Onde está a chave de registro RunServicesOnce

Navegue suas respostas
2

Eu tenho um aplicativo que atualiza o software na máquina local. Eu preciso que o software seja atualizado antes do logon do usuário e tenha lido que executar o aplicativo através da chave de registro RunServicesOnce é provavelmente o mais apropriado para usar com essa finalidade.

Mas não consigo encontrar essa chave usando regedit e ela não aparece no mesmo local que a chave RunOnce do HKLM em HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce .

  1. Onde esta chave está localizada? Mesmo no Windows XP \ Vista \ 7 \ 8 \ 8.1 \ 10?
  2. Como posso usá-lo, há algum parâmetro opcional?
  3. Como faço para determinar o usuário que o aplicativo é executado como? Ele é executado pelo usuário que criou a chave? Se um serviço LocalSystem criar a chave, ela será executada como LocalSystem ?
por khargoosh 29.01.2016 / 03:44

1 resposta

3

Where is the RunServicesOnce registry key

I have an application that updates software on the local machine. I need the software to be updated prior to user log on

Iniciar o programa antes do início de sessão do Windows 7

If you want it to start before the user logs on, you will have to start it as a service. Here is the startup sequence of the major registry keys, starting immediately after bootmgr has been read and ending with the program shortcut entries in the two Startup folders.

  1. HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute. This can include instructions to schedule the running of chkdsk but not user programs.
  2. Services start next, followed by the RunServicesOnce and RunServices registry keys (if present)
  3. User then logs on to the system
  4. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit. This points to the program C:\WINDOWS\system32\userinit.exe and the entry ends with a comma. Other programs can be started from this key by appending them and separating them with a comma.
  5. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell. This should contain just one entry, explorer.exe.
  6. Program entries in these 2 registry keys for ALL USERS start next: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and \RunOnce
  7. Program entries in these 2 registry keys for CURRENT USER start next: HKCU\Software\Microsoft\Windows\CurrentVersion\Run and \RunOnce
  8. Programs in the Startup Folders of All Users and Current User are started last of all.

Important programs like antivirus and firewall start early in the sequence as Services. The icons that appear in the Notification Area (bottom right of the screen) are just their user interfaces, i.e. options and preferences.

The additional location for 32-bit software in a 64-bit computer is HKLM\SOFTWARE\Wow6432Node and HKCU.

As teclas de execução e pesquisa- Encomendar

The registry is accessed even before the NT kernel is loaded, so it is very important to understand what the computer is configured to load at startup. The following list of registry keys are accessed during system start in order of their use by the different windows components:

  1. HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\BootExecute
  2. HKLM\System\CurrentControlSet\Services (start value of 0 indicates kernel drivers, which load before kernel initiation)
  3. HKLM\System\CurrentControlSet\Services (start value of 2, auto-start and 3, manual start via SCM)
  4. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  5. HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  6. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
  7. HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
  8. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
  9. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
  10. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
  11. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
  12. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
  13. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
  14. HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
  15. HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  16. HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  17. HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
  18. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  19. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  20. HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
  21. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
  22. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler (XP, NT, W2k only)
  23. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

Note: Some of these keys are also reflected under HKLM\Software\wow6432node on systems running on a 64bit architecture and with a 64bit version of Windows. I won’t be covering each of these in this post.

Execute seu serviço como a conta LocalSystem, a menos que a conta precise acessar os recursos da rede. Nesse ponto, você cria uma conta de serviço de domínio, dá acesso aos recursos aplicáveis e codifica suas credenciais para o código. serviço para executar como. Na máquina local, ele terá permissões administrativas para tudo e não precisará de nenhuma senha para a credencial de serviço.

Conta do Sistema Local

The LocalSystem account is a predefined local account used by the service control manager. This account is not recognized by the security subsystem, so you cannot specify its name in a call to the LookupAccountName function. It has extensive privileges on the local computer, and acts as the computer on the network. Its token includes the NT AUTHORITY\SYSTEM and BUILTIN\Administrators SIDs; these accounts have access to most system objects. The name of the account in all locales is .\LocalSystem. The name, LocalSystem or ComputerName\LocalSystem can also be used. This account does not have a password. If you specify the LocalSystem account in a call to the CreateService or ChangeServiceConfig function, any password information you provide is ignored.

    
por 29.01.2016 / 07:11

Tags

Utilizando apenas o teclado, inicie o CMD com privilégios elevados [duplicados] Como usar / k para impedir que um atalho de prompt de comando seja fechado?