0
I'm working on a tool that can change the password for an account without having to log in (account recovery). My thought was to put a key that runs a batch file in HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
. The batch file would contain net user password
.
This would all be set up via a WinPE drive (A bootable Windows installation enviornment with access to the registry. However, the RunServicesOnce
is not in my registry. In HKLM\Software\Microsoft
there is no CurrentVersion
path. It needs to work on 64 and 32 bit machines (Windows 10). What is the path to these keys?
I also assumed that putting it in the RunServicesOnce
would make it run one time then never again, but from what I've read online it will run every time the computer starts. How is this different than the RunServices
entry?
I was able to find the path you referred to, however there is still no
RunServiceOnce
in there. There isRunOnce
but those run after log on. – Mark Deven – 2019-07-02T18:34:49.060A lot of the documentation about those keys dates from Windows versions preceding Windows NT. I also scanned all my registry hives and didn't find any keys named
RunServicesOnce
orRunServices
. I would guess that they are deprecated in later versions of Windows, so I wouldn't count on them being used if you created them. – harrymc – 2019-07-02T19:25:04.143At least in regards to runonce, the items In there are run only once. A non-error return code tells windows to remove the item and it will disappear from the registry. – Appleoddity – 2019-07-03T01:31:16.927
@Appleoddity: More complete from Microsoft: "By default, the value of a RunOnce key is deleted before the command line is run. You can prefix a RunOnce value name with an exclamation point (!) to defer deletion of the value until after the command runs. Without the exclamation point prefix, if the RunOnce operation fails the associated program will not be asked to run the next time you start the computer." – harrymc – 2019-07-03T17:40:46.280
So is there no way to run a program on the startup before login? That seems rather silly. – Mark Deven – 2019-07-04T12:55:32.343
You can schedule it.
– harrymc – 2019-07-04T13:29:29.513Is it possible to schedule from a winpe enviornment? Task Scheduler does use the registry for all of it's data, so it must be somewhere... – Mark Deven – 2019-07-10T11:01:52.390