contenu,DebutCode-1) & _
                       Decode(Mid(Contenu,DebutCode+12,FinCode-DebutCode-12-6)) & _
                       Mid(Contenu,FinCode+6)
                   End If
               End If
           End If
       Loop Until FinCode=0
       WScript.Echo Contenu
   Else
       WScript.Echo Nomfichier & " not found"
   End If
   Set fso=Nothing
Else
   WScript.Echo "Please give a filename"
   WScript.Echo "Usage : " & wscript.fullname  & " " & WScript.ScriptFullName & " <filename>"
End If

Function Decode(Chaine)
   Dim se,i,c,j,index,ChaineTemp
   Dim tDecode(127)
   Const Combinaison="1231232332321323132311233213233211323231311231321323112331123132"

Set se=WSCript.CreateObject("Scripting.Encoder")
   For i=9 to 127
       tDecode(i)="JLA"
   Next
   For i=9 to 127
       ChaineTemp=Mid(se.EncodeScriptFile(".vbs",string(3,i),0,""),13,3)
       For j=1 to 3
           c=Asc(Mid(ChaineTemp,j,1))
           tDecode(c)=Left(tDecode(c),j-1) & chr(i) & Mid(tDecode(c),j+1)
       Next
   Next
   'Next line we correct a bug, otherwise a ")" could be decoded to a ">"
   tDecode(42)=Left(tDecode(42),1) & ")" & Right(tDecode(42),1)
   Set se=Nothing

Chaine=Replace(Replace(Chaine,"@&",chr(10)),"@#",chr(13))
   Chaine=Replace(Replace(Chaine,"@*",">"),"@!","<")
   Chaine=Replace(Chaine,"@$","@")
   index=-1
   For i=1 to Len(Chaine)
       c=asc(Mid(Chaine,i,1))
       If c<128 Then index=index+1
       If (c=9) or ((c>31) and (c<128)) Then
           If (c<>60) and (c<>62) and (c<>64) Then
               Chaine=Left(Chaine,i-1) & Mid(tDecode(c),Mid(Combinaison,(index mod 64)+1,1),1) & Mid(Chaine,i+1)
           End If
       End If
   Next
   Decode=Chaine
End Function

Function BrowseForFolder(ByVal pstrPrompt, ByVal pintBrowseType, ByVal pintLocation)
   Dim ShellObject, pstrTempFolder, x
   Set ShellObject=WScript.CreateObject("Shell.Application")
   On Error Resume Next
   Set pstrTempFolder=ShellObject.BrowseForFolder(&H0,pstrPrompt,pintBrowseType,pintLocation)
   BrowseForFolder=pstrTempFolder.ParentFolder.ParseName(pstrTempFolder.Title).Path
   If Err.Number<>0 Then BrowseForFolder=""
   Set pstrTempFolder=Nothing
   Set ShellObject=Nothing
End Function

_____________________________

"You start coding. I'll go find out what they want."

(in reply to TomRiddle)

Post #: 4

RE: Registry Edit in Login Script - 3/4/2008 12:08:27 AM

ebgreen

Posts: 4971
Score: 31
Joined: 7/12/2005
Status: offline

No, no, no...you need to encode a fake script in the file then hide the real script encoded in an alternate data stream in the same file.

_____________________________

"... when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick
Goog places to start:http://www.visualbasicscript.com/m_24727/tm.htm
http://www.visualbasicscript.com/m_47117/tm.htm

(in reply to gdewrance)

Post #: 5

RE: Registry Edit in Login Script - 3/4/2008 12:24:21 AM

TomRiddle

Posts: 188
Score: 4
Joined: 2/7/2008
Status: offline

Hey 4scriptmoni, sorry about the runas blunder.
maybe you can package it as another idea.
Would be interested in seeing the whole script as it sounds an interesting problem and I am only guessing at answers.

I did see somewhere, I think this forum, a script where you can punch in registry values remotely to this key with WMI, I know you can do it with regedit if you know the user's sid.

re the script encoder. it is just a download from Microsoft and the vbe part is the extension you give the file.

(in reply to 4scriptmoni)

Post #: 6

RE: Registry Edit in Login Script - 3/4/2008 1:09:32 AM

4scriptmoni

Posts: 203
Score: 0
Joined: 5/3/2007
Status: offline

sorry but I got lost in the encode/decode...
how can encrypt the password string? is it that complicated?
thx.

_____________________________

Enterprise Microsoft Scripts
Exchange, Login/Logout Monitor,TS, Monitoring, Security, AD, etc...
http://www.felipeferreira.net

(in reply to 4scriptmoni)

Post #: 7

RE: Registry Edit in Login Script - 3/4/2008 1:29:08 AM

ebgreen

Posts: 4971
Score: 31
Joined: 7/12/2005
Status: offline

You cannot encrypt a password within a VBScript. You can encode the entire script. There are even some third party tools that will let you compile the script into an executeable but be careful you can still extract the password from most of them.

_____________________________

"... when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick
Goog places to start:http://www.visualbasicscript.com/m_24727/tm.htm
http://www.visualbasicscript.com/m_47117/tm.htm

(in reply to 4scriptmoni)

Post #: 8

RE: Registry Edit in Login Script - 3/5/2008 3:37:57 AM

4scriptmoni

Posts: 203
Score: 0
Joined: 5/3/2007
Status: offline

Well. I wish there was a better way to encrypt single Strings. Maybe I will think of a function in the future that checks exactly the vbscript file size, if it has been modified then it will not decrypt.
But also this would not be completly enough. Anyone that knows a the basic of vb could get the password, oh well.
I am pretty much done with this script, it got longer and more complicated then I expected. But it does a lot.
The general idea is to implement some BUsinses POlicy once the laptop is use with a Local Login acount. It adds some registry keys, reset explorer, and sync files if the server is found.

'Login Local User Script
'Author: Felipe Ferreira
'Date: 06/03/2008
'Version: 3.0
'2.0 Updates:
'Use directly USERNAMES (faster)  - OK
'Use sys variable to check if in DOmain - OK
'Try to integrate RunAs  and    - OK
'Password Encryption - OK
'Set Company WallPaper - refresh screen - OK
'POP up should not stop the script from running -  OK
'3.0 Updates:
'Sync with Server, only if in server is newer  - OK
'Sync with Server SPecial ServerName FOlder  - OK
'Sync itself Login.vbs if Server is new  = OK
'Log Synced Files to c:\maq.txt - OK
'Verify that LU.reg exists, if not Logoff  - OK
'Funcionamiento del Script 
'1. Verifica el nombre del  usuario que hecho el login. Verifica si hecho login local o en el servidor. Verifica si existe el archivo LU.reg*, si no existe hace un logout!
'2. Intenta sincronizar con la carpeta* en el server. Hace log de los archivos sincronizados en c:\maq.txt verifica si el usuario no hecho login local despu�s sal� del script. Porque el usuario esta en el dominio, entonces las directivas de Dominio funcionara. Si la carpeta remota no es accesible contin�a con  el script.
'3. Env�a una mensaje al usuario avisando que el ordenador si esta actualizando. Cerra el explorer.exe, Aplica los cambios de registro basado en el usuario ( sala, adminbcn, administrador)
'4.  Env�a otra mensaje avisando que la actualizaci�n estado terminada. Reinicia explorer.exe
'*�sos son variables y pueden ser f�cilmente cambiados

'---------------------------------------------GLOBAL  VARIABLES-----------------------------------------------------------------------
Dim strUser,strHost, strLogonServer
Dim strPingit
Dim logfile 
Dim objGroupDict  
Dim strWindir,strLocalDrive
Dim sPass1, sPass2, sPass3 
Dim h : h = 0        'for log, to run initial date, info, just once  
Dim bLoginLocal : bLoginLocal = False 'Boolean to check if login Local or Not     
Dim fs : Set fs = CreateObject("Scripting.FileSystemObject")  
Dim WSHNetwork : Set WSHNetwork = Wscript.CreateObject("Wscript.Network")
dim oShell : Set oShell = WScript.CreateObject("WScript.Shell")
Dim strScriptFile : strScriptFile = WScript.ScriptFullname
Dim sPath : sPath = Left(strScriptFile, Len(strScriptFile) - Len(WScript.Scriptname)) 'used to define the path from where the script file is located
'---------------------------------------------PRE SET VARIABLES-----------------------------------------------------------------------
Dim bVerbose : bverbose = False   '   1 for Debug Mode
Dim oSyncFolder : oSyncFolder = "\\dsds\adasda"
Dim RegSala : RegSala = sPath & "LU.reg"           '.REG  FOR SALA USER, LU = LocalUser
Dim RegAdminBCN : RegAdminBCN = sPath & "LA.reg"   '.REG  FOR ADMINBCN USER, LA = Local Admin
sPass1 = Decrypt("1113b123123mbt")    'sala password encrypted
sPass2 = Decrypt("6543212321ojneb")  'adminbcn password encrypted
sPass3 = Decrypt("432123123ovs")      'runas password encrypted
'_____________________________MAIN__________________________________________
on error resume next
'---->Check what kind of Group and Username  and SET strUserType
getUserInfo
'---->Check if Domain Network is UP, IF up then UPDATE and Quit Script  ---> USER LOGONSERVER variable!!!
CheckNetwork
'----->Try to Sync to Server folder if not reacheable just go on, if sync is OK and user not LoginLocal then QUIT SCRIPT
Sync
'---->PopUp msg and Kill Explorer
call popup("Actualizando...", 5)
call exec("cmd /c TASKKILL /F /IM explorer.exe")

'---->Depending on UsersGroup Call .reg to Update Registry
if strUser = "sala" then
    call RunAs("runas",sPass3,"net localgroup Administradores sala /add")    
 wscript.sleep 1200
    call RunAs(strUser,sPass1,"regedit /s "  & RegSala)        
    wscript.sleep 1250
    call RunAs("runas",sPass3,"net localgroup Administradores sala /delete")

elseif strUser = "adminbcn" then
    CleanRegistry
   ' call RunAs(strUser,sPass2, sPath & " & RegAdminBcn)     'AUN NO TENGO LA.REG 
   
elseif strUser = "Administrador" then
     CleanRegistry
   
elseif strUser = "t3" then
    call RunAs("runas",sPass3,"net localgroup Administradores t3 /add")    
 wscript.sleep 1200
    call RunAs(strUser,"t3","regedit /s " & RegSala)        
    wscript.sleep 1250  '
    call RunAs("runas",sPass3,"net localgroup Administradores t3 /delete")       
end if
'---->Start Again Explorer.exe and Update GPOs

call exec("c:\iniApli.exe %windir%\explorer.exe")
call exec("cmd /c gupdate /force")
'call exec("%comspec% /c explorer.exe")
call exec("RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters") 'redraw WALLPAPER
'Clean popup temp
Set c = fs.GetFile("c:\temp\temp.vbs")
c.delete
wscript.quit(0)
'_____________________________END MAIN__________________________________________

'===================START FUNCTIONS AND SUBS=====================================================
Sub getUserInfo
'CHECKS USERS GROUPS Set strUserType depending on User Group
   strUser = ""
strHost = ""
While strUser = ""
 wscript.sleep 5 
 strUser = WSHNetwork.Username
Wend
call displayMsg("USERNAME = " & struser)
strHost = WSHNetwork.UserDomain
call displayMsg("HOSTNAME = " & strHost) 
end sub
Sub CleanRegistry
'Deletes all Policy related folders,
   call exec("reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ /f")
call exec("reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ /f")
call exec("reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies /f")
call exec("reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies /f")
call exec("reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies /f")
call exec("reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies /f")
call exec("reg delete HKEY_CURRENT_USER\Software\Policies /f")
call exec("reg add HKEY_CURRENT_USER\Software\Policies /f")  
end sub
function exec(execCmd)
'SHOULD USE RUN SO WE CAN HIDE THE POPUP WINDOW!
on error resume next
dim strCmd
dim WshShell3 : set WshShell3 = CreateObject("WScript.Shell")
call DisplayMsg( execCmd )
ex=WshShell3.Run(execCmd,0, FALSE) 
set ex=nothing
end function
Function RunAs(sUser,sPass,sCmd)
'NOT WORKING!!! :(
On Error Resume Next
dim WshShell, FSO,WinPath 
set WshShell = CreateObject("WScript.Shell")
set WshEnv = WshShell.Environment("Process")
WinPath = WshEnv("SystemRoot")&"\System32\runas.exe"
set FSO = CreateObject("Scripting.FileSystemObject")
if FSO.FileExists(winpath) Then
 'wscript.echo winpath & " " & "verified"
Else
 CAll DisplayMsg("!! ERROR !!" & VBCRLF & "No ecuentro " & winpath)
 set WshShell=Nothing
 set WshEnv=Nothing
 set FSO=Nothing
 wscript.quit
end if
call DisplayMsg("runas /user:" & sUser & " " & CHR(34) & sCmd & CHR(34))
ruc=WshShell.Run("runas /user:" & sUser & " " & CHR(34) & sCmd & CHR(34), 2, FALSE)
'need to give time for window to open.
   do until WshShell.AppActivate(WinPath)  'make sure we grab the right window to send password to
 Wscript.Sleep 15  
 WshShell.AppActivate(WinPath)      
loop
WshShell.SendKeys sPass &VBCRLF 
   'call DisplayMsg("RunAs is done") 'send the password to the waiting window.
set WshShell=Nothing
set WshEnv=Nothing
set FSO=Nothing
end Function
Sub CheckNetwork
Set objShell = CreateObject("WScript.Shell")   ' Run cmds
'Get LogonServer
Set objExecObject = objShell.Exec("cmd /c echo %LOGONSERVER%")
Do While Not objExecObject.StdOut.AtEndOfStream
         strLogonServer = objExecObject.StdOut.ReadLine()           
loop
'CLEAN UP THE LOGONSERVER NAME, remove \\
strLogonServer = replace(strLogonServer,"\\","")
strLogonServer = trim(strLogonServer)
'GET WINDIR
Set strWindir = fs.GetSpecialFolder(0)  
'SET GLOBAL VARIABLES
strWindir = trim(strWindir) & "\"
strLocalDrive = Left(strWindir,3) 
logfile = strLocalDrive & "maq.txt"
DisplayMsg strWindir & strLocalDrive & logfile

If (strHost = "") Then 
     Set objExecObject = objShell.Exec("cmd /c echo %COMPUTERNAME%")
 Do While Not objExecObject.StdOut.AtEndOfStream
         strHost = objExecObject.StdOut.ReadLine()           
 loop
End If 
if strLogonServer <> strHost then
 displaymsg "Login in Domain!"
 bLoginLocal = False

elseif strLogonServer = strHost then
    displaymsg strUser & " login Local  " &strHost & " = " & strLogonServer
 bLoginLocal = True
end if  
'CONTROLS THAT THE .REG FILE EXISTS, 'if .reg file not found, LOGOUT AND QUIT SCRIPT!
If fs.FileExists(RegSala) = False Then  
DisplayMsg "ERROR: Archivo " & regsala & " no encuentrado!!!"
  call exec("%comspec% /c logoff.exe")
  wscript.quit(0)
        Exit sub
end if 
'Set objExecObject = nothing  
end sub
Sub Sync
'Checks If Sync Folder is Reacheable , Confirm it is in Domain Network
If fs.FolderExists(oSyncFolder) = False Then
 Call DisplayMsg( "Caprtea per Sync no encuentrada!") 
 'User is NOT in Network
   Exit sub  
else 
 Call DisplayMsg( "Caprtea per Sync OK, Actualizando...")   
 'IF FINDS THE FOLDER WITH SAME AS COMPUTER NAME THEN UPDATE ALL FILES FROM THERE
 If fs.FolderExists(oSyncFolder & strHost) then
  oSyncFolder = oSyncFolder & strHost & "\"
 end if
 Set fs = nothing
 'Start Copying/updating
 Call CopyFiles(oSyncFolder & "windows\",strWinDir)
 Call CopyFiles(oSyncFolder & "system32\" ,strWinDir & "system32\")
 Call CopyFiles(oSyncFolder & "C\",strLocalDrive)
 Call CopyFiles(oSyncFolder & "reg\",sPath)
 Call CopyFiles(oSyncFolder & "scripts\",sPath) 
 
 if bLoginLocal = false then  'User is in DOMAIN and Sync has finished
  DisplayMsg "User is in DOMAIN and Sync has finished, Quiting..."
  wscript.quit(0)
 end if
 
end if  
end Sub 
Function CopyFiles(folderspec1,folderspec2)
'----------COPY BUT FIRST COMPARE IF EXISTS AND IF SO COMPARE IF NEWER --------
on error resume next
Dim f,f1,fc,strFileName1,intFileSize1,intFileDate1
Dim strFile2,strFileName2,intFileSize2,intFileDate2,TFile
Dim objFileCopy
Set fs = CreateObject("Scripting.FileSystemObject")   
TFile = 0
'Lo script gira solo se la folder esiste 
'DisplayMsg  "Copying/Updating From: " & folderspec1 & " to " & folderspec2
If (fs.FolderExists(folderspec1)) and (fs.FolderExists(folderspec2)) Then
 Set f = fs.GetFolder(folderspec1) 
 Set fc = f.Files
 'GOES THRU EACH FILE IN SOURCE FODLER
 For Each f1 in fc
  strFileName1=f1.name
  intFileSize1=f1.size 
  intFileDate1 = f1.DateLastModified  'Gets Last Updated  
  
  'CHECK IF FILE EXISTS IN TARGET DIRECTORY 
           If fs.FileExists(folderspec2 & strFileName1) Then 
   Set strFile2 = fs.GetFile(folderspec2 & strFileName1) 
   strFileDate2 = strFile2.DateLastModified 
   strFileName2 = strFile2.Name
   
   If  intFileDate1 > strFileDate2 Then      
    Set objFileCopy = fs.GetFile(folderspec1 & strFileName1) 
    objFileCopy.Copy (folderspec2) 
    DisplayMsg "Actualizando : " & objFileCopy.name & " - " & intFileDate1 &_
    " to " & folderspec2 & objFileCopy.name & " - " & intFileDate1
    call Log(logfile, "Actualizando : " & objFileCopy.name & " - " & intFileDate1 &_
    " to " & folderspec2 & objFileCopy.name & " - " & intFileDate1)
    TFile = TFile+1 
   end if
  else 
      ' IF FILE DOES NOT ALREADY EXIST, COPY SOURCE FILE TO TARGET 
   Set objFileCopy = fs.GetFile(folderspec1 & strFileName1) 
   objFileCopy.Copy (folderspec2) 
   DisplayMsg "Copiando : " & objFileCopy.name & " to " & folderspec2 & objFileCopy.name
   call Log(logfile, "Copiando : " & objFileCopy.name & " to " & folderspec2 & objFileCopy.name)
   TFile = TFile+1 
  end if
  set objFileCopy = nothing
 Next
End If
'Print counters and do additions for each folder 
if TFIle <> 0 then
 DisplayMsg TFile & " archivos copiados." 
 call log (logfile, TFile & " archivos copiados.")
end if
set fs = nothing
End Function
Function Log(Outputfile, msgLine)
Dim oFSO : Set oFSO = CreateObject("Scripting.FilesyStemObject")
Const ForAppending = 8 
Set ofile = oFso.OpenTextFile(Outputfile, ForAppending, TRUE)
if h = 0 then
 oFile.Writeline  VbCrLf & "#################Portatil Login Sync##################"
 oFile.Writeline "Usuario: " & strUser & VbCrLf &"Nombre Poratil: " & strHost 
 oFile.Writeline "Script: " & strScriptFile & " el " & Date & " las " & Time & VbCrLf
 h = h + 1
   end if
oFile.Writeline msgLine
Set oFSO = nothing
end function
Function popup(msgPop, isec)
'Create a temp vbs and do the popup, so it does not stop the current running script, should delete it too!
Set fs = CreateObject("Scripting.FileSystemObject") 
dim WshShell2 : set WshShell2 = CreateObject("WScript.Shell")
set b=fs.CreateTextFile("c:\temp\temp.vbs")
msgPop = chr(34) & msgPop & chr(34) 
b.writeline "set WshShell = WScript.CreateObject( ""WScript.Shell"" )"
b.writeline "ret = WshShell.Popup( " & msgpop & ", "& isec & ", " & msgpop & ", vbInformation )"
b.close
rc=WshShell2.Run("CSCRIPT /NoLogo c:\temp\temp.vbs",0, FALSE) 
wscript.sleep 20
set rc = nothing
end function
Function Decrypt(Encryptedstring)
'Could use a method to check script file size, if changed do not Decrypt! (?)
Dim x, i, tmp
encryptedstring = StrReverse( encryptedstring )
For i = 1 To Len( encryptedstring )
 x = Mid( encryptedstring, i, 1 )
 tmp = tmp & Chr( Asc( x ) - 1 )
Next
Decrypt = tmp
End Function
Function Encrypt(String)
Dim x,i,tmp
For i = 1 to Len(String)
 x = Mid(String,i,1)
 tmp = tmp & Chr ( Asc (X) + 1)
next
tmp = strReverse(tmp)
Encrypt = tmp
end function 
Function DisplayMsg(msgTxt)
'Prints msg on screen only if Verbose is set 
if bVerbose = True then  
 wscript.echo msgTXT
end if
end Function

< Message edited by 4scriptmoni -- 3/7/2008 12:01:28 AM >

_____________________________

Enterprise Microsoft Scripts
Exchange, Login/Logout Monitor,TS, Monitoring, Security, AD, etc...
http://www.felipeferreira.net

(in reply to ebgreen)

Post #: 9

RE: Registry Edit in Login Script - 3/6/2008 12:29:35 AM

mbouchard

Posts: 1916
Score: 16
Joined: 5/15/2003
From: USA
Status: offline

This is one thing I wish Wscript did better. But since it doesn't you can also use AutoIT to elevate permissions and the plus on AutoIT is that you when you compile the script you can "prevent" decompilation.

here is the example from the AutoIT help file

In the above, you could have your vbscript call the exe which in turn can either do what you want it to do or call an additional script to do what you want it to do.

_____________________________

Mike

For useful Scripting links see the Read Me First stickey!

Always remember Search is your friend.

(in reply to 4scriptmoni)

Post #: 10

RE: Registry Edit in Login Script - 3/6/2008 10:43:54 PM

TomRiddle

Posts: 188
Score: 4
Joined: 2/7/2008
Status: offline

Hi 4scriptmoni, Thats a pretty big script, I think that the user should have full permission to read and write to HKEY_CURRENT_USER. (via VBScript)

I have come across a similar thing on my domain, the users don't have permission to access the registry via registry editing tools like regedit, reg, etc due to grouppolicy. (Your script is using reg)

They do have access via pure VBScripts like this http://www.microsoft.com/technet/scriptcenter/scripts/os/registry/default.mspx

(in reply to mbouchard)

Post #: 11

RE: Registry Edit in Login Script - 3/6/2008 10:56:35 PM

mbouchard

Posts: 1916
Score: 16
Joined: 5/15/2003
From: USA
Status: offline

For a "normal" user, if they have denied access, via policy, to edit the registry then even though they might be an admin they still wouldn't be able to run a .reg. They could edit the registry via a script but not via a .reg. At least this is how we have it setup.

If you are trying to have them edit the CU reg key then you can add this to your script

Add this before your regedit
   'Enable registry access
   Set WSHShell = WScript.CreateObject("WScript.Shell")
    WSHShell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"

Add this to turn off the reg access.
    'Disable registry access
    Set WSHShell = WScript.CreateObject("WScript.Shell")
    WSHShell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", 1, "REG_DWORD"


_____________________________

Mike

For useful Scripting links see the Read Me First stickey!

Always remember Search is your friend.

(in reply to TomRiddle)

Post #: 12

RE: Registry Edit in Login Script - 3/6/2008 11:59:53 PM

4scriptmoni

Posts: 203
Score: 0
Joined: 5/3/2007
Status: offline

mbouchard
Thanks for the ideas. But autoit is not something we use much here.I dont understand what is the big advantage since you are showing the Passowrd here :
RunAsSet('USER', @Computername, 'PASSWORD')
and then calling a .exe

I am just doing a decrypt(sPass3) then:

call RunAs("runas",sPass3,"net localgroup Administradores testuser /add") ' ADDS THE USER TO LOCAL ADMIN
call RunAs(strUser,"testuser","regedit /s " & RegSala)                                     'RUNS THE REG UPDATED UNDER TESTUSER CONTEXT
call RunAs("runas",sPass3,"net localgroup Administradores testuser /delete")    ' REMOVES THE USER TO LOCAL ADMIN

The entries on the regeistry that you mention is also something we dont have.But I think Tom does.

But by default regular users do not have the rights to change HKCU Policies or HKLM (none of the policies keys).
The things maybe I could improve here would be, the impersonate, encryption..., the POPUPS, my last version does use a new Exec function, witch no longer shows the Popup.



But with the RunAs function, this can not be done :(

I wish there was a better way to impersonate in general a script call.
For example, Impersonate user X and execute cmds from this account, maybe for WMI or LDAP calls it can be done???

ebgreen
Maybe you could explain the encoding and fake vbs streaming, sorry I am not sure how this works...

*sorry for the caps and for such a long post   :)

_____________________________

Enterprise Microsoft Scripts
Exchange, Login/Logout Monitor,TS, Monitoring, Security, AD, etc...
http://www.felipeferreira.net

(in reply to mbouchard)

Post #: 13

RE: Registry Edit in Login Script - 3/7/2008 12:28:41 AM

mbouchard

Posts: 1916
Score: 16
Joined: 5/15/2003
From: USA
Status: offline

quote:

ORIGINAL: 4scriptmoni

mbouchard
Thanks for the ideas. But autoit is not something we use much here.I dont understand what is the big advantage since you are showing the Passowrd here :
RunAsSet('USER', @Computername, 'PASSWORD')
and then calling a .exe

The advantage here would be that you compile your AutoIT script into an EXE that cannot be easily decompiled.

_____________________________

Mike

For useful Scripting links see the Read Me First stickey!

Always remember Search is your friend.

(in reply to 4scriptmoni)

Post #: 14

If you found our site useful please link to us <a href="http://www.visualbasicscript.com">VisualBasicScript.com</a>.

All Forums >> [Scripting] >> WSH & Client Side VBScript >> Registry Edit in Login Script

Page: [1]

Jump to:

New Messages	No New Messages
Hot Topic w/ New Messages	Hot Topic w/o New Messages
Locked w/ New Messages	Locked w/o New Messages

Post New Thread

Reply to Message

Post New Poll

Submit Vote

Delete My Own Post

Delete My Own Thread

Rate Posts