I am creating generalized images of a Windows 10 machine for my company and some of the software we use requires setting up for each user account. I have a script (.cmd) that can do all of the setup automatically. Is there a way to make the script run each time a new user logs on, but only the first time they log on?
Every guide I have found explains how to assign a script to a user, but I want to have the script automatically assigned and run the first time a new user logs in, without having to go back and assign the script to their account.
The company uses Active Directory to manage user accounts, so options that use AD are perfectly valid.
EDIT 1:
I found a guide for doing this in windows 7:
https://community.spiceworks.com/topic/886089-mdt-log-on-script-for-each-new-user-run-once
However, I cannot find the locscripts file or some equivalent on Windows 10.
It's possible to trigger a first-run script via the RunOnce registry key. The linked article describes mounting the default user registry hive and adding the RunOnce entry, so that any new profiles created in the future which are based on a copy of this registry will have this setting.
Related
I am admin on my local machine. However the app I am creating (an outlook VSTO addin) will be deployed by a deployment admin to users who won't have admin.
The app installs correctly.
My issue is that I have code which checks if an EventLog.SourceExists("my VSTO addin"). If not it will EventLog.CreateEventSource("my VSTO addin").
My questions:
Do I really need to create an event source? Will it still log without the source existing?
How should I create the event source (if #1 is required)?
2a Perhaps I need to create a small app which creates the event source and this needs to be installed by an admin?
2b Perhaps I can put it in the code somewhere which will invoke when its being installed? (I'm using install shield)
2c Perhaps it can be done by an admin as part of group policy?
2d I can create a registry key as per https://learn.microsoft.com/en-us/windows/desktop/EventLog/event-sources
To answer my questions:
I do need create the source.
To solve this I created another console app which just creates the event log sources I require.
In installshield I added this new exe as a custom action. The install is done with Admin mode so the sources are created.
This fixes the application because non admins were using the app and it was trying to create the event log sources if they didn't exist. I removed this check.
I'd like to change object audit policy with vb.net. Like enabling Object Access auditing. Is that possible? If not, is powershell an option? I know I can get gpedit running on any version of Windows, but I want to be able to change the setting programmatically.
Also, I do know some settings can be changed by Registry, but I haven't seen one for audit policy.
http://www.lshift.net/blog/2013/03/25/programmatically-updating-local-policy-in-windows/
I found this, but will give it a try in a little while.
Update: It is possible to import, via VB (or probably any other language), but using REG IMPORT. Make sure you're putting the .REG file where System can access it (System does not have the same privileges as Administrator). You'd have to launch a separate app that runs as System and, on load, imports a registry key. You can run as System using PSTools (psexec), from Sysinternals. You can also do it by creating a service, running the service, then deleting the service: Running application as System (without PSTools)
I realized all the links I thought were the answer, were not. They all change the Audit Policy tab, and I can already do that programmatically. What I want to change is the global audit policy, which is only available in Group Policy (gpedit.msc). Of course, you can "install" it on any version of Windows, but I want a solution that doesn't require the end user to have to set it (aka not use gpedit.msc).
I knew that Process Monitor could monitor virtually anything going on in the background, and one link in my comments also was using Process Monitor (comments of my OP). So, I figured that was really my only way. Naturally, you'd think mmc.exe is the one to look for, but it's not. It does a TON of registry open/query/enum/closes. However, no setting or deleting. I decided to look a little before and after the large block of mmc operations (well and of course anywhere in between). Anything that wasn't mmc but happened in the exact timeframe. I found lsass had done some setting and deleting. It was changing the value of a Registry key that is owned by System. I used PSTools to run regedit as System, so I could access the key. I then used gpedit to switch back and forth (from No Auditing to Success), and found it always set the same values (something like 0 for off and 1 for on). I exported the keys when I changed the values in gpedit, and then imported them to test. I can confirm it works by reopening gpedit after importing, and the value changes. I can also confirm simply by enabling Auditing on a folder, and seeing logs in Event Viewer.
tl;dr
HKEY_LOCAL_MACHINE\SECURITY\Policy\PolAdtEv\(Default) is the you want.
Download the .reg files here
Run this in an elevated command prompt: psexec -i -s regedit
Import the .reg file you need.
Confirm by reopening gpedit.msc and checking Event Viewer (Security)
Don't trust the .reg files? Here are the values you if you'd rather create them yourself. Value type is REG_NONE, so #=hex(0).
No Audit: 00010000090000007e00000001000000030000000300010001000100000001000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000100000000000000000001000000010000000000000000000000000000000000000000000000fe7f05000a000e00030004000600060004000400
Success: 00010000090000007e00000001000000030000000300010001000100000001000000000000000300000001000100010001000100010001000100010001000100010001000100000000000000000000000000000001000100000000000000000001000000010000000000000000000000000000000000000000000000fe7f05000a000e00030004000600060004000400
As custom action of a WiX-based installer (MS Windows 7), I need to check out some files from a StarTeam server. stcmd seems to provide all functionality and I am able to perform the checkout with UID and password provided via parameter -p.
Since the installer is run by different users, I obviously need a mechanism to inquire the StarTeam login credentials at run-time instead of hard-coding UID/pw.
I was browsing the StarTeam manual but was not able to figure out if the StarTeam programs provide a solution to that problem. Any suggestions?
Sorry, this just doesn't make sense to me. Typically you include files from source control in the MSI at build time not install time. What does install time buy you other then complexity? Now application runtime would make sense to me. You could create and install an application that prompts the user for creds and then periodically polls star team for updated files. (Windows service, scheduled task, logon autorun...)
Couldn't you could prompt your users for the login information during the install and then pass them to the stcmd.exe?
Meh, the solution is trivial. When using an empty password, stcmd automatically asks for the password. Example:
stcmd connect username:#hostname:portnumber
Using the stateful commands is recommended since the credentials are stored internally for all subsequent commands.
So in IT environments we commonly lock down users profiles to prevent access to the registry, command, prompt, control panel,etc. This can easily be done via GPO. However, there are times when you need to make a quick change to the users profile when everything is locked down. Maybe it is to changes the video resolution or the wallpaper, or edit something under the restricted users HKEY_CURRENT_USER. So it is easy to reboot and login as an admin. Open their registry hive. and rename "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies" to Policies.disabled log them in and make the changes and refresh via gpupdate /force. But there should be a better way with impersonate user or Run As. But when you run RunAs as another user it runs it as the admin and you get the Admins HKCU.
How would you make it so you can run an app made in VB.NET that simply deletes "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies" so you can make those changes?
This message appears every time I try to save the data to the DB.
Failed to update database because the database is read only
Note: This error comes only when the application is installed to C drive.
Front End: VB.NET
Back End:SQL Server
Is there any way to overcome this issue?
Or any way to restrict the user from installing the application on C drive?
I would check the file system privileges. I suppose you talk about an SQL server file database. You receive the message because the account trying to access your file database does not have the file system permissions to do so.
In order to confirm my suggestion, you allow everyone to access the specific directory with full permissions.
Then, you have to check what is the account trying to do the actual access. Probably it's a system account (user ASPNET or NETWORK SERVICE). You have to give the respective permissions to the specific account.
Then, restart IIS.
If you want to do this for a distributed stand-alone application. Then these permissions would have to change on each machine where the program would be installed. In order to avoid putting users in such a fuss, the setup program should do it. I am not an expert on setup programs, but even the simplest ones would give you the option to do it, after asking the system adminstrator's approval. I suppose you could build a custom action during the setup program which would change the specific folder's permissions, perhaps by using xcacls.exe.
Hope I helped!