Tuesday, October 14, 2008

AutoRuns for Windows v9.34

AutoRuns for Windows v9.34
Tuesday, October 14, 2008 by Devesh Prabhu

By Mark Russinovich and Bryce Cogswell

Published: September 2, 2008

Introduction

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.

Autoruns' Hide Signed Microsoft Entries option helps you to zoom in on third-party auto-starting images that have been added to your system and it has support for looking at the auto-starting images configured for other accounts configured on a system. Also included in the download package is a command-line equivalent that can output in CSV format, Autorunsc.

You'll probably be surprised at how many executables are launched automatically!

Autoruns works on Windows 2000 SP4 Rollup 1 or above.

Screenshot

Autoruns


Usage

See the November 2004 issue of Windows IT Pro Magazine for Mark's article that covers advanced usage of Autoruns . If you have questions or problems, visit the Sysinternals Autoruns Forum.

Simply run Autoruns and it shows you the currently configured auto-start applications as well as the full list of Registry and file system locations available for auto-start configuration. Autostart locations displayed by Autoruns include logon entries, Explorer add-ons, Internet Explorer add-ons including Browser Helper Objects (BHOs), Appinit DLLs, image hijacks, boot execute images, Winlogon notification DLLs, Windows Services and Winsock Layered Service Providers. Switch tabs to view autostarts from different categories.

To view the properties of an executable configured to run automatically, select it and use the Properties menu item or toolbar button. If Process Explorer is running and there is an active process executing the selected executable then the Process Explorer menu item in the Entry menu will open the process properties dialog box for the process executing the selected image.

Navigate to the Registry or file system location displayed or the configuration of an auto-start item by selecting the item and using the Jump menu item or toolbar button.

To disable an auto-start entry uncheck its check box. To delete an auto-start configuration entry use the Delete menu item or toolbar button.

Select entries in the User menu to view auto-starting images for different user accounts.

More information on display options and additional information is available in the on-line help.

Autorunsc Usage

Autorunsc is the command-line version of Autoruns. Its usage syntax is:

Usage: autorunsc [-a] | [-c] [-b] [-d] [-e] [-g] [-h] [-i] [-l] [-m] [-n] [-p] [-r] [-s] [-v] [-w] [-x] [user]

-aShow all entries.
-bBoot execute.
-cPrint output as CSV.
-dAppinit DLLs.
-eExplorer addons.
-gSidebar gadgets (Vista and higher).
-hImage hijacks.
-iInternet Explorer addons.
-lLogon startups (this is the default).
-mHide signed Microsoft entries.
-nWinsock protocol and network providers.
-pPrinter monitor drivers.
-rLSA providers.
-sAutostart services and non-disabled drivers.
-tScheduled tasks.
-vVerify digital signatures.
-wWinlogon entries.
-x Print output as XML.
userSpecifies the name of the user account for which autorun items will be shown.
No Comments

Autologon for Windows v2.10

Autologon for Windows v2.10
Tuesday, October 14, 2008 by Devesh Prabhu

By Mark Russinovich

Published: November 1, 2006

Introduction

Autologon enables you to easily configure Windows’ built-in autologon mechanism. Instead of waiting for a user to enter their name and password, Windows uses the credentials you enter with Autologon, which are encrypted in the Registry, to log on the specified user automatically.

Autologon is easy enough to use. Just run autolog.exe, fill in the dialog, and hit Enable. To turn off auto-logon, hit Disable. If the DefaultPassword is NULL, autologon will only occur once and then be disabled. Also, if the shift key is held down before the system performs an autologon, the autologon will be disabled for that logon. You can also pass the username, domain and password as command-line arguments: autologon user domain password

1 Comment

AdRestore v1.1

AdRestore v1.1
Tuesday, October 14, 2008 by Devesh Prabhu

By Mark Russinovich

Published: November 1, 2006

Introduction

Windows Server 2003 introduces the ability to restore deleted ("tombstoned") objects. This simple command-line utility enumerates the deleted objects in a domain and gives you the option of restoring each one. Source code is based on sample code in the Microsoft Platform SDK. This MS KB article describes the use of AdRestore:

840001: How to restore deleted user accounts and their group memberships in Active Directory

No Comments

Active Directory Explorer v1.01

Active Directory Explorer v1.01
Tuesday, October 14, 2008 by Devesh Prabhu

By Bryce Cogswell and Mark Russinovich

Published: November 5, 2007

Introduction

Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database, define favorite locations, view object properties and attributes without having to open dialog boxes, edit permissions, view an object's schema, and execute sophisticated searches that you can save and re-execute.

AD Explorer also includes the ability to save snapshots of an AD database for off-line viewing and comparisons. When you load a saved snapshot, you can navigate and explorer it as you would a live database. If you have two snapshots of an AD database you can use AD Explorer's comparison functionality to see what objects, attributes and security permissions changed between them.

AD Explorer works on Windows 2000 and higher.

No Comments

AccessEnum v1.32

AccessEnum v1.32
Tuesday, October 14, 2008 by Devesh Prabhu

By Bryce Cogswell

Published: November 1, 2006

Introduction

While the flexible security model employed by Windows NT-based systems allows full control over security and file permissions, managing permissions so that users have appropriate access to files, directories and Registry keys can be difficult. There's no built-in way to quickly view user accesses to a tree of directories or keys. AccessEnum gives you a full view of your file system and Registry security settings in seconds, making it the ideal tool for helping you for security holes and lock down permissions where necessary.

Read Mark's Windows IT Pro Magazine article that describes how to use AccessEnum.

AccessEnum works on Windows NT/2000/XP/2003.


How It Works

AccessEnum uses standard Windows security APIs to populate its listview with read, write and deny access information.

No Comments

AccessChk v4.2

AccessChk v4.2
Tuesday, October 14, 2008 by Devesh Prabhu

By Mark Russinovich
Published: July 16, 2008

Introduction

As a part of ensuring that they've created a secure environment Windows administrators often need to know what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services. AccessChk quickly answers these questions with an intuitive interface and output.


Installation

AccessChk is a console program. Copy AccessChk onto your executable path. Typing "accesschk" displays its usage syntax.

AccessChk works on Windows Vista, Win2K, Windows XP and Server 2003 including x64 versions of Windows.


Using AccessChk

Usage: accesschk [-a] [-s][-e][-u][-r][-w][-n][-v][[-k][-p [-f]][-o [-t ]][-c]|[-d]] [username]
-a Name is a Windows account right. Specify '*' as the name to show all rights assigned to a user
-c Name is a Windows Service e.g. ssdpsrv. Specify '*' as the name to show all services and 'scmanager' to check the security of the Service Control Manager
-d Only process directories
-e Only show explicitly set Integrity Levels (Windows Vista only)
-k Name is a Registry key e.g. hklm\software
-n Show only objects that have no access
-p Name is a process name or PID e.g. cmd.exe (specify '*' as the name to show all processes)
-q Omit banner
-r Show only objects that have read access
-s Recurse
-t Object type filter e.g. "section"
-u Suppress errors
-v Verbose (includes Windows Vista Integrity Level)
-w Show only objects that have write access

If you specify a user or group name and path AccessChk will report the effective permissions for that account; otherwise it will show the effective access for accounts referenced in the security descriptor.

By default the path name is interpreted as a file system path (use the "\pipe\" prefix to specify a named pipe path). For each object AccessChk prints R if the account has read access, W for write access and nothing if it has neither. The -v switch has AccessChk dump the specific accesses granted to an account.


Examples

The following command reports the accesses that the Power Users account has to files and directories in \Windows\System32:

accesschk "power users" c:\windows\system32

This command shows which Windows services members of the Users group have write access to:

accesschk users -cw *

To see what Registry keys under HKLM\CurrentUser a specific account has no access to:

accesschk -kns austin\mruss hklm\software

To see the security on the HKLM\Software key:

accesschk -k hklm\software

To see all files under \Users\Mark on Vista that have an explicit integrity level:

accesschk -e -s c:\users\mark

To see all global objects that Everyone can modify:

accesschk -wuo everyone \basednamedobjects
No Comments
Subscribe to: Posts (Atom)