I am trying to change the default location of the documents folder using powershell or cmd specifically.
What I have tried:
I have tried changing both the shell folders and user folders registry path and restarted the computer but nothing happens:
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Personal /t REG_EXPAND_SZ /d "C:\users\JatonJustice\desktop\testfolder"
But I still see it in the users folder in documents(even after restarting. The picture below is after restarting the computer.):
I tried using the answer from here: Set location of Special Folders with PowerShell
However that didn't seem to do anything either:
If anyone has any ideas for this, that would be awesome. If I have to I guess I can use wswshell but that is the last resort.
I found out that reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Personal /t REG_EXPAND_SZ /d "C:\users\JatonJustice\desktop\testfolder" works but when you are using an azure domain account or an amazon workspace account, the registry location for the user shell folders will be in a different place
you can verify the user location of the shell folder key by navigating to HKEY_CURRENT_USER and double checking which account you are in. There are accounts like .DEFAULT, or S-1-5-18 (SYSTEM ACCOUNT), etc.
Related
I am trying to automate sever setup of a windows 2019 server using userdata. I need to update the local group policy settings.
The specific group policy i want to enable is "Set time limit for disconnected sessions"
How can i enable this 'local' group policy for a vm using powershell or bash or even Regedit.
I have tried but i cant seem to get it be in an "enabled" state.
Look at this Registry Edit.
You can access this registry key in Powershell or Bash.
More information here.
reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /v MaxDisconnectionTime /t REG_DWORD /d 5000 /f
Try this, its the same registry key but using Powershell to set.
Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" -Name MaxDisconnectionTime -Type REG_DWORD -Value 900000
The value is in ms, this would set it to 15 minutes.
https://admx.help/?Category=Windows_10_2016&Policy=Microsoft.Policies.TerminalServer::TS_SESSIONS_Disconnected_Timeout_2
After you run that, restart the device and the settings should be updated.
There is no way to directly configure the local group policy using PowerShell.
When configured, the GPO sets a registry key and value.
It's not bi-directional where you can set the registry key and then the GPO is configured.
You can use Microsoft's tool LGPO.exe to export the policy settings from a computer you've configured, and then use PowerShell to import those settings to your new computer.
I am using ShareGate to migrate data from our network drive to our 365 SharePoint sites.
When doing a migration for certain folders I am getting errors that the SharePoint library cannot contain more than 50,000 unique permissions.
We primarily use security groups to add permissions to folders on the network drive but after the years we have had this data a lot of permissions are messed up and don't even allow admin accounts to change them.
To get around them I am using psexec to open powershell as NT Authority\System and run the following command to make Administrator owner of all the files/folders.
takeown /d Y /a /r /f "folder path"
After doing that I use icacls with the following two commands:
icacls "Folder path" /inheritancelevel:e /t /c /q
icacls "Folder path" /grant "username":f /t /c /q
For username I will use an administrator account to reduce issues with sharegate migration.
This has allowed access to all the files/folders within a main folder of a network drive, but after doing so I get errors for the 50k unique permissions.
I believe I've narrowed it down to icacls making every permission unique when I force add the username with full access. I have tried resetting permissions and forcing inherited permissions which will work for the folders and subfolders, but the files will not take the parent permissions and still recreate the permissions that they had before.
I am currently using powershell v2.0 on a windows server 2008 R2. I have ShareGate version 16.0.0
I installed powershell version 5.0 but have to restart the server after hours tonight so it can do the update and install.
Does anyone know how I would be able to make all permissions the same for future folders and also fix the current permissions so none are unique?
I'm trying to delete registry keys in a batch file, here's what I'm doing.
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM" /f
I'm recieving the following error:
ERROR: Access is denied.
Yet I can simply open regedit.exe and right click and delete the registry key no problem! To state the obvious, I have elevated the batch file instance as administrator, am logged in as administrator, and tried running the batch from a cmd and powershell instance both as administrator. The Administrator account has full permissions for the registry keys, which is why I'm able to delete them simply through the regedit GUI. This is part of a large batch file script, the point is I want the whole process to be automated. Any ideas?
Lots of companies have a GPO setting called 'Prevent Access To Registry Editing Tools' set to 'Yes'.
Maybe that is the culprit here. When you run regedit yourself, the machine wil probably show you a UAC message first and next you click 'OK' on that?
You may get a useful errormessage if you try to delete the key using a different scripting language like VBScript:
Const HKEY_LOCAL_MACHINE = &H80000002
Dim objReg, strKeyPath, strComputer
strComputer = "."
Set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\CCM"
objReg.DeleteKey HKEY_LOCAL_MACHINE, strKeyPath
Set objReg = Nothing
or using PowerShell:
Remove-Item -Path 'HKLM:\SOFTWARE\Microsoft\CCM' -Recurse
More of a follow up to #Theo response, it seems like somethings preventing you access as that command should work. I would suggest trying his idea then if it does not work, trying this one.
Since you have admin access you could attempt to give Everyone perms to the key as all you want to do is simply remove it. The REGINI command can do this but will add some bulk to the script.
::Grant perms to REG key
echo \Registry\machine\SOFTWARE\Microsoft\NEW [7] >> "%~dp0KeyPermx.txt"
REGINI %~dp0KeyPermx.txt
del %~dp0KeyPermx.txt
::Remove the key
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NEW" /f
I have a windows 10 machine and I need to change the Security settings to not defined for Local Security Policy->Local Policies->Security Options->
DCOM:Machine Launch Restrictions in SDDL syntax
and
DCOM:Machine Access Restrictions in SDDL syntax from a command line.
Would anybody know how to do this?
REG DELETE "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\DCOM " /v MachineLaunchRestriction /f
REG DELETE "HKLM\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows NT\DCOM " /v MachineAccessRestriction /f
Deleting the keys worked
I am building a Windows embedded kiosk application that automatically logs in a default user on boot and launches the kiosk application. Once this occurs, the user cannot interact with any windows features, only the kiosk application.
However, when an admin comes to work on the system, he can log out of the default windows user account and log into a windows admin account. When the admin manually logs out, I want to automatically log the default user back in, and launch the kiosk application.
I have been searching for a couple hours on how to accomplish this with no luck. I am thinking a Powershell logoff script or something similar, but have no idea how to implement it (I have not Powershell experience). Does anyone have an idea on how to accomplish this?
Note: I already know how to automatically log in the default user and launch the kiosk app on computer startup (using group policy editor). I am only asking how to do the same thing when the admin logs off.
Create a logoff script with the following registry keys. Doesn't have to be powershell, this code would work for a normal command line batch script. The username is "user" and the password is "user"
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUsername /t REG_SZ /d user /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d user /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v ForceAutoLogon /t REG_SZ /d 1 /f
If you have a "welcome message", you will still have to click OK to fully log in, though
Here is how you create a logoff script: http://technet.microsoft.com/en-us/magazine/dd630947.aspx
You can put a PS script in the Local group policy editor (logoff script). You have to
Make a script that checks which user is logged in.
And if it is the admin you can use the shutdown -s so it will restart the PC and auto login the user.
Then it's what you want, only an unnecessary reboot.
Be careful: if your script is wrong about the usercheck (= admin), you cannot log off the user and you can't go anymore to the admin anymore!