August 18, 2019, 03:34:45 pm

News:

Own IWBasic 2.x ? -----> Get your free upgrade to 3.x now.........


Understanding the windows registry - Users

Started by Andy, October 09, 2016, 05:48:36 am

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Andy

October 09, 2016, 05:48:36 am Last Edit: October 09, 2016, 05:58:21 am by Andy
A while ago, I posted some basics about the windows registry.

Here I want to look at user accounts.

Firstly, in the registry (regedit.exe) you will notice a folder called HKEY_CURRENT_USER, this relates to the current (logged on) user.

Secondly, each user account has what is called a "Hive", a copy of the users registry settings and will be stored under a key name with S-1-5-21- (found in HKEY_USERS)....

HKEY_USERS\S-1-5-21-3810301207-286795136-547885110-1001  (this "Hive" is my account).

Now if I make a change (whilst I am logged on as Andy) to  HKEY_CURRENT_USER, the changes are also stored automatically in HKEY_USERS\S-1-5-21-3810301207-286795136-547885110-1001.

So what does this tell us?

1. You can change another users registry settings by loading their "Hive", put the changes in, and unload it again.

2. This means you can have more security over your machine.

So how do I know which S-1-5-21 hive relates to who?

See attachment!

The list of user accounts is stored under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Where S-1-5-18 is for the windows system
S-1-5-19 is for the Local service
S-1-5-20 is for the Network service

All S-1-5-21's are user accounts.
 
Later I will be showing you how to hide a disk drive from another user account, so you can use it, but someone else can't.  i.e. connect a USB drive and infect your computer, or copy / take files to / from it.

If you find this interesting, please let me know...

Thanks,
Andy.


Day after day, day after day, we struck nor breath nor motion, as idle as a painted ship upon a painted ocean.

LarryMc

LarryMc
Larry McCaughn :)
Author of IWB+, Custom Button Designer library, Custom Chart Designer library, Snippet Manager, IWGrid control library, LM_Image control library

Egil

Alan,

I have followed your work with register file utilities closely, but since I have no immediate plans to use your ideas in my own code, I have not posted any comments.
But I want you to know that I have learned a lot from every one of your posts. So please keep them coming. You certainly know how to pick difficult (at least for me) stuff!


Egil
Support Amateur Radio  -  Have a ham  for dinner!

LarryMc

Quote from: GWS on October 09, 2016, 12:44:44 pm

No way would I let any software purporting to manipulate Window's registry, anywhere near my machine.



OOPS!  I hate to be the one to tell you Graham but Creative Basic (and IBasic before it) use the registry  ::) ::)  ;D ;D

And you can just about count on any commercial program on your computer is using the registry.
LarryMc
Larry McCaughn :)
Author of IWB+, Custom Button Designer library, Custom Chart Designer library, Snippet Manager, IWGrid control library, LM_Image control library

LarryMc

Andy
I've got a problem and I wonder if you have ever run into it:

I was opening and closing the registry to look at things associated with the Snippet Manager as part of my coding effort to remove all the registry entries from the registry.

Then all the sudden the registry window won't open and stay open.  When I click reg.exe I can see it just flash like a console window trying to open for a few millisecs and that's it.  I have to go in the task manager and close a process in order to see it again.

I've rebooted with no change.
LarryMc
Larry McCaughn :)
Author of IWB+, Custom Button Designer library, Custom Chart Designer library, Snippet Manager, IWGrid control library, LM_Image control library

Andy

October 09, 2016, 11:03:48 pm #5 Last Edit: October 09, 2016, 11:14:22 pm by Andy
Larry,

When you say the registry window won't open and stay open you are talking about Regedit.exe?

If the problem persists, try downloading and running (as admin) my alternative registry editor (user offerings).

If that works, then there is some other problem, if it doesn't work then there could be a corruption in your registry files.

Let me know how you get on.

With regards to my registry posts, I'm simply trying to make everyone aware of what the registry is and does, all those who know me understand my good intentions and I will never post anything which could be used to a detrimental effect. 

Everything posted is very well documented on the internet, and the next time you install a program it will almost certainly make changes to your registry files, I'm just trying to give you an incite as to what it might be doing.

Only good intentions here - but I think I won't post anymore tutorials on the registry.
Day after day, day after day, we struck nor breath nor motion, as idle as a painted ship upon a painted ocean.

LarryMc

I had a DUH meltdown  ::) ::) ::)
I was clicking on reg.exe instead of regedit.exe.   I don't know how I got switched.  I guess I'm too old and too tired.  I put in about 10 hours in the shop today (and that's a LONG day for me) doing woodworking.

Anyway, your post was enough to wake me up... thanks.

As for the other.  There's no question about your intentions. Press on.
LarryMc
Larry McCaughn :)
Author of IWB+, Custom Button Designer library, Custom Chart Designer library, Snippet Manager, IWGrid control library, LM_Image control library

Andy

October 10, 2016, 08:00:23 am #7 Last Edit: October 10, 2016, 08:10:35 am by Andy
Larry and Egil,

Thanks for your support and it's always very welcome  :)

Larry we all have moments like that (even for me a "spring chicken").

Egil thanks for my new name "Alan" (AKA Andy only joking)

I will press on with this simple scenario.

As Larry stated (and is correct), many programs will alter your registry setting either during setup / and or during use.

So lets take a setup scenario, you accept the license agreement etc, and suddenly you are asked a question -

"Do you want to install this program for you (the current user) OR for anyone who uses this computer?"

Why do they ask this question, and what does it really mean for you and your registry files?

The answer is this:
If you choose "You (the current user)", then the program will change the settings for HKEY_CURRENT_USER - which is you.

If you choose "Anyone who uses this computer", the program will change the settings for HKEY_LOCAL_MACHINE.

As mentioned before, HKEY_CURRENT_USER holds your windows settings, and HKEY_LOCAL_MACHINE overrides any such settings for you and all other users.

If you have installed Anti Virus, MS Office, Open Office, Flash player (and indeed many other programs) then you have already let these programs change your registry settings.

It's a fact of life, it just depends on the intent of the program as to what it does.

So I have to strike a balance when posting as to what I believe is good for all of us and what is not.  :)

The point I'm trying to make is a simple one, that a basic knowledge of the registry can help you keep your computer running well, fast, and clean!, which can only be good for all of us.

And I am trying to keep interest in "our" forum alive as it's been very quiet here for a while.




Day after day, day after day, we struck nor breath nor motion, as idle as a painted ship upon a painted ocean.

Egil

Hi Andy,

QuoteEgil thanks for my new name "Alan" (AKA Andy only joking)


Must have had what LarryMc calls a senior moment. Had just answered emails from two different guys named Alan. One of them complained today because I called him Andy....

So now you know how it is to become old :-\
(LarryMc claims that he needed ten hours for mixing names. Took me only ten minutes!)


Egil
Support Amateur Radio  -  Have a ham  for dinner!

Brian

Andy,

Keep on with the registry tutorials - they have always been a pretty dark area for me

And I am particularly interested in the USB denial tweaks. They used to deny us using the
USB ports to stop us putting in our own memory sticks. Always wondered how they did it!

Brian

Andy

October 11, 2016, 05:53:22 am #10 Last Edit: October 11, 2016, 05:56:45 am by Andy
Brian,

Thanks for the thumbs up, and glad to see you on here again.

Talking about USB ports, I do actually have a program where you can select any drive (or possible drives) and hide or show them from the current user.

This again is well documented and used for security reasons especially on servers to stop someone from taking data or messing with the machine.

You have to add a registry entry, and this entry holds a number and it works like this:

To hide drive A, the number for this entry is 1
to hide drive B, the number is 2
for C it would be 4
for D it would be 8

Basically, the number doubles with each letter as you go on, and Z ends with 33554432, and for all drives it is 67108863.

And you can combine the drive numbers too, so if you wanted to hide drives C (four) and D (eight) then the number stored would be 12, i.e. 4 + 8 = 12.

Now, you have to restart windows (or my way) stop explore.exe (your desktop).

Stopping explore.exe means that windows itself will restart it after a second or so, and once explore.exe is restarted windows will then re-read the registry, spot the change, and hide / show the drives you have specified.

This program was part of a system I wrote some years ago to stop children messing about with a parents computer.

So, to post or not to post the code - that is the question - I may need advice, although I personally cannot see any harm in it.

Andy.
:)



Day after day, day after day, we struck nor breath nor motion, as idle as a painted ship upon a painted ocean.

Brian

Andy,

What harm could there be, as long as you can "undo" your changes. I, for one, would
like a dabble to see how it works. I can see my daughter having a use for it, as my
grandchildren tend to mess about with memory sticks without her knowledge

Brian

Andy

Brian,

Yes I will post it, but it might get tomorrow as I need to give detailed instruction on how to use it.

Andy.
Day after day, day after day, we struck nor breath nor motion, as idle as a painted ship upon a painted ocean.