Wednesday, 24 July 2013

Remote registry edition of Hkey Current User

Lets say you need to edit the registry of a currently logged on user but that user has no administration rights. You would need to grant the local admin rights, log off and log on.
With this simple trick you can edit the current user registry:


1. Open a regedit with domain admin rights




















2. On the File menu, click Connect Network Registry.
















3. In the Select Computer dialog box, type the name of the computer to whose registry you want to connect
4. Navigate to HKEY_USERS and look for the longest key without "_Classes" in front. That will be the current logged on user HKEY_CURRENT_USER.
















This way you can edit the reg keys you need without logging out the non local admin user.

Remove proxy option tick in Internet Explorer

If you had a GPO applying a proxy option, but you no longer use a proxy, by disabling that option in a GPO it wont remove the tick option in Internet Explorer. So run this script on user logon (with a GPO), copy and paste on a notepad and save with .vbs extension.
Place the script on your DC netlogon or a available share.


Option Explicit

dim strRegPath
dim user
dim password
dim sh
dim oWshShell
dim message

strRegPath = "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"
Set oWshShell = CreateObject("WScript.Shell")
set sh = createobject("wscript.shell")

Call oWshShell.RegWrite(strRegPath & "ProxyEnable", "00000000", "REG_DWORD")

Set oWshShell = Nothing
Set sh = Nothing

Change permissions to NTFS folders using the folder name



I found this script online, but had several bugs and was fixed by me and a coworker.
The purpose is to change the NTFS permissions on several folders using the folder name as basis. 
You must have your username the same as the folder. 
It propagates to the child objects. But you can mess around with the options a bit. 
Please test before, as always, and adjust the folders and options to your enviroment.

You must use powershell in v2 otherwise it wont work.


#############################################################################
# Script: changePermissions.ps1
# Date: 17/07/2013
# Keywords:
# Comments:
# Pre-Requisites: Full Control over destination folder.
#
#
# DISCLAIMER
# ==========
# THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
# RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.
#############################################################################
#############################################################################
#            Variables
#
# Where is the root of the home drives?
$homeDrivesDir="inserthomedrivehere"
# Report only? ($false = fix problems)
$reportMode = $false
# Print all valid directories?
$verbose = $false
# What domain are your users in?
$domainName = "insertdomainhere"
#
#######################################################################
# Save the current working directory before we change it (purely for convenience)
pushd .
# Change to the location of the home drives
set-location $homeDrivesDir
# Warn the user if we will be fixing or just reporting on problems
write-host ""
if ($reportMode) {
 Write-Host "Report mode is on. Not fixing problems"
} else {
 Write-Host "Report mode is off. Will fix problems"
}
write-host ""
# Initialise a few counter variables. Only useful for multiple executions from the same session
$goodPermissions = $unfixablePermissions = $fixedPermissions = $badPermissions = 0
$failedFolders = @()
# For every folder in the $homeDrivesDir folder
foreach($homeFolder in (Get-ChildItem $homeDrivesDir | Where {$_.psIsContainer -eq $true})) {
 # dump the current ACL in a variable
$acl= (Get-Item $homeFolder).GetAccessControl("Access")
 #$Acl = Get-Acl $homeFolder
 # create a permission mask in the form of DOMAIN\Username where Username=foldername
 #    (adjust as necessary if your home folders are not exactly your usernames)
 $compareString = "*" + $domainName + "\" + $homeFolder.Name + " Allow  FullControl*"
 # if the permission mask is in the ACL
 if ($Acl.AccessToString -like $compareString) {
 # everything's good, increment the counter and move on.
 if ($verbose) {Write-Host "Permissions are valid for" $homeFolder.Name -backgroundcolor green -foregroundcolor white}
 $goodPermissions += 1
 } else {
 # Permissions are invalid, either fix or report
 # increment the number of permissions needing repair
 $badPermissions += 1
 # if we're in report mode
 if ($reportMode -eq $true) {
 # reportmode is on, don't do anything
 Write-Host "Permissions not valid for" $homeFolder.Name -backgroundcolor red -foregroundcolor white
 } else {
 # reportmode is off, fix the permissions
 Write-Host "Setting permissions for" $homeFolder.Name -foregroundcolor white -backgroundcolor red
 # Add the user in format DOMAIN\Username
 $username = $domainName + "\" + $homeFolder.Name
 # Grant the user full control
 $accessLevel = "FullControl"
 # Should permissions be inherited from above?
 $inheritanceFlags = "ContainerInherit, ObjectInherit"
 #$inheritanceFlags = "None"
# Should permissions propagate to below?
 $propagationFlags = "None"
 # Is this an Allow/Deny entry?
 $accessControlType = "Allow"
 try {
 # Create the Access Rule
 $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($username,$accessLevel,$inheritanceFlags,$propagationFlags,$accessControlType)
 # Attempt to apply the access rule to the ACL
 $Acl.SetAccessRule($accessRule)
 Set-Acl $homeFolder $Acl
 # if it hasn't errored out by now, increment the counter
 $fixedPermissions += 1
 } catch {
 # It failed!
 # Increment the fail count
 $unfixablePermissions += 1
 # and add the folder to the list of failed folders
 $failedFolders += $homeFolder
 }
 } #/if
 } #/if
} #/foreach
# Print out a summary
Write-Host ""
Write-Host $goodPermissions "valid permissions"
Write-Host $badPermissions "permissions needing repair"
if ($reportMode -eq $false) {Write-Host $fixedPermissions "permissions fixed"}
if ($unfixablePermissions -gt 0) {
 Write-Host $unfixablePermissions "ACLs could not be repaired."
 foreach ($folder in $failedFolders) {Write-Host " -" $folder}
}
# Cleanup

popd

Internet Explorer 10 lost advanced tab in Windows 7 with all users

I had an issue with a IE10 that had no advanced tab available. No GPO was disabling it, no local restriction, user was local admin.
Oh, and every single user that logged on that machine would had no advanced tab as well.

After fiddling with it for hours, the only solution was to import the following registry key from another pc with same operating system (Win7 64bit with IE 10) to that pc.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer

Export from the working registry and import in the problematic pc. No need to mention to backup the registry before.
It worked for me.


Saturday, 9 May 2009

Webcam do portátil Asus F50 do e-escolas tem a imagem ao contrário

Constatei que é um problema comum que tem assombrado vários destes equipamentos, a resolução é simples:
Actualizar o driver da Webcam quer através do site da Asus ou do cd fornecido com o equipamento.
Espero ter ajudado.