Pages

Sunday 30 December 2012

Registry Editing Has Been Disabled By Your Administrator Step by Step Methods for Fixing Registry Editor


Many times when working on a computer that has been infected with a virus, trojan, or piece of spyware I find myself with my most important command, Regedit, the Windows Registry Editor being disabled. Virus creators like to disable the Registry Editor so it makes solving the problem and removing the issue difficult.

Sometimes administrators in IT departments may place restrictions on using the regedit command to keep employees from changes things on company computers, but viruses and other issues may also try to disable it.

Listed below you will find the different ways to enable regedit, the Registry Editor.


First we'll begin with the method that appears to work the best.

Method 1 - Enabling the Registry with VBScriptDoug Knox, a Microsoft Most Valuable Professional, has created a VBScript that enables or disables the Registry Editor based on the following location in the registry. Of course, since the registry editor is disabled, you can't change it manually, so Doug wrote a Visual Basic Script to accomplish the task.

HKey_Current_User\Software\Microsoft\Windows\CurrentVersion\Policies\System\

Visit Doug's page and download Registry Tools VBScript to your desktop, double-click on it to run it, then reboot your computer and try to open the Registry Editor.

If this fix didn't solve your problem, try method two shown below.
Method 2:  Use Symantec's tool to reset shell\open\command registry keys
Sometimes worms and trojans will make changes to the shell\open\command registry entries as part of their infections. This will cause the virus to run each time you try to run an .exe file such as the Registry Editor. In these cases, visit Symantec's website and download the UnHookExec.inf file to your desktop. Right-click on it and choose Install. Restart your computer and then try to open the Registry Editor.
Method 3: Rename Regedit.com to Regedit.exe
Some viruses and other malware will load a regedit.com file that is many times a zero byte dummy file. Because .com files have preference over .exe files when executed if you type REGEDIT in the run line, it will run the regedit.com instead of the real regedit.exe file.

Delete the regedit.com file if its a zero byte file to restore access to REGEDIT. In some cases, such as the W32.Navidad worm, you'll need to rename the REGEDIT file to get it to work.

Method 4: Windows XP Professional and Group Policy Editor
If you have Windows XP Professional and access to an administrative user account, you could change the registry editor options in the Group Policy Editor.
1. Click Start, Run
2. Type GPEDIT.MSC and Press Enter
3. Go to the following location
o User Configuration
o Administrative Templates
o System
4. In the Settings Window, find the option for "Prevent Access to Registry Editing Tools" and double-click on it to change.
5. Select Disabled or Not Configured and choose OK
6. Close the Group Policy Editor and restart your computer
7. Try opening REGEDIT again
Although there are a few other ways, the above ways I have used with great success in re-enabling the REGEDIT command. If you are interested in more ways to reactive the REGEDIT command

How do you enable Registry Editing again if it has been disabled by your administrator?

First Method:

Click Start -> Run -> gpedit.msc -> User Configuration -> Administrative Templates -> System -> Prevent access to registry editing tools -> Right Click Properties -> Set it to Not Configured

Second Method:

Click Start -> Run. Type this command in Run box and press Ok. REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 Then a prompt will come up with this question: Value DisableRegistryTools exists, overwrite (Y/N)? Type yes and hit Enter. After u did that also type this command in the run box and hit enter. REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 Then it will also come up with the question: Value DisableRegistryTools exists, overwrite (Y/N)? Type yes and hit Enter.

Third Method:

STEP1. Disable as much as you can from your startup. Remove programs from your startup folder and such, so as not to lag down the bootup process. 

STEP2.Create a new shortcut on your desktop, point it to "C:\Windows\regedit.exe" 

STEP3.Log off, then log back on. 

STEP4.As soon as you see your desktop, double click on the shortcut. The system does not check for policies until a few seconds after it booted up. If you click on the icon fast enough, it should let you get in. After you close it though, it will not open unless you redo step 3 and 4. 

Fourth Method:

Getting into the registry editor by making a vbs script in notepad: Open Notepad and copy this script into it. And save it as regtool.vbs on your desktop. VBS SCRIPT(select everything and copy into notepad and save as regtool.vbs): 

Option Explicit
'Declare variables
Dim WSHShell, rr, rr2, MyBox, val, val2, ttl, toggle
Dim jobfunc, itemtype
On Error Resume Next
Set WSHShell = WScript.CreateObject("WScript.Shell")
val = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
val2 = "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools"
itemtype = "REG_DWORD"
jobfunc = "Registry Editing Tools are now "
ttl = "Result"
'reads the registry key value.
rr = WSHShell.RegRead (val)
rr2 = WSHShell.RegRead (val2)
toggle=1
If (rr=1 or rr2=1) Then toggle=0
If toggle = 1 Then
WSHShell.RegWrite val, 1, itemtype
WSHShell.RegWrite val2, 1, itemtype
Mybox = MsgBox(jobfunc & "disabled.", 4096, ttl)
Else
WSHShell.RegDelete val
WSHShell.RegDelete val2
Mybox = MsgBox(jobfunc & "enabled.", 4096, ttl)
End If
 Open regtool.vbs And there you go!

Windows 8 Registry Hacks You Might Not Know


As Windows 8 gets closer to the final release, I’ve already started seeing a lot of ways to customize or tweak the registry! There are a lot of visual and under-the-hood changes in Windows 8 and not all of them can be changed via the GUI settings.
In this article, I’ll show you 10 cool registry hacks you can use to customize your Windows 8 install. I’m sure there will be a lot more customizations in the coming months, so feel free to post a comment and let us know any that you find.

Disable Charms Bar Hint

charms bar hint
The Charms bar in Windows 8 pops up the second you move your mouse to the top right or bottom right corner of the screen. I find it annoying because I do this by accident a lot. There is a registry key that lets you disable the hint so that the bar only opens when you move to the top or bottom right and then slide your mouse down or up along the right edge.
Prevent Charms Bar Keeps Opening by Accident in Windows 8

Desktop Icon Spacing

icon spacing
Thanks Microsoft for getting rid of the options to customize our desktop! What used to be so easy is now a registry hack! In order to change the desktop icon spacing (horizontal and vertical), you have to edit two values in the registry. Check out our previous post below.
Change Desktop Icon Spacing in Windows 8

Change Number of Row Tiles

number of rows
By default, Windows 8 will try to figure out the number of rows it should show on your Start Screen based on the resolution of your monitor. What if you don’t want the number of rows it determines? Well, you can change it to a different value if you like. As you can see, I decided on only two rows instead of having 5 rows. You can choose a value from 1 to 5. Navigate to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid
Create a new DWORD value here and name it Layout_MaximumRowCount. Give it a value between 1 and 5. Enjoy!

Disable User Account Control

uac
User Account Control is a different beast in Windows 8 and you can’t even fully disable it via the traditional GUI interface you see above. To actually turn it off, you have to go to the registry. However, there are a few unexpected consequences to disabling UAC in Windows 8, which you can read in full below.
OTT Explains – UAC (User Account Control) in Windows 8

Confirm File Delete Dialog

file delete dialog
Another missing feature in Windows 8 is the confirm file delete dialog we were all so familiar with. I never noticed it too much, but when I first deleted a file in Windows 8, I was shocked to see that the file just went straight to the recycle bin. I’m sure I’ll get used to it eventually, but if you really want it back, here’s how to get it back. Navigate to the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Go ahead and create a new key under Policies called Explorer. Then create a new DWORD value and give it a name of ConfirmFileDelete. Change the value to 1 if you want the delete file dialog and 0 if you don’t want it. Sweet!
confirm file delete

Registered Owner

registered owner
Even though it’s so old and useless, I still like having the ability to change the registered own in Windows to whatever I like. Don’t ask me why, it’s just some weird geek thing from the early days of Windows. Luckily, Microsoft still has the value stored in a registry key which you can change to whatever you like.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Under CurrentVersion, just find RegisteredOwner and change it. Also, note there is aRegisteredOrganization, you could could actually put two custom lines in the about Windows dialog. How do you even get to that dialog in Windows 8? Go to the Start Screen and start typing winver.

Paint Desktop Version

paint desktop version
If you’re running several copies of Windows 8 on multiple computers and in virtual machines like I am, it’s nice to have the Windows version painted onto the desktop automatically. Windows 8 has a registry key that enables you to add this to your desktop automatically. Navigate to the following key:
HKEY_CURRENT_USER\Control Panel\Desktop
Find PaintDesktopVersion under the Desktop key and change the value from 0 to 1. Next time you login, you’ll see the Windows 8 version number and build number.

Border Width

border width
If you don’t like the border size around all your windows while on the desktop, then you can change it by going to the following key:
HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics
Find the key called BorderWidth and change it to any value between 0 and 50. It’s defaulted to -15, which is some odd numbering scheme employed by Microsoft which I don’t really get. Luckily, you can just use 0 to 50 for this registry setting instead of the crazy negative numbers.

Prevent Users From Uninstalling Apps

uninstall apps
By default, you can uninstall any app that you download from the Windows Store. However, it could be useful to create a user account for guests or your kids and then prevent users from uninstalling the apps. As you can see above, when I right-click on a metro app, the Uninstall options is gone! Navigate to the following key:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
You’re going to have to create the Explorer key under Windows and under Explorer you’re going to need to create a new DWORD value called NoUninstallFromStart. Give that a value of 1 and then sign out and sign back in.

Enable Snap on Low Res Screens

snap windows 8
If you’re running Windows 8 at a lower resolution, you may not be able to snap metro apps to the right or left side of the screen. However, using a little registry hack, you can get the benefit even on lower resolutions. Navigate to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\
Under the ImmersiveShell key, create a new key called AppPositioner. Under the new key, go ahead and create a new DWORD value called AlwaysEnableLSSnapping. Go ahead and give this a value of 1.

Enable GodMode in Windows 8


Windows 7 users were delighted when they found out about a secret feature called GodMode. It basically lets you create a folder with a special name that somehow then gives you access to just about all of the controls, options and settings for the OS.
Luckily, you can enable GodMode in Windows 8 too! To get started, just create a folder on the desktop and name it whatever you like. After that, right-click and it and choose Rename. Now just add the following to the end of the folder name:
.{ED7BA470-8E54-465E-825C-99712043E01C}
As you can see, you need to include the . before the opening bracket. Here’s my mine looks like:
All Settings.{ED7BA470-8E54-465E-825C-99712043E01C}
godmode windows 8
When you do this, the icon on the folder changes into one that is exactly the same as the Control Panel.
windows 8 settings
However, if you click on the new GodMode icon, you’ll get a folder with a bunch of links to all kinds of settings on Windows 8. It’s nice because it even breaks it down by category.
godmode settings
Now you can access every single setting and option in Windows 8 from one folder! So if you are having a hard time finding a particular setting or control panel item, just open this folder and do a search. It’s great because you can narrow down the huge list by typing in a few keywords.
search settings
Sweet! So that’s how you enable GodMode in Windows 8. However, there is also another way to get access to a lot of settings in Windows 8. The new Start Screen has a built-in search option that lets you search all system settings. Go to the Start Screen and type in the word Settings.
search settings
You get a pretty big list of 91 settings you can adjust. Just swipe with your finger or scroll with your mouse to access all of the settings.
settings windows 8

Fix USB Device Not Recognized in Windows


Are you getting a “USB device not recognized” error whenever you plug in a USB mouse, keyboard, or other USB device? I love USB and have 5 ports on my computer so that I can connect my mouse, keyboard, camera, phone, and printer to it all at once!
However, last weekend, my computer stopped recognizing my USB devices! The strange thing about it was that the USB ports were not bad because all of my devices were still getting power to them. I could still charge my cell phone without a problem!
usb device not recognized
So I started with the normal fixing methods, including uninstalling the drivers for my devices and reinstalling them. That didn’t work! Next I tried System Restore thinking that maybe I had installed something and it caused a conflict with the USB system drivers. That didn’t work!
I read online that in order to fix this problem I should go to Device Manager and uninstall all of the devices under USB Controllers. Restarted the computer, reinstalled the USB drivers, but the problem STILL did not go away!
You may also see in Device Manager that the device shows up as an “Unknown Device”.
unknown usb device
So how did I finally fix the problem? Well, apparently it’s a super simple solution! No need to edit the registry, uninstall drivers, or anything of that sort.
Simply UNPLUG YOUR COMPUTER FROM THE POWER SUPPLY. Yes that’s it! Note that this does not mean just turning off your computer because modern computers don’t really turn off when you press the power button as the motherboard still gets power.
First to explain, the motherboard is where all of hardware of the computer is connected to, including the USB ports. Sometimes the motherboard needs to be “rebooted” also because something can go wrong, i.e. all your USB ports suddenly stop working. The small microprocessor on the motherboard will reload the drivers and your USB ports should be back to recognizing all devices!
So first turn off your computer using Shut Down or pressing the power button and then UNPLUG it from the wall outlet. Let it sit for about a minute and then plug it back in.

Disable Settings, Services, and Programs in Windows XP

Even though most people never change the settings on their computers, there are some situations where it’s very useful to be able to turn off or disable a certain program, service, or setting in Windows XP. For example, over the last few years working as an IT Professional, there have been many occasions where it has been proven very useful to disable the firewall in Windows, or to disable the popup blocker in IE, or to disable the autorun/autoplay feature for the CD/DVD drive.
Disabling items such as regedit, task manager, hardware devices, cookies, etc should only be performed if there are other people who use your computer and you want to prevent them from accessing system settings. Disabling items such as System Restore, MSN Messenger, and startup programs can help save computer resources. However, disabling System Restore without knowing what it is used for and not having another backup, would not be a good idea. So only disable items if you are sure you want to disable them!

How to Disable Windows Firewall

You can turn off the Windows Firewall in XP by navigating to the Control Panel (via Start button) and opening the Windows Firewall dialog. If you don’t see the icon, click on Switch to Classic View at the top left.
disable windows firewall
On the General tab, click Off (not recommend) to remove all the blocking restrictions. Only turn off the Firewall if you have another third-party product installed or if you’re checking to see whether a program is being blocked by the firewall or something else.

How to Disable popup blocker in IE

Sometimes IE will block a legitimate popup or you might have another third-party popup blocker application that you want to use instead of IE, so you can disable it by going it Tools and then clicking onPop-up Blocker.
disable popup blocker
Click on Turn Off Pop-up Blocker to disable it permanently. If you simply want to allow a few sites that you know are safe, but still block the rest, you can click on Pop-up Blocker Settings and add in the web sites that you want to always allow.
turn off popup blocker

How to Disable cookies in IE

Cookies are small files that are stored on your computer by web sites such as Yahoo, Google, Amazon, etc that store your preferences for services that you can personalize, such as color theme or items on your home page. Some sites will use cookies for statistics, demographics and identifying purposes. You can disable cookies by going to Tools and then Internet Options.
disable cookies
Next, click on the Privacy tab and click on the Advanced button under the Settings header.
disable cookies in ie
Finally, check off the Override automatic cookie handling option and choose either Accept, Block, or Prompt for First-party cookies and Third-party cookies. First-party cookies are created by the web site you are currently visiting and third-party cookies are set by a different site than the one you are visiting.
disable cookies ie

How to Disable System Restore

System Restore is a built-in feature of Windows that allows you to take snapshots of the operating system at specific moments in time, such as before you install a new driver or application. If something goes wrong and the computer is crashing, etc, you can go to System Restore and restore the operating system to a previous point when it was still working. If you want to disable it to save hard disk space, here’s how.
Right-click on My Computer from the Desktop and choose Properties.
disable system restore
Next, click on the System Restore tab and either check the Turn off System Restore on all drivesor click on each drive you want to turn it off on and click Settings. Personally, the best way is to keep System Restore turned on for your C drive (or whichever drive has Windows installed on it) and to turn it off for all of the other drives or partitions.
turn off system restore

How to Disable Autorun/Autoplay for CD/DVD drives

I usually like to keep the autorun feature turned off because I find it very annoying when it automatically pops up asking me what I want to do with a cd that I might just want to access via a different program, etc. Also, you never know what kind of virus could be on a CD someone burned, which will then be executed automatically since autorun is turned on.
You can disable autorun by going to My Computer and right-click on the CD/DVD drive installed and choosing Properties.
disable autorun
Click on the AutoPlay tab and choose Select an action to perform. Scroll down and choose Take No Action.
disable autoplay

How to Disable Wireless connection

Sometimes disabling your wireless connection can be useful if you’re at work with a laptop and are plugged into a wired network. If you’re already connected and your wireless network keeps trying to connect to, it can cause problems and be annoying.
You can disable your wireless connection in Windows by going to the Control Panel and choosing Network Connections. Click on Switch to Classic View if you don’t see the icons.
disable wireless
You’ll see a connection called Wireless Network Connection under the LAN or High-Speed Internetsection. Right-click on it and choose Disable.
disable wireless connection

How to Disable Dr. Watson

Dr Watson is an error debugging tool in Windows that gathers information about your computer whenever an error occurs. It creates a text file that you can send to technical support specialists for review. If you want to disable it, you need to remove it from the registry.
1. Click Start, click Run, type regedit.exe in the Open box, and then click OK.
2. Locate and click the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
NOTE: You only need to do Steps 3 and 4 if you want to be able to enable Dr Watson again later on.
3. Click the AeDebug key, and then click Export Registry File on the Registry menu.
4. Type in a name for the file and choose a location, and then click Save.
5. Delete the AeDebug key.

How to Disable the Task Manager in Windows

There are two ways of disabling the Windows Task Manager in XP, one via the registry and one via the Group Policy editor. If you’re more familiar with the registry route, follow these steps.
1. Click Start, click Run, type regedit.exe in the Open box, and then click OK.
2. Locate and click the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
3. Click on the DisableTaskMgr key and change the value to 1 to disable.
disable task manager
If they key is not there, create a new REG_DWORD key and set the value to 1. If you don’t like messing with the registry or Group Policy, you can use a simply little program written by Doug Knox that disables the Task Manager for the current user graphically.
If there’s more stuff you want to know how to disable, leave me a comment! I’ll add some more as I think of them!

Track When Someone Accesses a Folder on Your Computer

There’s a nice little feature built into Windows that allows you to track when someone views, edits, or deletes something inside of a specified folder. So if there’s a folder or file that you want to know who is accessing, then this is the built-in method without having to buy any additional software.
This feature is actually part of a system called Group Policy, which is used by most IT Professionals who manage computers in the corporate network using servers, however, this policy system can also be used locally without any servers.
The term Group Policy basically refers to a set of registry settings that can be controlled via a graphical user interface. You enable or disable settings and these edits are updated in the Windows registry.
To get to the policy editor, click on Start and then Run.
In the textbox, type “gpedit.msc” without the quotes as shown below:
Now you should see something that is similar to the image below:
There are two main categories of policies: user and computer. As you might have guessed, the user policies control the settings for each user whereas the computer settings will be system wide settings and will effect all users. In our case we’re going to want our setting to be for all users, so we’ll expand our the Computer Configuration section.
Continue expanding to Security Settings -> Local Policies -> Audit Policy. I’m not going to explain much of the other settings here since this is primairly focused on auditing a folder. Now you’ll see a set of policies and their current settings on the right hand side. Audit policy is what controls whether or not the operating system is configured and ready to track changes.
Now check the setting for Audit Object Access by double clicking on it and selecting both Success and Failure. Click OK and now we’re done the first part which is telling Windows that we want it to be ready to monitor changes. Now the next step is to tell it what EXACTLY we want to track. You can close out of the Group Policy console now.
Now navigate to the folder using Windows Explorer that you would like to monitor. In Explorer, right click on the folder and click Properties. Click on the Security Tab and you see something similar to this:
Now click on the Advanced button and click on the Audting tab. This is where we’ll actually configure what we want to monitor for this folder.
Go ahead and click the Add button. A dialog will appear asking you to select a User or Group. In the box, type in the word “users” and click Check Names. The box will automatically update with the name of the local users group for your computer in the form COMPUTERNAME\Users.
Click OK and now you’ll get another dialog called “Audit Entry for X”. This is the real meat of what we’ve been wanting to do. Here is where you’ll select what you want to watch for this folder. To make things easier, I suggest selecting Full Control, which will automatically select all the other options below it. Do this for Success and Failure. This way, whatever is done to that folder or the files within it, you will have a record.
Now click OK and click OK again and OK one more time to get out of the whole multi-dialog box set. And now you have sucessfully configured audting on a folder! So you might ask, how do you view the events?
In order to view the events, you need to go to the Control Panel and click on Administrative Tools. Then open up the Event Viewer. Click on the security tab and you’ll see a large listing of events on the right hand side:
If you go ahead and create a file or simply open the folder and click the Refresh button in the Event Viewer (the button with the two green arrows), you’ll see a bunch of events in the category of Object Access. It’ll also list the user and computer. Now if you have a computer with multiple user accounts, then you can just scroll through the list and see if the object access message is there with another user name listed. However, if you think someone might be viewing items under your name, you’ll have to instead scroll through and look at the date and time.
In order to make it easier to look through so many events, you can put a filter and just see the important stuff. Click on the View menu at the top and click on Filter. In the Event ID box, type in the number 560. This is the event associated with a particular user performing an action and will give you the relavant information without having to look through thousands of entries.
If you want to get more information about an event, simply double click on it to view.
This is the information from the screen above:
Event Type: Success Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 3/11/2007
Time: 2:57:35 AM
User: RELIAGENETECH\akishore
Computer: ASEEM
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: D:\Test\New Microsoft Word Document.doc
Image File Name: C:\WINDOWS\explorer.exe
Primary User Name: akishore
Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes
Here I created a new Microsoft Word document in the Test folder and it tells me that the object type was a file and Explorer was being used by user akishore. And I performed a read and a write according to the “Accesses” section. If you just want to see if someone else is accessing a folder, then simply look at the entries date and time or user fields.