Has anyone made a script to change a registry file based on a users SID remotely?
I'm trying to make IE prompt that it is the default browser - we have PCs that are locked down, but Google Chrome keeps getting installed and it's being set as the default browser and it's causing issues. So an easy fix, rather than logging in as an admin is just to change a simple registry key, open IE, hit yes, and be done. The PCs I am working with are all generic usernames with similar passwords, so I'm trying to make this as easy as possible.
Here's what I have so far
#echo off
ECHO PC Name
SET /P pc=
ECHO.
ECHO Generic Username Logged In
SET /P un=
ECHO.
for /F "usebackq delims== skip=1" %%i in (`\\gtchghost\installs\PSTools\psgetsid.exe \\%pc% \%un%`) do set uSID=%%i
REG ADD "\\%pc%\HKEY_USERS\%%i\Software\Microsoft\Internet Explorer\Main" /v "Check_Associations" /t REG_SZ /d "yes"
pause
I keep getting
ERROR: The parameter is incorrect.
If I run this command I get the SID which is what I am trying to make a variable.
psgetsid \\pc \username
Related
I'm trying to exectute the following bat every 15 minutes on my pc:
#ECHO OFF
SETLOCAL enabledelayedexpansion
SET host=http://dnsad.de/rest/
SET slideshowurl=http://dnsad.de/display/currentSlideshow/mac/
SET slideshowfolder=C:\Slideshow
SET ieprocess="iexplore.exe"
SET ignore_result=INFORMATION:
FOR /f "delims=" %%a IN ('getmac /v ^|find /i "Realtek"') DO (
FOR %%b IN (%%a) DO (
SET element=%%b
IF "!element:~2,1!!element:~5,1!!element:~8,1!"=="---" set mac=%%b
)
)
SET formattedmac=%mac:-=:%
SET macpath=%mac:-=_%
FOR /f "delims=" %%a IN ('curl -X GET %host%%formattedmac%') DO (
FOR %%b IN (%%a) DO (
SET update=%%b
)
)
IF "%update%"=="[true]" (
CD %ProgramFiles%\WinHTTrack\
httrack %slideshowurl%%formattedmac% -q -O "C:\Slideshow" -s0 -B -a
curl -X PUT %host%%formattedmac%
START iexplore -k %slideshowfolder%\dnsad.de\display\currentSlideshow\mac\%macpath%.html
)
EXIT
The script works as it should when executed. Im getting the device's mac address, getting the expected server responses from curl, WinHTTrack is backing up the data correctly, curl updates the server fields and then the internet explorer gets opened with the updated,local html.
When scheduled as Task with win 7 it works as it should as well. When running the bat from Task Scheduler on Win 10 the last thing it does is the curl PUT, but the Internet Exploerer is never opened. The task is marked as succesful.
I am logged in as admin on Win 7 and Win 10. I tested pretty much every setting within the taskscheduler. Nothing seems to be working. Why doesnt the internet explorer start ?
[EDIT]
It seems that the option "Run whether user is logged on or not" causes the problem. But here is the catch:
I'm displaying slideshows in Internet Explorer Kiosk Mode and need to get updated Data from my server to Display new Slideshows regularly. The mentioned option prevents the console from popping up when executing the bat file. If i "only execute if user is logged on" i do get the updated Data to display in Internet Explorer, but every 15 minutes a console window pops up for a second.
I tried exectuing with cmd /c "update" /min "PATH TO BAT" which dosesn't solve the problem.
As mentioned in my [Edit] the problem was the option "run whether user is logged on or not", which i used to prevent the command line window to pop up. When i use the option "only execute if user is logged on" i need to "wrap" the bat in a VBScript which doesnt open the cli. So by scheduling a vbs with the following lines:
Set objShell = WScript.CreateObject("WScript.Shell")
objShell.Run "cmd /c PATH\TO\BAT", 0, True
i can execute the bat without a flashing cli.
so here is my scenario,i installed squid proxy server on my windows server 2012 domain.and i created the batch files for clients when they turn on laptops on my network and run batch file to enable squid proxy server on their laptops.
which will add ip and port to their browser and also enable that.
batch file script are as follow:
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" ^
/v ProxyServer /t REG_SZ /d 192.168.10.2:3128 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" ^
/v ProxyEnable /t REG_DWORD /d 1 /f**
And when they move to any other network or their home network,they need to disable proxy server for browsing,
The file for disabling proxy server from their browsers are as follow:
#ECHO OFF
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" ^
/v ProxyEnable /t REG_DWORD /d 0 /f**
Now the problem is sometimes employees forget to run batch file on company network or they don't want to run batch file on network and use internet without running the batch file / enabling proxy.
So I want batch file that runs at startup and check for the network whether thats home network or a company network.and on company network when employees turns on their laptops it will be enabled automatically and when they turn on any other network or work from home that will automatically disable that proxy.
any help will be appreciated,waiting for your kind response.
Thank you
The following script works for me. You simply need to change the IP address and port. Copy and paste the code below and save as "Proxy.bat"
#echo off
cls
for /f "tokens=3 delims= " %%a in ('reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ ^| findstr "REG_SZ"') do set currentValue=%%a
echo %currentValue%
echo
echo Select:
echo [1] I am at work
echo [2] I am at home
:choice
SET /P C=[Please enter a number]?
for %%? in (1) do if /I "%C%=="%%?" goto 1
for %%? in (2) do if /I "%C%=="%%?" goto 2
:1
#echo off
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d 192.168.85.129:3128 /f
goto end
:2
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
goto end
:end
The first few line is to check the proxy address and port in the registry. Next part is to select the choices between the two. I assume the one need proxy is in the office (choice 1). I will turn off the proxy when I am at home (choice 2). Note that when the proxy setting is set by a script, the graphical user interface in the LAN setting will not be affected. You will not see that the proxy has been set, that is why the first few lines is to check the current proxy.
This simple script that worked for me.
function FindProxyForURL(url, host)
{
if (isInNet(myIpAddress(), "192.168.10.0", "255.255.255.0"))
return "PROXY 192.168.10.2:3128";
else
return "DIRECT";
}
i added this above script to notepad and save as proxy.pac in C:/ drive.and also give the path in web browser(Chrome) (Setting=>Advanced=>Open Proxy Setting=>Lan Setting) and then tick mark "Use automatic configuration script" and give the path to Proxy.pac file in C:\ drive.
So it detects proxy automatically on my network.and on other networks direct the traffic bypassing the proxy.pac file.
thanks for cooperation.
I've been searching all over for this and I'm surprised I haven't found it yet.
I'm using Windows 7.
I've got TortoiseSVN 1.8 with command line tools available but if there is a solution using another client that will work, I'm open to other options.
I'm trying to reset the cached auths for a specific repository on an svn client.
I've have a group of projects (~15) that get built all together. We have setup batch files using the svn command line client to checkout and build the projects which work great on the individual developers machine since the svn client caches their credentials.
However, we are setting up a central build machine for releases (instead of having one person responsible for release builds) and we would like for anyone to be able to login and run a build using their own credentials.
The problem we have is that if we leave the svn client using it's default settings, then anyone logging into the machine will use the previous person's credentials. If we switch the svn client to not cache credentials, then the build process (its all scripted remember) has to prompt for every project which results in the user typing their password ~15 times just to do a build.
We are part of a large company and our svn server houses a lot of different repos for other teams and some developers use multiple repos so I cannot simply clear the cache directory after the build because that would wipe out all cached repos instead of just ours (as far as I can tell, svn only caches by server, not by repo).
Is there any solution I can implement that will prompt for svn credentials on the first project that gets pulled from svn in the batch file, uses those credentials for all projects in the script but then clears the cached credentials for only those projects (or the whole repo) when the script finishes?
I've tried several different method to try and "reset" the credentials for a specific project but I am not having any luck. Even if my script has to go reset them individually, that would be ok.
Someone on another so thread suggested using svn switch on the project and providing a different user via --username when done but that doesn't seem to work on windows (they were using OSX). The next time I run the script, it simply defaults to the last authenticated user.
-edit- added a dumbed down version of the script:
#ECHO OFF
pushd %~dp0
SET SVN=https://domain.com:81/svn/repo
SET TAG=%1
CALL :GET_PROJECT_TAG project1
CALL :GET_PROJECT_TAG project2
CALL :GET_PROJECT_TAG project3
CALL :GET_PROJECT_TAG project4
CALL :GET_PROJECT_TAG project5
CALL :GET_PROJECT_TAG project6
GOTO :END
:GET_PROJECT_TAG
svn export %SVN%/%1/tags/%TAG%/ %TAG%/%1/
EXIT /B
:END
popd
PAUSE
-end edit-
thoughts?
What about having the batch script prompt for credentials if not defined? Use setlocal just below #echo off to make the script forget the credentials on exit. If you'd like to mask the input of the password, it can be done with a PowerShell command.
<NUL set /P "=Password? "
set "psCommand=powershell -command "$p=read-host -AsSecureString;^
$m=[System.Runtime.InteropServices.Marshal];$m::PtrToStringAuto($m::SecureStringToBSTR($p))""
for /f "usebackq delims=" %%p in (`%psCommand%`) do set "pass=%%p"
echo You entered %pass%
Then just reuse %pass% in all svn commands as needed for as long as the script is running. If you're prompted for auth info via a GUI, then might using Subversion for Windows instead of TortoiseSVN solve your problems?
Edit: I feel I should note that it's not unreasonable to expect special characters in passwords that could potentially break your script. Whenever you retrieve the %pass% variable, you should probably do so in the delayed expansion style to prevent characters like ^ and < from being evaluated. But don't enable delayed expansion until retrieval. If delayed expansion is enabled during the input, exclamation marks might be stripped. Do it like this:
#echo off
setlocal
<NUL set /P "=Password? "
set "psCommand=powershell -command "$p=read-host -AsSecureString;^
$m=[System.Runtime.InteropServices.Marshal];$m::PtrToStringAuto($m::SecureStringToBSTR($p))""
for /f "usebackq delims=" %%p in (`%psCommand%`) do set "pass=%%p"
setlocal enabledelayedexpansion
echo You entered !pass!
endlocal
Here are a couple of batch files that I use to temporarily clear the cached credentials. You could easily modify them to suit your particular needs.
:: ClearCachedCredentials.bat
:: 2015-10-30 Kurt Schultz - Tested on Windows 7, 64-bit
:: Move the current TortoiseSVN credential cache files to a backup folder.
:: This allows you to log on to Subversion using a different set of credentials.
:: The original credentials can be restored by running RestoreCachedCredentials.bat
::
:: Alternatively, you can open the individual files in the svn.simple folder using
:: a text editor and look for the user ID that you want to remove from the cache.
:: Remove or delete the file as needed.
#set filePath=\Users\%username%\Application Data\Subversion\auth
#set fileCount=0
#If not exist "C:%filePath%" (
#echo Cannot locate "C:%filePath%"
#echo Do you have Tortoise SVN installed?
) Else (
#C:
#CD "%filePath%"
#for /f %%A in ('dir /b /a-d "svn.simple\*" 2^>nul ^| find /v /c "" ') do #set /a fileCount+=%%A
#Rem When the dir command is issued from the command line, there must be a space between the carat and the pipe e.g. ^ |
#Rem or you will get an error, invalid switch - "v". When inside the "for" command, the space cannot be there.
)
:: I had to move the following section out of the section above in order to test the value of fileCount.
:: When it was inside the Else block above, the value was always 0.
#If %fileCount%==0 (
#echo There were no cached files to backup or clear.
) Else (
#dir svn.simple
#echo.
#echo These credentials will be moved to the backup folder.
#echo.
#echo Press Ctrl-C now to abort or
#pause
)
:: I had to move the following section out of the section above and into its own If condition
:: in order to get the Ctrl-C to work correctly. (The file move did not occur, but the echo
:: statements were still executed.
#If Not %fileCount%==0 (
#If not exist backup (
#md backup
)
#If not exist backup\svn.simple (
#md backup\svn.simple
)
#move svn.simple\*.* backup\svn.simple
#echo.
#echo The TortoiseSVN credentials have been backed up and cleared.
#echo Run RestoreCachedCredentials.bat to restore them.
)
#echo.
#pause
:: RestoreCachedCredentials.bat
:: 2015-10-30 Kurt Schultz - Tested on Windows 7, 64-bit
:: Restore the TortoiseSVN credential cache files from the backup folder.
#set continue=false
#set filePath=\Users\%username%\Application Data\Subversion\auth
#If not exist "C:%filePath%" (
#echo Cannot locate "C:%filePath%"
#echo Do you have Tortoise SVN installed?
) Else (
#C:
#CD "%filePath%"
#If not exist backup\svn.simple (
#Echo The backup directory does not exist. There is nothing to restore.
#Echo You must first use ClearCachedCredentials.bat to create a backup.
) Else (
#echo This will restore the Subversion credentials from your backup folder.
#echo Press Ctrl-C now to abort or
#pause
#set continue=true
)
)
#If %continue%==true (
#copy backup\svn.simple\*.* svn.simple
#echo.
#echo The TortoiseSVN credentials have been restored.
)
#echo.
#pause
I would like to write a script that will add a domain user to the local administrator group.
I already tried
NET LOCALGROUP Administrators "domain\domainuser" /ADD
but I get the Access Denied error.
The problem is that if I want to run it as domain user, it does not have local admin rights, and if as local admin, it does not have access to the domain names. (I don't want to use domain admin)
If I manually right click the computer icon, than manage, I type in the computer name/local admin user/pass, than in Local Users and Groups -> Groups folder I want to add user to Administrators, I am prompted to log in again. If I log in than with a domain user, it works.
My question is, if it is possible to do the same (or something similar) with batch script?
Maybe, from vbs
GetObject("WinNT://" + WScript.CreateObject("WScript.Network").ComputerName + "/Administrators").Add "WinNT://DomainName/UserName"
I have solved it with another way, using 2 batch files
So I give you my code:
This one creates a folder in c: , than it creates a text file, it copies the name of the current user in it, than the other batch file in the same folder, and finaly runs it as local admin. If you write the password correctly(password will not appear as " * " when you write it):
mkdir c:\tempfiles$
break>c:\tempfiles$\temp.txt
echo %username% >> "c:\tempfiles$\temp.txt"
copy "%~dp0\admin.bat" "c:\tempfiles$"
runas /noprofile /env /user:%computername%\<LOCAL ADMIN USER> "C:\tempfiles$\admin.bat"
pause
rmdir /s /q "c:\tempfiles$"
The admin.bat, takes the user name writen in the text file (if this wasn't, it would take the %username% as the local admin username to add it, because we run it as the local admin)
The copy for the batch file is only necessary so you can run it from anywhere. For example if you would have it on a server's mapped drive it would not work.
set /p u=<c:\tempfiles$\temp.txt
net localgroup Administrators /add <DOMAIN NAME>\%u%
I have tried it on multiple computer, on most of it, it runs. On some of the computers it does not, probably because of the local policy of my company. I did not figgured that out yet.
For any questions or suggestions, feel confident to write your opinion.
The purpose of this batch file is to get the domain group members and add them to a local group. You must right click this file and select Run as Administrator.
#echo off
setlocal EnableDelayedExpansion
set /p v1=[Enter Domain Group Name]
set /p v2=[Enter domain name: xxx.com ]
set /p v3=[Enter Localgroup "Name"]
For /F "skip=8 tokens=1 delims= " %%G IN ('net group %v1% /domain' ) ^
DO if %%G neq The net localgroup %v3% %v2%\%%G /add
timeout /t 1
For /F "skip=8 tokens=2 delims= " %%G IN ('net group %v1% /domain' ) ^
DO if %%G neq command net localgroup %v3% %v2%\%%G /add
timeout /t 1
For /F "skip=8 tokens=3 delims= " %%G IN ('net group %v1% /domain' ) ^
DO if %%G neq completed net localgroup %v3% %v2%\%%G /add
timeout /t 1
I want to be able to run just one instance of xcopy rather than many, from a usb drive to .\admin\desktop on the computer I have plugged it in, however there might be some computers I get on that have the admin username changed to the name of the person. Is there a generic batch namimg convention for the admin user account for windows? If so I'd like to just use that whatever it may be instead of listing everyone's username for every computer and guessing what it might be without looking everytime.
Here is what I have so far, it works well if I know for a fact that the "Admin" user is still labeled "Admin."
#echo off
xcopy "%~dp0M1k_SWPCB\*.*" "C:\Documents and Settings\Admin\Desktop\SWPCB\" /d /s /h /v /c /f /k /y
pause
I tried 'All Users' as well, but in some cases the directory doesn't exist and it will not work. Plus if the computer has multiple users I don't want it on everyones' desktop.
Any help would be much appreciated.
Thanks
All users have a SID identifier and the local admin account always ends with the -500 suffix, so you can get the Admin username by checking the SID's on the Registry:
#Echo OFF
FOR /F "Tokens=*" %%# IN ('Reg Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" ^| FIND "-500"') DO (
FOR /F "Tokens=2,*" %%A IN ('Reg Query "%%#" /v "ProfileImagePath" ^| FIND /V "%%#"') DO (
Echo Admin SID: %%~n#
Echo Admin Folder: %%B
)
)
Pause>NUL&Exit
Output:
Admin SID: S-1-5-21-148789306-3749789949-2179752015-500
Admin Folder: C:\Users\Administrador
Another way to do it is with an VBScript, you can use it in your Batch file and write the Admin name to a textfile, then next you will set a variable with the content of the textfile. (I don't wrote this function):
Set objNetwork = CreateObject("Wscript.Network")
objComputerName = objNetwork.ComputerName
Set objwmi = GetObject("winmgmts:{impersonationLevel=impersonate}!//" & objComputerName)
qry = "SELECT * FROM Win32_Account where Domain = '" & cstr(objComputerName) & "'"
For Each Admin In objwmi.ExecQuery(qry)
If (Left(Admin.sid, 6) = "S-1-5-" And Right(Admin.sid,4) = "-500") Then MsgBox Admin.name)
Next
PS: Maybe someone will post other solution saying that listing the group names is another choice... but groupnames is not a generic solution 'cause the native language.