How do I turn Password Protected Sharing on or off programmatically?

笑着哭i 提交于 2019-11-30 05:26:32

Probably too late :) , but hopefully useful for others.

The following steps worked just fine for me (it worked on W8 consumer preview too).

to turn it off:

1 - Enable guest account by running

net user guest /active:yes

2 - Obtain guest user SID by running, for example,

wmic useraccount where name='guest' get sid

3 - Obtain write access to registry folder HKLM\SECURITY

4 - Modify the following key, where $SID is the sid obtained in point 2, to:

[HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\$SID\ActSysAc]
@=hex(0):41,00,00,00

5 - restart the machine (until now, I didn't find a better way to make the change effective)

to turn it on again:

[HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\$SID\ActSysAc]
@=hex(0):c1,00,00,00

then restart

Export the complete register as 1.reg, turn sharing on (or off, if it was on), export to 2.reg and check for the differences?

To be able to use the diff utility, export the files in Win9X/NT4 registration files (*.reg) -format

Here is a powershell script that implements paolos answer. It is unpolished as it permits everybody write access to the specific registry key (The [7] part specifies this with regini syntax) and uses a file in C:\ root but works flawless:

# Get guest user id
$SID = & "wmic" "useraccount" "where" "name='guest'" "get" "sid" "/Value" | Out-String
$SID = $SID.Trim().Substring(4)

# Generate regini script
$PATH = "\Registry\Machine\Security\Policy\Accounts\" + $SID + "\ActSysAc"
$PATH + " [7]`r`n" + $PATH + "`r`n@ = REG_NONE 4 0x41 0x00 0x00 0x00" >> "C:\firstrun.regini"

# Execute regini script
& "regini" "C:\firstrun.regini"

It is in the registry just not necessarily in the place you are expecting (it is in the SAM). From what I can tell all that setting does is enable or disable the guest account, so, well, just enable or disable the account.

You didn't say what you programming language you are using, so here is some simple C code to enable an account, if you need anything else I am sure there is plenty around via google.

#include <LM.h>
#pragma comment(lib, "Netapi32.lib")

BOOL EnableUser(LPCWSTR lpUserName, BOOL bEnable)
{
    BOOL bRet = FALSE;
    DWORD dwLevel = 1008;
    LPUSER_INFO_1 ui1;
    USER_INFO_1008 ui1008;
    NET_API_STATUS nStatus;

    nStatus = NetUserGetInfo(NULL, lpUserName, 1, (LPBYTE*)&ui1);
    if(nStatus == NERR_Success)
    {
        ui1008.usri1008_flags = ui1->usri1_flags;
        if(bEnable)
        {
            ui1008.usri1008_flags &= ~UF_ACCOUNTDISABLE;
        }
        else
        {
            ui1008.usri1008_flags |= UF_ACCOUNTDISABLE;
        }

        nStatus = NetUserSetInfo(NULL, lpUserName,  dwLevel, (LPBYTE)&ui1008, NULL);
        NetApiBufferFree(ui1);
        if(nStatus == NERR_Success)
        {
            bRet = TRUE;
        }   
    }

    return bRet;
}
Arnaud

I tested Paolo's answer on windows 7 Home without success. Comparing the .reg extraction of the registry before and after turning off the password protected sharing, I noticed modifications in 3 values:

[HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\S-1-5-21-3207962671-1026919178-1165869658-501\ActSysAc] REG_NONE value's first byte changed from c1 to 41 (this SID is the guest account's SID)

[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account] REG_BINARY "F" value's 17th byte changed from 3b to 3c

[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users\000001F5] REG_BINARY "F" value's 57th byte changed from 15 to 14 (0x1F5 is the type of the guest's Names value)

I tried changing only the first value as indicated by Paolo. This did not change the password protected sharing even after reboot. But I had success when changing the 57th byte between 14 and 15 only for the third value:

[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users\000001F5] REG_BINARY "F".

I tested with success on another windows 7 computer.

Mohammed Said

Take a look at this file (disable_password_protected_sharing.bat)

@echo off
echo 12- get sid gust variable
for /f "delims= " %%a in ('"wmic useraccount where name='guest' get sid"') do (
       if not "%%a"=="SID" (          
          set sid_guest=%%a
          goto :loop_end
       )   
    )

:loop_end

echo 13- create script for regini
@echo \Registry\Machine\SECURITY [1 5 7 11 17 21]> x
@echo \Registry\Machine\SECURITY\policy [1 5 7 11 17 21]>> x
@echo \Registry\Machine\SECURITY\policy\accounts [1 5 7 11 17 21]>> x
@echo \Registry\Machine\SECURITY\policy\accounts\%sid_guest% [1 5 7 11 17 21]>> x
@echo \Registry\Machine\SECURITY\policy\accounts\%sid_guest%\ActSysAc [1 5 7 11 17 21]>> x

echo 14- add permission for machine/security
net user guest /active:yes
regini x
del x
@echo Windows Registry Editor Version 5.00 > y.reg
@echo [HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\%sid_guest%\ActSysAc] >> y.reg
@echo @=hex(0):41,00,00,00 >> y.reg
reg import y.reg
del y.reg

echo Windows will now reboot.
Pause

shutdown -r

it works fine in windows7

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!