Post installation: Run EXE user side as Administrator

D

dedolo

New Member
Messages
7
Reaction score
1
With Bat2converter I created an .exe containing 2 .reg files, powerun and a batch to make the 2 files run with elevated rights. Tested in VM it works
only as administrator. What command or string do I need to enter for the exe to run with privileges. Thanks to anyone who answers me
P.S. sorry for my English... blame Google
 
Any command that runs from Post-Setup, whether (Before logon) or (After logon) has elevated rights. (After logon) commands run as your user account, but with Admin privileges. You don't need to include another wrapper, unless you're trying to run PowerRun or another tool as TrustedInstaller.

Normally if you add .reg files to Post-Setup, NTLite will run "reg import" for you. HKCU changes should be applied from (After logon), because the Current User will be the same as the primary user logged on.

Do you have specific examples of what reg file changes you want to apply?
 
garlin said:
Any command that runs from Post-Setup, whether (Before logon) or (After logon) has elevated rights. (After logon) commands run as your user account, but with Admin privileges. You don't need to include another wrapper, unless you're trying to run PowerRun or another tool as TrustedInstaller.

Normally if you add .reg files to Post-Setup, NTLite will run "reg import" for you. HKCU changes should be applied from (After logon), because the Current User will be the same as the primary user logged on.

Do you have specific examples of what reg file changes you want to apply?
Click to expand...
Yes I'm working on these keys

;30 Disable Windows spying
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection]
"AllowTelemetry"=dword:00000000

; Disable the AutoLogger-Diagtrack-Listener key
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\AutoLogger-Diagtrack-Listener]
"Start"=dword:00000004

; Delete the SQMLogger key
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\AutoLogger\SQMLogger]
"Start"=dword:00000004

; Add these entries to your hosts file to block RedShell and TreasureData
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath]
@=hex(2):25,00,57,00,69,00,6e,00,44,00,69,00,72,00,25,00,5c,00,53,00,79,00 ,73,00,74,\
00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00, 5c,\
00,65,00,74,00,63,00,00,00

; Disable the DiagTrack and dmwappushservice services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DiagTrack]
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmwappushservice]
"Start"=dword:00000004


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility]

"DiagnosticErrorText"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\UI\Strings]
"DiagnosticErrorText"=""
"DiagnosticLinkText"=""

; Additional telemetry block
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]

; Disabling Windows Defender AntiSpyware
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001
For this reason I created the exe file with PowerRun.exe inside and a batch to ensure that it is used when the exe is started to elevate the authorization
 
Your list of HKLM keys can be imported during Post-Setup, except for the Defender setting.

Defender is normally protected by Tamper Protection, and ignores post-boot changes. Move the Defender key to a separate .reg file, and load it under NTLite's Registry page. This merges it into the install image, so the value takes effect before Tamper Protection is enabled.

The only time you need PowerRun is to update specific keys protected by TrustedInstaller rights.
 
You must log in or register to reply here.
Back
Top