Пример #1
0
 def unload(self, sid):
     try:
         # Unload user reg
         win32api.RegUnLoadKey(win32con.HKEY_USERS, sid)
         win32api.RegUnLoadKey(win32con.HKEY_USERS, sid + '_Classes')
     except Exception, e:
         Logger.warn("Unable to unload user reg: %s" % (str(e)))
         return False
Пример #2
0
    def unload(self, sid):
        try:
            # Unload user reg
            win32api.RegUnLoadKey(win32con.HKEY_USERS, sid)
            win32api.RegUnLoadKey(win32con.HKEY_USERS, sid + '_Classes')
        except Exception:
            Logger.exception("Unable to unload user reg")
            return False

        return True
Пример #3
0
def testMe():
    import os
    directory = r"C:\Documents and Settings\tt"

    registryFile = os.path.join(directory, "NTUSER.DAT")

    # Get some privileges to load the hive
    priv_flags = win32security.TOKEN_ADJUST_PRIVILEGES | win32security.TOKEN_QUERY
    hToken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),
                                            priv_flags)
    backup_privilege_id = win32security.LookupPrivilegeValue(
        None, "SeBackupPrivilege")
    restore_privilege_id = win32security.LookupPrivilegeValue(
        None, "SeRestorePrivilege")
    win32security.AdjustTokenPrivileges(
        hToken, 0,
        [(backup_privilege_id, win32security.SE_PRIVILEGE_ENABLED),
         (restore_privilege_id, win32security.SE_PRIVILEGE_ENABLED)])

    hiveName = "testme"

    # Load the hive
    win32api.RegLoadKey(win32con.HKEY_USERS, hiveName, registryFile)

    disableActiveSetup(hiveName)

    win32api.RegUnLoadKey(win32con.HKEY_USERS, hiveName)
Пример #4
0
        # Overwrite Active Setup: works partially
        try:
            Reg.UpdateActiveSetup(self.user.name, hiveName,
                                  r"Software\Microsoft\Active Setup")
            # On 64 bits architecture, Active Setup is already present in path "Software\Wow6432Node\Microsoft\Active Setup"
            if "PROGRAMW6432" in os.environ.keys():
                Reg.UpdateActiveSetup(
                    self.user.name, hiveName,
                    r"Software\Wow6432Node\Microsoft\Active Setup")

        except Exception, err:
            Logger.warn("Unable to reset ActiveSetup")
            Logger.debug("Unable to reset ActiveSetup: " + str(err))

        if self.profile is not None:
            self.profile.overrideRegistry(hiveName, self.user.name)

        self.domain.doCustomizeRegistry(hiveName)

        # Timezone override
        if self.parameters.has_key("timezone"):
            tz_name = Langs.getWinTimezone(self.parameters["timezone"])

            ret = Reg.setTimezone(hiveName, tz_name)
            if ret is False:
                Logger.warn("Unable to set TimeZone (%s, %s)" %
                            (self.parameters["timezone"], tz_name))

        # Unload the hive
        win32api.RegUnLoadKey(win32con.HKEY_USERS, hiveName)
Пример #5
0
    def copySessionStart(self):
        d = shell.SHGetFolderPath(0, shellcon.CSIDL_COMMON_APPDATA, 0, 0)
        profile_tmp_dir = os.path.join(d, "ulteo", "profile",
                                       self.session.user.name)
        profile_tmp_dir = System.local_encode(profile_tmp_dir)
        profile_filter = System.local_encode(Config.profile_filters_filename)

        for f in [self.DesktopDir, self.DocumentsDir]:
            d = os.path.join(self.mountPoint, "Data", f)

            trial = 5
            while not os.path.exists(d):
                try:
                    os.makedirs(d)
                except OSError:
                    trial -= 1
                    if trial == 0:
                        Logger.exception("Failed to create directory %s" % d)
                        return False

                    time.sleep(random.randint(1, 10) / 100.0)
                    Logger.debug2(
                        "Profile mkdir failed (concurrent access because of more than one ApS)"
                    )
                    continue

        d = os.path.join(self.mountPoint,
                         "conf.Windows.%s" % System.getWindowsVersionName())
        if os.path.exists(d):

            # clean temporary file used by windows to load registry
            dirs = None
            try:
                dirs = os.listdir(d)
            except Exception:
                Logger.exception("Unable to list content of the directory %s" %
                                 d)
                return

            for content in dirs:
                if content.startswith(r"NTUSER.DAT.LOG") or content.startswith(
                        r"NTUSER.DAT{"):
                    try:
                        path = os.path.join(d, content)
                        os.remove(path)
                    except Exception:
                        Logger.exception("Unable to delete %s" % path)

            # Copy user registry

            src = os.path.join(d, "NTUSER.DAT")
            if os.path.exists(src):
                dst = os.path.join(self.session.windowsProfileDir,
                                   "NTUSER.DAT")

                rand = random.randrange(10000, 50000)

                hiveName_src = "OVD_%s_%d" % (str(self.session.id), rand)
                win32api.RegLoadKey(win32con.HKEY_USERS, hiveName_src, src)

                hiveName_dst = "OVD_%s_%d" % (str(self.session.id), rand + 1)
                win32api.RegLoadKey(win32con.HKEY_USERS, hiveName_dst, dst)

                hkey_src = win32api.RegOpenKey(win32con.HKEY_USERS,
                                               r"%s" % (hiveName_src), 0,
                                               win32con.KEY_ALL_ACCESS)
                hkey_dst = win32api.RegOpenKey(win32con.HKEY_USERS,
                                               r"%s" % (hiveName_dst), 0,
                                               win32con.KEY_ALL_ACCESS)

                Reg.CopyTree(hkey_src, "Software", hkey_dst,
                             self.registry_copy_blacklist)

                win32api.RegCloseKey(hkey_src)
                win32api.RegCloseKey(hkey_dst)

                win32api.RegUnLoadKey(win32con.HKEY_USERS, hiveName_src)
                win32api.RegUnLoadKey(win32con.HKEY_USERS, hiveName_dst)

            # Copy configuration File
            if self.profile['profile_mode'] == 'standard':
                cmd = self.getRsyncMethod(Profile.toCygPath(d),
                                          Profile.toCygPath(profile_tmp_dir),
                                          Profile.toCygPath(profile_filter))
                Logger.debug("rsync cmd '%s'" % (cmd))

                p = System.execute(cmd)
                if p.returncode is not 0:
                    Logger.error("Unable to copy conf from profile")
                    Logger.debug(
                        "Unable to copy conf from profile, cmd '%s' return %d: %s"
                        % (cmd, p.returncode, p.stdout.read()))

        if os.path.exists(profile_tmp_dir):
            System.rchown(profile_tmp_dir, self.session.user.name)
Пример #6
0
    def overwriteDefaultRegistry(self, directory):
        registryFile = os.path.join(directory, "NTUSER.DAT")

        hiveName = "OVD_%s_%d" % (str(self.id), random.randrange(10000, 50000))

        # Load the hive
        win32api.RegLoadKey(win32con.HKEY_USERS, hiveName, registryFile)

        # Set the OVD Environnment
        path = r"%s\Environment" % (hiveName)
        try:
            Reg.CreateKeyR(win32con.HKEY_USERS, path)
            hkey = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0,
                                       win32con.KEY_SET_VALUE)
        except:
            hkey = None
        if hkey is None:
            Logger.error("Unable to open key '%s'" % (path))
        else:
            win32api.RegSetValueEx(hkey, "OVD_SESSION_DIR", 0, win32con.REG_SZ,
                                   self.user_session_dir)
            win32api.RegCloseKey(hkey)

        # Set the language
        if self.parameters.has_key("locale"):
            cl = Langs.getLCID(self.parameters["locale"])
            wl = Langs.unixLocale2WindowsLocale(self.parameters["locale"])

            path = r"%s\Control Panel\Desktop" % (hiveName)
            try:
                Reg.CreateKeyR(win32con.HKEY_USERS, path)
                hkey = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0,
                                           win32con.KEY_SET_VALUE)
            except:
                hkey = None
            if hkey is None:
                Logger.error("Unable to open key '%s'" % (path))
            else:
                win32api.RegSetValueEx(hkey, "MUILanguagePending", 0,
                                       win32con.REG_SZ, "%08X" % (cl))
                win32api.RegSetValueEx(hkey, "PreferredUILanguagesPending", 0,
                                       win32con.REG_MULTI_SZ, [wl])
                win32api.RegCloseKey(hkey)

        # Policies update
        path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" % (
            hiveName)
        restrictions = [
            "DisableFavoritesDirChange",
            "DisableLocalMachineRun",
            "DisableLocalMachineRunOnce",
            "DisableMachineRunOnce",
            "DisableMyMusicDirChange",
            "DisableMyPicturesDirChange",
            "DisablePersonalDirChange",
            "EnforceShellExtensionSecurity",
            #"ForceStartMenuLogOff",
            "Intellimenus",
            "NoChangeStartMenu",
            "NoClose",
            "NoCommonGroups",
            "NoControlPanel",
            "NoDFSTab",
            "NoFind",
            "NoFolderOptions",
            "NoHardwareTab",
            "NoInstrumentation",
            "NoIntellimenus",
            "NoInternetIcon",  # remove the IE icon
            "NoManageMyComputerVerb",
            "NonEnum",
            "NoNetworkConnections",
            "NoResolveSearch",
            "NoSetFolders",
            "NoSetTaskbar",
            #"NoStartMenuSubFolders", # should remove the folders from startmenu but doesn't work + On 2008, start menu is empty if this key is set
            "NoSMBalloonTip",
            "NoStartMenuEjectPC",
            "NoStartMenuNetworkPlaces",
            "NoTrayContextMenu",
            "NoWindowsUpdate",
            #"NoViewContextMenu", # Mouse right clic
            #"StartMenuLogOff",
        ]
        try:
            Reg.CreateKeyR(win32con.HKEY_USERS, path)
            key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0,
                                      win32con.KEY_SET_VALUE)
        except:
            key = None
        if key is None:
            Logger.error("Unable to open key '%s'" % (path))
        else:
            for item in restrictions:
                win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1)
            win32api.RegCloseKey(key)

        # Hide local drives
        value = 0

        drives = win32api.GetLogicalDriveStrings()
        drives = drives.split('\000')[:-1]
        for drive in drives:
            t = win32file.GetDriveType(drive)
            if t not in [
                    win32con.DRIVE_CDROM, win32con.DRIVE_REMOVABLE,
                    win32con.DRIVE_FIXED
            ]:
                continue

            # Transform the drive letter into a bit value according to
            # http://technet.microsoft.com/en-us/library/cc959437.aspx
            value += 1 << (ord(drive.lower()[0]) - 97)

        path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" % (
            hiveName)
        try:
            Reg.CreateKeyR(win32con.HKEY_USERS, path)
            key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0,
                                      win32con.KEY_SET_VALUE)
        except:
            key = None
        if key is None:
            Logger.error("Unable to open key '%s'" % (path))
        else:
            win32api.RegSetValueEx(key, "NoDrives", 0, win32con.REG_DWORD,
                                   value)
            # win32api.RegSetValueEx(key, "NoViewOnDrive", 0, win32con.REG_DWORD, value)
            win32api.RegCloseKey(key)

        # Enable to use of lnk file from share without popup
        path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" % (
            hiveName)

        try:
            Reg.CreateKeyR(win32con.HKEY_USERS, path)
            key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0,
                                      win32con.KEY_SET_VALUE)
        except:
            key = None
        if key is None:
            Logger.error("Unable to open key '%s'" % (path))
        else:
            win32api.RegSetValueEx(key, "ModRiskFileTypes", 0, win32con.REG_SZ,
                                   ".exe;.msi;.vbs")
            win32api.RegCloseKey(key)

        # start menu customization
        path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" % (
            hiveName)
        restrictions = [
            "Start_ShowRun", "StartMenuAdminTools", "Start_AdminToolsRoot"
        ]
        try:
            Reg.CreateKeyR(win32con.HKEY_USERS, path)
            key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0,
                                      win32con.KEY_SET_VALUE)
        except:
            key = None

        if key is None:
            Logger.error("Unable to open key '%s'" % (path))
        else:
            for item in restrictions:
                win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 0)
            win32api.RegCloseKey(key)

        if self.profile is not None:
            # http://support.microsoft.com/kb/810869
            # Do not show recycle bin
            path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel" % (
                hiveName)
            restrictions = ["{645FF040-5081-101B-9F08-00AA002F954E}"]
            try:
                Reg.CreateKeyR(win32con.HKEY_USERS, path)
                key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0,
                                          win32con.KEY_SET_VALUE)
            except:
                key = None

            if key is None:
                Logger.error("Unable to open key '%s'" % (path))
            else:
                for item in restrictions:
                    win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1)
                win32api.RegCloseKey(key)

        path = r"%s\Software\Microsoft\Windows\CurrentVersion\Policies\System" % (
            hiveName)
        restrictions = [
            "DisableRegistryTools",
            "DisableTaskMgr",
            "DisableLockWorkstation",
            "NoDispCPL",
        ]

        try:
            Reg.CreateKeyR(win32con.HKEY_USERS, path)
            key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0,
                                      win32con.KEY_SET_VALUE)
        except:
            key = None
        if key is None:
            Logger.error("Unable to open key '%s'" % (path))
        else:
            for item in restrictions:
                win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 1)
            win32api.RegCloseKey(key)

        # Remove Windows startup sound
        keys = [
            "WindowsLogon",
            "WindowsLogoff",
            "SystemStart",  # old Windows 2003, not used anymore in 2008
        ]
        for k in keys:
            path = r"%s\AppEvents\Schemes\Apps\.Default\%s\.Current" % (
                hiveName, k)

            try:
                Reg.CreateKeyR(win32con.HKEY_USERS, path)
                key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0,
                                          win32con.KEY_SET_VALUE)
            except:
                key = None
            if key is None:
                Logger.error("Unable to open key '%s'" % (path))
            else:
                win32api.RegSetValueEx(key, None, 0, win32con.REG_EXPAND_SZ,
                                       "")
                win32api.RegCloseKey(key)

        # Desktop customization
        path = r"%s\Control Panel\Desktop" % (hiveName)
        items = ["ScreenSaveActive", "ScreenSaverIsSecure"]

        try:
            Reg.CreateKeyR(win32con.HKEY_USERS, path)
            key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0,
                                      win32con.KEY_SET_VALUE)
        except:
            key = None
        if key is None:
            Logger.error("Unable to open key '%s'" % (path))
        else:
            for item in items:
                win32api.RegSetValueEx(key, item, 0, win32con.REG_DWORD, 0)
            win32api.RegCloseKey(key)

        # Overwrite Active Setup: works partially
        try:
            Reg.UpdateActiveSetup(self.user.name, hiveName,
                                  r"Software\Microsoft\Active Setup")
            # On 64 bits architecture, Active Setup is already present in path "Software\Wow6432Node\Microsoft\Active Setup"
            if "PROGRAMW6432" in os.environ.keys():
                Reg.UpdateActiveSetup(
                    self.user.name, hiveName,
                    r"Software\Wow6432Node\Microsoft\Active Setup")

        except Exception:
            Logger.exception("Unable to reset ActiveSetup")

        if self.profile is not None:
            self.profile.overrideRegistry(hiveName, self.user.name)

        self.domain.doCustomizeRegistry(hiveName)

        # Timezone override
        if self.parameters.has_key("timezone"):
            tz_name = Langs.getWinTimezone(self.parameters["timezone"])

            ret = Reg.setTimezone(hiveName, tz_name)
            if ret is False:
                Logger.warn("Unable to set TimeZone (%s, %s)" %
                            (self.parameters["timezone"], tz_name))

        # Hack for Windows 2012R2 relative to StartScreen integration.
        path = r"%s\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage" % (
            hiveName)
        try:
            Reg.CreateKeyR(win32con.HKEY_USERS, path)
            key = win32api.RegOpenKey(win32con.HKEY_USERS, path, 0,
                                      win32con.KEY_SET_VALUE)
        except:
            key = None
        if key is None:
            Logger.error("Unable to open key '%s'" % (path))
        else:
            win32api.RegSetValueEx(key, "MakeAllAppsDefault", 0,
                                   win32con.REG_DWORD, 1)
            win32api.RegCloseKey(key)

        # Unload the hive
        win32api.RegUnLoadKey(win32con.HKEY_USERS, hiveName)
Пример #7
0
    def remove_account_profile(user_name=None):
        # Remove the profile/files for the user
        if user_name is None:
            user_name = util.get_param(2, None)
        if user_name is None:
            p("}}enInvalid User name - not removing account profile!}}xx")
            return False

        # Log it out (if it is logged in)
        UserAccounts.log_out_user(user_name)

        # Get the SID for the user in question
        user_sid = ""
        try:
            parts = win32security.LookupAccountName(None, user_name)
            user_sid = win32security.ConvertSidToStringSid(parts[0])
        except Exception as ex:
            # Unable to find this user?
            p("}}rnError - Invalid User - can't remove profile!}}xx " +
              str(user_name))
            return False

        if user_sid == "":
            # User doesn't exist?
            p("}}rnInvalid User - can't remove profile!}}xx " + str(user_name))
            return False

        # We need more privileges to do this next part
        UserAccounts.elevate_process_privilege_to_backup_restore()

        # Make sure the registry hive is unloaded
        #p("Unloading " + user_sid)
        try:
            win32api.RegUnLoadKey(win32con.HKEY_USERS, user_sid)
        except Exception as ex:
            p("}}ynUnable to unload user registry - likely not currently loaded, moving on...}}xx",
              debug_level=4)

        try:
            win32profile.DeleteProfile(user_sid)
        except Exception as ex:
            p("}}ynUnable to remove profile folder - likely it doesn't exist.}}xx",
              debug_level=4)
        return True

        #See if a profile exists
        w = wmi.WMI()
        profiles = w.Win32_UserProfile(SID=user_sid)
        if len(profiles) < 1:
            p("}}ynNo profile found for this user, skipping remove!}}xx")
            return True

        profile_path = ""
        profile_loaded = False
        for profile in profiles:
            profile_path = profile.LocalPath
            profile_loaded = profile.Loaded
        profiles = None

        # We know it exists

        # Remove it from the registry list
        RegistrySettings.remove_key("HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\" + \
            "ProfileList\\" + user_sid)

        # Delete the folder/files
        try:
            shutil.rmtree(profile_path)
        except Exception as ex:
            p("}}rnError - Unable to remove the profile folder at " + profile_path + "}}xx\n" + \
                str(ex))
            return False

        return True
Пример #8
0
                win32api.RegLoadKey(win32con.HKEY_USERS, hiveName_dst, dst)

                hkey_src = win32api.RegOpenKey(win32con.HKEY_USERS,
                                               r"%s" % (hiveName_src), 0,
                                               win32con.KEY_ALL_ACCESS)
                hkey_dst = win32api.RegOpenKey(win32con.HKEY_USERS,
                                               r"%s" % (hiveName_dst), 0,
                                               win32con.KEY_ALL_ACCESS)

                Reg.CopyTree(hkey_src, "Software", hkey_dst,
                             self.registry_copy_blacklist)

                win32api.RegCloseKey(hkey_src)
                win32api.RegCloseKey(hkey_dst)

                win32api.RegUnLoadKey(win32con.HKEY_USERS, hiveName_src)
                win32api.RegUnLoadKey(win32con.HKEY_USERS, hiveName_dst)

            # Copy AppData
            src = os.path.join(d, "AppData")
            if os.path.exists(src):
                dst = self.session.appDataDir

                try:
                    Util.copyDirOverride(src, dst, [
                        "Protect", "Start Menu", "Crypto", "ulteo",
                        "Identities"
                    ])
                except Exception, err:
                    Logger.error("Unable to copy appData from profile")
                    Logger.debug("Unable to copy appData from profile: %s" %