Best way to apply registry/batch tweaks

Status
Not open for further replies.

Hadden

Level 2
Thread author
Verified
Oct 18, 2015
97
I've some .reg and .bat I'd like to execute every time I logon/logoff.
Expecially regs, are "removed" after a win update.
What's the best way to do that? If It doesn't show any shell window is even better.
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
I've some .reg and .bat I'd like to execute every time I logon/logoff.
Expecially regs, are "removed" after a win update.
What's the best way to do that? If It doesn't show any shell window is even better.

Assign User Logon Scripts

Assign User Logoff Scripts

You can use Windows PowerShell scripts, or author scripts in any other language supported by the client computer. Windows Script Host (WSH) supported languages are also used, including VBScript and Jscript.
 
  • Like
Reactions: Hadden

Hadden

Level 2
Thread author
Verified
Oct 18, 2015
97
I'm on pro, so I can use that eventually.
For reg files, which is the best? A reg loaded by batch or can I hook directly the .reg file?
Script method or task scheduler way?
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
5

509322

I'm on pro, so I can use that eventually.
For reg files, which is the best? A reg loaded by batch or can I hook directly the .reg file?
Script method or task scheduler way?

For the .reg I suspect you can do it directly using Task Scheduler - although I have never done it myself. It is easy enough to try, and if it don't work, then .bat > .reg.

I would compare Logoff Scripts - GPO versus Task Scheduler to decide which one will work best for you.

From a security perspective, PowerShell should be disabled on your system; it is not recommended to use PowerShell unless you absolutely must use it because there are no other options.
 

Hadden

Level 2
Thread author
Verified
Oct 18, 2015
97
Ok, I try a plain task schedule for now and see how it goes ;)

How load/install reg from bat, in case direct hook fails?
I used to know, but I forgot the command structure: batch should be precise or they wont work XD

This should be ok(?)
(filename.bat)
Code:
REG IMPORT FileName.reg
 
Last edited:

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
From a security perspective, PowerShell should be disabled on your system; it is not recommended to use PowerShell unless you absolutely must use it because there are no other options.

This is absurd. Let's disable the entire OS just to be safe. There are security best practices for powershell one should consider.
 
5

509322

There are security best practices for powershell one should consider.

The vast majority of home users do not use nor need PowerShell. The widely accepted best practice for them is to disable the PowerShell shell. Many of our Enterprise clients also disable PowerShell. It's a part of the reduction of attack surface strategy. If an interpreter is not needed, then it should be disabled. This is established industry practice.

There are multiple system protection models. Users have to decide for themselves what works best for them on their specific systems.

When I make a post unrelated to our product, I am only making a suggestion or relating my experiences to the OP. The OP can consider it, and decide for themselves whether to embrace the suggestion or reject it.
 
Last edited by a moderator:
5

509322

Ok, I try a plain task schedule for now and see how it goes ;)

How load/install reg from bat, in case direct hook fails?
I used to know, but I forgot the command structure: batch should be precise or they wont work XD

This should be ok(?)
(filename.bat)
Code:
REG IMPORT FileName.reg

Check online. There are various ways. Since there are multiple methods, you have to tinker to find which will work best for you. Here is an example:

How to make a batch file execute a reg file

You can use reg.exe instead.
 

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
The vast majority of home users do not use nor need PowerShell. The widely accepted best practice for them is to disable the PowerShell shell.

As you broke this subject down, things are completely different. You cannot generalize, as you did, in the previous post.
I agree, home users, most of them, don't use powershell and if they don't they should disable it.

Many of our Enterprise clients also disable PowerShell. It's a part of the reduction of attack surface strategy. If an interpreter is not needed, then it should be disabled. This is established industry practice.

Enterprise (not small business) clients have a completely different approach on security. The security standard is to block access to anything a user or department does not need, contain the user space as much as possible. Permissions are distributed on the same machine to different users (even if the user space is virtualized). Administrators almost never disable powershell for themselves because 99% (if not 100%) of them actively use it; they disallow access to powershell and many other resources for a regular user. This is the established industry standard for the enterprise zone. I never heard of a enterprise client which completely disables powershell across all the users.

There are exceptions (the extreme end), government and military entities. I'm not getting into details. They use a completely different security approach. What i can say is that in many cases you don't get access to a PC, and the support goes through hell just to get some basic info. Access to logs? That's a joke in many cases, they edit everything, you get 99% of useless junk in 100% of the support cases.

In our case, @Hadden needed a reliable method to run scripts when logging in and out, to add/modify registry keys. Access to registry by malware is extremely used, might say even more used than powershell. I can't bet on this though, this is a personal opinion. If he wants to allow access to registry (which can be easily disabled from group policy settings), don't know if blocking powershell helps him much.

Also, the scheduled task must be properly configured, which usually it is not correctly configured by regular users. Microsoft created a place exactly (targeted) for Hadden's needs. Why not use it? If powershell is the problem, he can use any other language. All he had to do is to write the script, just copy it to the specified location in the article and add a path, without using 2 files in the process. The one thing i do not know, if this works when the machine is not joined to a domain, since i only use this in active directory environments.
 
5

509322

As you broke this subject down, things are completely different. You cannot generalize, as you did, in the previous post.
I agree, home users, most of them, don't use powershell and if they don't they should disable it.



Enterprise (not small business) clients have a completely different approach on security. The security standard is to block access to anything a user or department does not need, contain the user space as much as possible. Permissions are distributed on the same machine to different users (even if the user space is virtualized). Administrators almost never disable powershell for themselves because 99% (if not 100%) of them actively use it; they disallow access to powershell and many other resources for a regular user. This is the established industry standard for the enterprise zone. I never heard of a enterprise client which completely disables powershell across all the users.

There are exceptions (the extreme end), government and military entities. I'm not getting into details. They use a completely different security approach. What i can say is that in many cases you don't get access to a PC, and the support goes through hell just to get some basic info. Access to logs? That's a joke in many cases, they edit everything, you get 99% of useless junk in 100% of the support cases.

In our case, @Hadden needed a reliable method to run scripts when logging in and out, to add/modify registry keys. Access to registry by malware is extremely used, might say even more used than powershell. I can't bet on this though, this is a personal opinion. If he wants to allow access to registry (which can be easily disabled from group policy settings), don't know if blocking powershell helps him much.

Also, the scheduled task must be properly configured, which usually it is not correctly configured by regular users. Microsoft created a place exactly (targeted) for Hadden's needs. Why not use it? If powershell is the problem, he can use any other language. All he had to do is to write the script, just copy it to the specified location in the article and add a path, without using 2 files in the process. The one thing i do not know, if this works when the machine is not joined to a domain, since i only use this in active directory environments.

I've been doing this long enough to know that all @Hadden wants out of this thread is to get his batch and registry files to run as he wishes. He asked simple, to the point questions and I answered them, gave him a few tidbits to consider, and pointed him to a resource.

I respect that you are entitled to your own opinions with your own perspectives -- and will leave it at that. One thing that I am not going to do is engage in a running debate. It's pointless relative to the OP's purpose for this thread.
 
  • Like
Reactions: Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
I've been doing this long enough to know that all @Hadden wants out of this thread is to get his batch and registry files to run as he wishes. He asked simple, to the point questions and I answered them, gave him a few tidbits to consider, and pointed him to a resource.

I respect that you are entitled to your own opinions with your own perspectives -- and will leave it at that. One thing that I am not going to do is engage in a running debate. It's pointless relative to the OP's purpose for this thread.

Agreed.
For the record, I'm also doing this for 15+ years (professionally - as in i get paid to do this). I could never and i will never advice a user to do foolish things.
 

Hadden

Level 2
Thread author
Verified
Oct 18, 2015
97
Thanks, I'll take in account everything said here ;)
For example, I - really - hate UAC so I keep it off, but I think 2-3 times before hook/install something in my pc, and I mess only with registry keys/dll/paths I know it's (quite) safe to fiddle with and in the worst scenario I can always rollback damages with backup/PE usb key (I doubt I'll need it.. but it's better to have it xD) ;)
 
Last edited:
  • Like
Reactions: Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
Thanks, I'll take in account everything said here ;)
For example, I - really - hate UAC so I keep it off, but I think 2-3 times before hook/install something in my pc, and I mess only with registry keys/dll/paths I know it's (quite) safe to fiddle with and in the worst scenario I can always rollback damages with backup/PE usb key (I doubt I'll need it.. but it's better to have it xD) ;)

Oh... your choice, but I think you already know it's not the very best of practices. Maybe you could try to get used to the pesky UAC notifications :)
I don't even see them anymore :)

The thing is that one could never know what comes bundled with an apparently harmless app :)
 
  • Like
Reactions: Hadden
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top