Windows Activation of Re-Deployed Images – OEM_SLP keys – System Builder Stuff



So you want to

  1. install Windows
  2. configure it how you want, including adding users, installing and configuring software
  3. image that system C:\ drive
  4. then restore or redeploy that image on another PC.

Definition Helps:

OEM_SLP keys

OEM = Original Equipment Manufacturer, eg Dell, HP

SLP = System Locked Pre-installation

from: https://social.microsoft.com/Forums/en-US/316e1ed5-04a1-4a2b-a8e0-2e13520ec5e6/changing-oem-slp-key?forum=genuinewindows7

user=Darin Smith MS

Hi dgranata,

Computers, which are built by large manufactures that come with Windows Pre-Installed, come with two (2) Product Keys:

A) OEM SLP: This key comes pre-installed in Windows, when it comes from the Factory. This key is geared to work with the special instructions found only on that Manufacturer’s computer hardware. So when Windows was installed using the OEM SLP key (at the factory) windows looks at the motherboard and sees the special instructions and Self-Activates. (that’s why you did not need to Activate your computer after you brought it home)

B) COA SLP: This is the Product key that you see on the sticker on the side (or bottom) of your computer. It is a valid product key, but should only be used in limited situations (sush as if the OEM SLP key stops self-activating for whatever reason). The key must be activated by Phone. (Note: All manufacturers that use the OEM SLP system are required by contract to include a Certificate of Authenticity (COA) sticker, that has a COA SLP key, on the computer)

The COA SLP key is a backup to the OEM SLP key. The only difference if you change to the COA SLP key is that you would be required to Activate by Phone.

Thank you,
Darin MS

Quick answers:

C:\windows\system32\sysprep\sysprep.exe

use generalize

that puts the image in “OOBE” (Out Of Box Experience) mode.

So it loads drivers at start. And maybe otherwise diassociates from particular hardware.

But did not for me fix the OEM_SLP

From: https://www.sevenforums.com/backup-restore/400137-macrium-reflect-restore-image-different-computer-same-model-post3278700.html#post3278700

user: Cursed Lemon

What you can do is a little trick I learned.

If you didn’t know, Windows has a tool called “SysPrep” which dissociates the Windows installation with the hardware it was installed on. You can then transfer this hard drive to a brand new machine, and Windows boots up as if it’s being used for the first time. It will prompt you to create a new user account, but you can log into the original/old user account you already have and delete it later.

What I’ve done is do a brand new, fresh Windows installation and installed all of the programs I like to use on it, getting everything configured the way I like. Then I use SysPrep to put the computer into “OOBE” (Out Of Box Experience) mode, which performs the aforementioned driver stripping.

After that, I pull that hard drive out of the computer and put it in an external HDD enclosure or carriage hooked up to another computer. On that computer, I use Macrium Reflect to create an image file of that SysPrep’d drive, and store that image file somewhere safe.

So now, whenever I need to install a fully-configured Windows 7 to another computer entirely, I just take the hard drive that’s going to be in that computer and use Macrium to restore that image to the hard drive, at which point I will use totally-not-unscrupulous-and-illegal methods (coughRemovecoughWATcough) to bypass the authentication software.

remove *cough* wat *cough* download.com (did not try; did not need; certificats below worked)

System Preparation Tool (Sysprep) in Microsoft Windows 10/8/7


url = http://www.thewindowsclub.com/the-system-preparation-tool-sysprep-in-microsoft-windows-7

https://msdn.microsoft.com/en-us/library/dd799240(v=ws.10).aspx

The big one:

talks about loading new certificates for the manufacturer using slimgr

Windows 7 OEM – Applying OEM System Locked Preinstallation Activation
url = http://dellwindowsreinstallationguide.com/the-activation-backup-and-recovery-program-windows-vista-7-version/

see below

This one talks about windows 8 BIOS keys :

https://forums.mydigitallife.net/threads/slic-bios-oem-slp-certs.49850/

recreate the licensing store

https://www.sevenforums.com/windows-updates-activation/242158-windows-7-build-7601-copy-windows-not-genuine-3.html

There’s still a problem somewhere – you have an error I’ve only ever seen once before.

Script execution time was exceeded on script “C:\Windows\system32\slmgr.vbs”.

I suspect that there’s some minor corruption preventing proper function….

Please first try recreating the Licensing Store.
Recreate the Licensing Store
1) Click Start button.
2) Type: CMD.exe into the ‘Search programs and files’ field
3) Right-Click on CMD.exe and select Run as Administrator
4a) Type: sc query sppsvc to see if it’s on (it probably is)
4) Type: net stop sppsvc (It may ask you if you are sure, select yes)
Note: the Software Protection service may not be running, this is ok.
5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
6) Type: rename tokens.dat tokens.bak
7) Type: cd %windir%\system32 (no need, really)
8) Type: net start sppsvc
9) Type: slui.exe software licensing UI
10) After a couple of seconds Windows Activation dialog will appear. You may be asked to re-activate and/or re-enter your product key or Activation may occur automatically.

If you are asked for your Key, use the one on the COA sticker on the machine’s case

Reboot and Post back with a new MGADiag report




The big one (quotd):

talks about loading new certificates for the manufacturer using slimgr

Windows 7 OEM – Applying OEM System Locked Preinstallation Activation
url = http://dellwindowsreinstallationguide.com/the-activation-backup-and-recovery-program-windows-vista-7-version/

[raw]

Windows 7 OEM – Applying OEM System Locked Preinstallation Activation

10 Votes

Make a Donation Button

Microsoft Code of Authencity – Windows XP OEM, Windows Vista OEM and Windows 7 OEM

For systems shipped with Windows XP, Windows Vista and Windows 7 a Code of Authenticity (COA) with a 25 digit product key was shipped affixed to the system.

Windows 7 COA

There was a change in print quality of the COA when Windows Vista was released which made the COA prone to fading. As a consequence for most Windows 7 systems the COA was Placed in the Battery Compartments of Laptops to Reduce the Problem of Fading.

Laptop COA
What is Original Equipment Manufacturer System Locked Preinstallation Activation?

Examples of Microsoft’s Major Partner Original Equipment Manufacturer (OEMs) are:

Alienware/Dell
Lenovo/IBM
HP/Compaq
ASUS
Acer
Samsung
Sony
Toshiba
MSI
Fujitsu

Microsoft Major Partner OEMs preinstalled Windows 7 on millions of machines. In order to save production time these Major OEM licenses utilised a BIOS based activation mechanism and as a consequence the key on the COA is typically not used for Windows Installation. The system BIOS of Windows 7 OEM will contain a SLIC of version 2.1.

Microsoft’s Minor OEMs are small scale OEMs that sell a low volume of machines. These licenses known as Commercial OEMs do not apply OEM System Locked Preinstallation. Motherboards with Commercial OEM Licenses will not contain a SLIC.

The conventional activation mechanism (using the key on the COA) would have required the OEM to input a unique 25 digit product key and call Microsoft for every single machine they made… For Windows 7 OEM installation the 25 Digit Product Key on the COA is hence typically unused. Instead OEM System Locked Preinstallation is applied:

Instead of using this unique 25 digit product key on the COA for installation an OEM System Locked Preinstallation (SLP) Key is input by Dell Branded Reinstallation Media.
In essence the System Locked Preinstallation (SLP) Key must match up to the System License Internal Code (SLIC) incorporated in the systems BIOS for System Locked Preinstallation (which is automatic offline Product Activation) to be applied.
This means you can still use OEM SLP to activate Windows 7 OEM even if your COA has Faded.
Windows 7 Pro OEM SLP can also be used for Downgrade Rights from Windows 10 Pro or Windows 8.1 Pro.

SLIC Version:

Version 2.1 – Eligible for Windows 7 OEM System Locked Preinstallation
Version 2.0 – Eligible for Windows Vista OEM System Locked Preinstallation
Version 1.0 – Eligible for Windows XP OEM System Locked Preinstallation

This means that one may Clean Install Windows 7 OEM on systems that have faded COAs:

It also means one may exhibit Downgrade Rights to Windows 7 Pro without a Windows 7 Pro Product Key:

win10Pro Win8Pro

A SLIC version of 2.1 is required for Windows 7 OEM SLP. To determine your SLIC launch RW-Everything and select Access → ACPI Tables:

rw1

Select the SLIC Tab:

slic

Scroll down until you get the SLIC Marker Structure. You are interested in 2 fields:

OEM ID
SLIC Version

In this case the OEM is Dell and the SLIC Version is 2.1.

The example I used was from a Dell Latitude 7350 shipped with Windows 8.1 Pro. It doesn’t have a Windows 7 Pro COA but is eligible to run Windows 7 Pro using OEM Downgrade Rights.
An Inspiron 7347 shipped with Windows 8.1 (Home) and hence doesn’t have any OEM downgrade rights. It has no SLIC tab and hence Windows 7 cannot be activated by use of OEM SLP.

Systems sold with Windows Vista OEM in the period of 6 months before the release of Windows 7 may have an SMBIOS of 2.5 with an original SLIC version of 2.0. The latest BIOS update won’t change the SMBIOS which will remain at 2.5 however it may update the SLIC version to 2.1.

The OptiPlex 760 for example has a SLIC version of 2.1 with its latest BIOS Update so the Free Upgrade to Windows 7 may be taken (documented in detail here) but the OptiPlex 755 was sold just a wee bit earlier and retains a SLIC version of 2.0 even with its latest BIOS Update.
I have listed the latest BIOS Update for systems with an SMBIOS of 2.5 here (please comment to let me know what SLIC version your system has with its latest BIOS update as it may help others).

Note RWEverything doesn’t state the Edition of Windows 7 to be installed. In testing the SLIC seems not to be Edition specific. To be licensed correctly you should match the Edition on the Windows Vista/Windows 7 COA.
System Locked Preinstallation Key and Product ID List

One can check the Product ID and Activation status in system (go to Start, Right Click Computer and Select Properties). If it contains OEM-899 (Windows 7) or OEM-733 (Windows Vista) then it is activated using OEM-SLP:

windowsactivated

The SLP keys and Product IDs are generic every single Dell system shipped with Windows 7 Pro OEM will have the Product Key 00371-OEM-8992671-00524. The SLP key associated with this is 32KD2-K9CTF-M3DJT-4J3WC-733WD. This Product Key can only be used for OEM SLP and cannot be used for conventional activation.

If Windows 7 has been activated by the 25 Digit Product Key on the COA the Product ID will contain OEM but not 899. One should verify whether a SLIC exists in the system BIOS or not.
Installation Media

Major OEM Installation Media e.g. a Dell Windows 7 Reinstallation DVD will automatically Apply OEM SLP Activation without asking for a Product Key.

Windows 7 Retail Installation Media and Windows 7 Commercial (Minor) OEM Installation Media won’t automatically apply OEM SLP Activation and instead ask for a Product Key.

Unfortunately Major OEM Installation Media was not Downloadable while Windows 7 Retail Installation Media and Windows 7 Commercial OEM Installation is Made Readily Available to Download.

OEM customers are hence forced to Download the Retail Installation Media or Commercial OEM Installation Media, Install Windows 7 by Skipping Input of their Product Key and Manually Apply OEM SLP.

If the EI.cfg file is deleted from the sources folder of your Bootable USB you will get the option to install all the Editions of Windows 7 present on the .iso if not you will automatically install the Edition the EI.cfg file is locked to:

1

Accept the license agreement:

2

Uncheck “Automatically Activate when I’m online”. Select skip:

3

This will install Windows 7 without a Product Key allowing a 30 day trial.

One can check the Product ID and Activation status in system (go to Start, Right Click Computer and Select Properties). They should see that Windows 7 is not activated.

vlcsnap-2017-02-28-22h55m40s706
OEM Cert Collection

To activate using OEM SLP download the OEM cert collection:

http://en.community.dell.com/support-forums/software-os/m/microsoft_os/20443565

4

Select save:

5

Right click to Extract the Folder:

6

Select Extract:

7

Open the extracted folder:

8

Select your OEM:

9

Select your Edition of Windows 7:

10

Copy the OEM folder:

11

Ensure the OEM folder is placed directly on your C:\ Drive:

12

Right click the slp.bat and select Run as Administrator: 13

Accept the UAC prompt:

14

Press OK:

15

Press Ok again:

16

Press any key to continue (this will close the command prompt):

17

One can check the Product ID and Activation status in system (go to Start, Right Click Computer and Select Properties). Windows 7 should be activated using OEM SLP:

WAT Windows Activation Techonology Checker Windows Update KB971033

research about how it works what it does. It searches for exploits: http://www.zdnet.com/article/windows-activation-technologies-an-unauthorized-inside-look/

how to manually uninstall: http://islandflyer.podbean.com/e/uninstall-windows-7-activation-update-kb971033-and-reactivate/

Easy keys to “Run as Administrator” from start orb–Windows 7



More common way to start a program as administrator from the Windows 7 Start Menu/Orb is to

  1. click the start orb
  2. type the search text ie part of the command or program you want to start
  3. when you see it found in the list at the top,
  4. RIGHT-click on it and choose ‘Run as administrator’

Mostly mouse.

If you want a way to do it by keys, it’s similar but uses keys strokes on the keyboard (see also image below):

  1. type CTRL+ESC
    • this brings up the start orb via keys on the keyboard; equivalent to clicking on the start orb
  2. type the search text ie part of the command or program you want to start
  3. when you see it found in the list at the top,
  4. type CTRL+SHIFT+ENTER
    • this will start the program as Administrator, usually prompting you for approval (if UAC is on)

Here’s what it actually looks like.

I hope this tip speeds you through your work day.

References:

windows welcome login/logon screen hacks/tweaks



How to bypass windows logon / welcome screen and log on automatically

Often having just 1 user who has no password will do it.

Otherwise,

netplwiz.exe

First (must be done first), select the user who you want to log in automatically.
Then, uncheck the Users must enter a user name and password to use this computer box.

reference: http://www.sevenforums.com/tutorials/377-log-automatically-startup.html


How to hide all accounts but one but require a password for that account (if the account has one)

create the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\.DEFAULT with nothing in it.

Apparently that displays just the most recent user and “Other Users” (did not try it 4/9/2016)

References:

  • http://www.sevenforums.com/tutorials/182279-logon-screen-fix-showing-only-other-user-last-logged-user.html
    RIPPED TORN comment: http://www.sevenforums.com/2111856-post14.html
    hhaddow990 commet: http://www.sevenforums.com/1738383-post5.html
  • http://answers.microsoft.com/en-us/windows/forum/windows_7-desktop/recent-windows-7-update-change-welcome-screen-not/9539d070-2bac-4144-8dfc-0632aedb8f2b

How to Temporarily Bypass Automatic Logon at Startup and force the windows welcome logon screen to appear (IE, UNDO the above)

Let BIOS complete (or else you might get a “Stuck Key” error)

At the first windows screen (after BIOS done) hold down Shift key until you see the welcome log on screen.

You might want to change the logon background wallpaper image (below) to instruct users about the SHFIT key.

This does NOT display hidden accounts (“SpecialAccounts“).


Hide user from welcome screen (et al)

Put in SpecialAccounts list in registry and set it’s value to 0 (hidden; 1=unhide)

(Note: the ‘NT’ in WindowsNT in this reg key, not the regular ‘Windows’ without the ‘NT’)
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList\USERNAME 0 to hide; 1 to unhide

(Note: SpecialAccounts\UserList levels do not usually exist)

Warning: This disables the account in other ways. No way to log in to it temporarily from the login screen without changing the registry back frist. Ie the only way you can use it as a backup account in case your regular account gets corrupted, is to set LocalAccountTokenFilterPolicy to 1 (it’s default 0 or missing) and use sysinternals PsTools/psexec to log into it remotely. Command line only.

Reference: https://social.technet.microsoft.com/Forums/windows/en-US/16378967-8a39-4aef-85e4-d859a71648d3/hide-user-accounts-on-windows-7-logon?forum=w7itproui

X:\a_no_backup\dl\M_M\usb_drive_copy\tech\windows\batch_files\hide_user_frome_welcome_screen.bat.txt


Use Hidden account–Shift click run as

To get a prompt that includes a username and password field from within Windows 7 — even in a Standard (non-Administrator) account follow these steps.

  1. While holding down the Shift key, right-click the program you want to run.
  2. Select “Run as a different user.”
  3. Type the username and password of the hidden account.

Note: this does NOT work for disabled user accounts, like the built-in Administrator account.

This DOES work for hidden (but still enabled) user accounts.

BUT this did not work for me 4/9/2016 from a user account that has no password (the dest acct does have a password)

The following did work:

runas /user:USERNAME "C:\Windows\system32\notepad.exe"

Reference: http://www.sevenforums.com/general-discussion/32109-logging-hidden-administrator-account.html
Reference: http://www.sevenforums.com/tutorials/419-run-different-user.html


“Classic” logon screen where you have to type user AND password

Local Security Policy secpol.msc or gpedit.msc

Local Group Policy editor gpedit.msc

  • Local Computer Policy
    • Computer Configuration
      • Windows Settings
        • Security Settings
          • Local policies
            • Security Options
              • Interactive Logon: Do not display last username : Enabled means classic login; Disabled (or not defined? means classic windows 7 user buttons)

Local Security Policy secpol.msc

  • Security Settings
    • Local policies
      • Security Options
        • Interactive Logon: Do not display last username : Enabled means classic login; Disabled (or not defined? means classic windows 7 user buttons)

Or,

regedit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\dontdisplaylastusername set to 1

Reference: http://www.sevenforums.com/tutorials/61650-log-user-name-password.html


change windows logon background image

This is not the desktop background wallpaper. It’s only seen during login/logout. It is a similar blue image with swooshes by default in Windows 7. But not the same. The login/out image does not have the MS logo in the middle, eg.

You might use this to instruct to hold SHIFT while logging on (see above).

I found the default login/out background 2 places. Only in winxsx folders–weird, I think:

C:\Windows\winsxs\amd64_setup-uxwizard-clientimages_31bf3856ad364e35_6.1.7600.16385_none_a4cc3ba14850df9e\background.bmp

C:\Windows\winsxs\x86_setup-uxwizard-clientimages_31bf3856ad364e35_6.1.7600.16385_none_48ada01d8ff36e68\background.bmp

Either

  1. regedit

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Background\OEMBackground 1

    (might not exist; just create it)

    or

  2. gpedit.msc -> Computer Configuration\Administrative Templates\System\Logon

    “Always use custom login background.”
    set to “Enabled”

    Put image here:
    C:\Windows\System32\oobe\info\backgrounds\backgroundDefault.jpg

    must be that exact filename. There are some variations on names using image size numbers I found online.

    oobe folder might not exist; just create it. oobe stands for “Out of Box Experience” ie first time you start up a new Windows PC.

    Reference: https://www.howtogeek.com/112110/how-to-set-a-custom-logon-screen-background-on-windows-7/

    Reference: https://www.sevenforums.com/tutorials/5382-log-screen-change.html

Can i still make an image copy of my system drive if i have bad sectors?

YES

with Macrium Reflect, my favorite disk imaging program. (I pay for it, cuz the free ones are too risky / unsupported, and it’s too important to risk.)

First, you should run chkdsk, perhaps 2 or even 3 times. This can take an hour or more to run. This may mask bad sectors so Macrium Reflect can finish.

Note it would be helpful after restoring to a new drive to run chkdsk /b to re-evaluate those bad sectors, cuz on the new disk, there are none (or at least fewer, we hope, but certainly different ones).

If chkdsk doesnt fix ’em, there is an option in Advanced called “Ignore bad sectors when creating images”

Reflect_defaults


 

Reference: v5: Imaging disks with bad sectors in the Macrium Reflect KnowledgeBase

 

Canonical Names of Control Panel Items



I want to have a copy of this in my blog, close at hand

Quote of Canonical Names of Control Panel Items

Canonical Names of Control Panel Items

As of Windows Vista, Control Panel items included with Windows are given a canonical name that can be used in an API call or a command-line instruction to programmatically launch that item. As of Windows 7 and Windows Server 2008 R2, canonical names can be used in a group policy to hide specific Control Panel items. This topic provides details for each Control Panel item: canonical name, GUID, module name, and the operating system versions that recognize the canonical name.

Note Canonical names for Control Panel items are not supported prior to Windows Vista.
on this page on original ms page
Control Panel Canonical Names Control Panel Canonical Names
Deprecated Control Panel Canonical Names Deprecated Control Panel Canonical Names
Using Canonical Names in Group Policy Using Canonical Names in Group Policy
Remarks Remarks

Control Panel Canonical Names

Points to remember when working with these values:

  • By definition, canonical names do not change based on the system language; they’re always in English, even if the system’s language is not.
  • Not all Control Panel items are present in all varieties of Windows.
  • Some Control Panel items only appear if the right hardware is detected on the system.
  • Third parties can also add Control Panel items. The canonical names listed here are only for Control Panel items that are included with Windows.

The following are the Control Panel items available in Windows 8.1:

On this page on original ms page
Action Center Action Center
Administrative Tools Administrative Tools
AutoPlay AutoPlay
Biometric Devices Biometric Devices
BitLocker Drive Encryption BitLocker Drive Encryption
Color Management Color Management
Credential Manager Credential Manager
Date and Time Date and Time
Default Programs Default Programs
Device Manager Device Manager
Devices and Printers Devices and Printers
Display Display
Ease of Access Center Ease of Access Center
Family Safety Family Safety
File History File History
Folder Options Folder Options
Fonts Fonts
HomeGroup HomeGroup
Indexing Options Indexing Options
Infrared Infrared
Internet Options Internet Options
iSCSI Initiator iSCSI Initiator
iSNS Server iSNS Server
Keyboard Keyboard
Language Language
Location Settings Location Settings
Mouse Mouse
MPIOConfiguration MPIOConfiguration
Network and Sharing Center Network and Sharing Center
Notification Area Icons Notification Area Icons
Pen and Touch Pen and Touch
Personalization Personalization
Phone and Modem Phone and Modem
Power Options Power Options
Programs and Features Programs and Features
Recovery Recovery
Region Region
RemoteApp and Desktop Connections RemoteApp and Desktop Connections
Sound Sound
Speech Recognition Speech Recognition
Storage Spaces Storage Spaces
Sync Center Sync Center
System System
Tablet PC Settings Tablet PC Settings
Taskbar and Navigation Taskbar and Navigation
Troubleshooting Troubleshooting
TSAppInstall TSAppInstall
User Accounts User Accounts
Windows Anytime Upgrade Windows Anytime Upgrade
Windows Defender Windows Defender
Windows Firewall Windows Firewall
Windows Mobility Center Windows Mobility Center
Windows To Go Windows To Go
Windows Update Windows Update
Work Folders Work Folders

Action Center

  • Canonical name: Microsoft.ActionCenter
  • GUID: {BB64F8A7-BEE7-4E1A-AB8D-7D8273F7FDB6}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\ActionCenterCPL.dll,-1
  • Pages
    Page Name Opens
    MaintenanceSettings Automatic Maintenance
    pageProblems Problem Reports
    pageReliabilityView Reliability Monitor
    pageResponseArchive Archived Messages
    pageSettings Problem Reporting Settings

     

Administrative Tools

  • Canonical name: Microsoft.AdministrativeTools
  • GUID: {D20EA4E1-3957-11d2-A40B-0C5020524153}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\system32\shell32.dll,-22982

AutoPlay

  • Canonical name: Microsoft.AutoPlay
  • GUID: {9C60DE1E-E5FC-40f4-A487-460851A8D915}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\autoplay.dll,-1

Biometric Devices

  • Canonical name: Microsoft.BiometricDevices
  • GUID: {0142e4d0-fb7a-11dc-ba4a-000ffe7ab428}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\biocpl.dll,-1

BitLocker Drive Encryption

  • Canonical name: Microsoft.BitLockerDriveEncryption
  • GUID: {D9EF8727-CAC2-4e60-809E-86F80A666C91}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\fvecpl.dll,-1

Color Management

  • Canonical name: Microsoft.ColorManagement
  • GUID: {B2C761C6-29BC-4f19-9251-E6195265BAF1}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%systemroot%\system32\colorcpl.exe,-6

Credential Manager

  • Canonical name: Microsoft.CredentialManager
  • GUID: {1206F5F1-0569-412C-8FEC-3204630DFB70}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\system32\Vault.dll,-1
  • Pages
    Page Name Opens
    ?SelectedVault=CredmanVault Windows Credentials

     

Date and Time

  • Canonical name: Microsoft.DateAndTime
  • GUID: {E2E7934B-DCE5-43C4-9576-7FE4F75E7480}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\timedate.cpl,-51
  • Pages
    Page Name Opens
    1 Additional Clocks

     

Default Programs

  • Canonical name: Microsoft.DefaultPrograms
  • GUID: {17cd9488-1228-4b2f-88ce-4298e93e0966}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\sud.dll,-1
  • Pages
    Page Name Opens
    pageDefaultProgram Set Default Programs
    pageFileAssoc Set Associations

     

Device Manager

  • Canonical name: Microsoft.DeviceManager
  • GUID: {74246bfc-4c96-11d0-abef-0020af6b0b7a}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\devmgr.dll,-4

Devices and Printers

  • Canonical name: Microsoft.DevicesAndPrinters
  • GUID: {A8A91A66-3A7D-4424-8D24-04E180695C7A}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%systemroot%\system32\DeviceCenter.dll,-1000

Display

  • Canonical name: Microsoft.Display
  • GUID: {C555438B-3C23-4769-A71F-B6D3D9B6053A}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\Display.dll,-1
  • Pages
    Page Name Opens
    Settings Screen Resolution

     

Ease of Access Center

  • Canonical name: Microsoft.EaseOfAccessCenter
  • GUID: {D555645E-D4F8-4c29-A827-D93C859C4F2A}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\accessibilitycpl.dll,-10
  • Pages
    Page Name Opens
    pageEasierToClick Make the mouse easier to use
    pageEasierToSee Make the computer easier to see
    pageEasierWithSounds Use text or visual alternatives for sounds
    pageFilterKeysSettings Set up Filter Keys
    pageKeyboardEasierToUse Make the keyboard easier to use
    pageNoMouseOrKeyboard Use the computer without a mouse or keyboard
    pageNoVisual Use the computer without a display
    pageQuestionsCognitive Get recommendations to make your computer easier to use (cognitive)
    pageQuestionsEyesight Get recommendations to make your computer easier to use (eyesight)

     

Family Safety

  • Canonical name: Microsoft.ParentalControls
  • GUID: {96AE8D84-A250-4520-95A5-A47A7E3C548B}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\wpccpl.dll,-100
  • Pages
    Page Name Opens
    pageUserHub Choose a user and set up Family Safety

     

File History

  • Canonical name: Microsoft.FileHistory
  • GUID: {F6B6E965-E9B2-444B-9286-10C9152EDBC5}
  • Supported OS: Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\fhcpl.dll,-52
  • File History includes a newer version of the Backup and Restore item, but that older item’s canonical name does not remap to File History.

Folder Options

  • Canonical name: Microsoft.FolderOptions
  • GUID: {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\system32\shell32.dll,-22985

Fonts

  • Canonical name: Microsoft.Fonts
  • GUID: {93412589-74D4-4E4E-AD0E-E0CB621440FD}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\FontExt.dll,-8007

HomeGroup

  • Canonical name: Microsoft.HomeGroup
  • GUID: {67CA7650-96E6-4FDD-BB43-A8E774F73A57}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\hgcpl.dll,-1

Indexing Options

  • Canonical name: Microsoft.IndexingOptions
  • GUID: {87D66A43-7B11-4A28-9811-C86EE395ACF7}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\srchadmin.dll,-601

Infrared

  • Canonical name: Microsoft.Infrared
  • GUID: {A0275511-0E86-4ECA-97C2-ECD8F1221D08}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\irprops.cpl,-1

Internet Options

  • Canonical name: Microsoft.InternetOptions
  • GUID: {A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @C:\Windows\System32\inetcpl.cpl,-4312
  • Pages
    Page Name Opens
    1 Security
    2 Privacy
    3 Content
    4 Connections
    5 Programs
    6 Advanced

     

iSCSI Initiator

  • Canonical name: Microsoft.iSCSIInitiator
  • GUID: {A304259D-52B8-4526-8B1A-A1D6CECC8243}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\iscsicpl.dll,-5001

iSNS Server

  • Canonical name: Microsoft.iSNSServer
  • GUID: {0D2A3442-5181-4E3A-9BD4-83BD10AF3D76}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\isnssrv.dll,-5005
  • This Control Panel item will be seen only in server versions of Windows.

Keyboard

  • Canonical name: Microsoft.Keyboard
  • GUID: {725BE8F7-668E-4C7B-8F90-46BDB0936430}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\main.cpl,-102

Language

  • Canonical name: Microsoft.Language
  • GUID: {BF782CC9-5A52-4A17-806C-2A894FFEEAC5}
  • Supported OS: Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\UserLanguagesCpl.dll,-1

Location Settings

  • Canonical name: Microsoft.LocationSettings
  • GUID: {E9950154-C418-419e-A90A-20C5287AE24B}
  • Supported OS: Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\SensorsCpl.dll,-1

Mouse

  • Canonical name: Microsoft.Mouse
  • GUID: {6C8EEC18-8D75-41B2-A177-8831D59D2D50}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\main.cpl,-100
  • Pages
    Page Name Opens
    1 Pointers
    2 Pointer Options
    3 Wheel
    4 Hardware

     

MPIOConfiguration

  • Canonical name: Microsoft.MPIOConfiguration
  • GUID: {AB3BE6AA-7561-4838-AB77-ACF8427DF426}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\mpiocpl.dll,-1000
  • This Control Panel item will be seen only in server versions of Windows.

Network and Sharing Center

  • Canonical name: Microsoft.NetworkAndSharingCenter
  • GUID: {8E908FC9-BECC-40f6-915B-F4CA0E70D03D}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\netcenter.dll,-1
  • Pages
    Page Name Opens
    Advanced Advanced sharing settings
    ShareMedia Media streaming options

     

Notification Area Icons

  • Canonical name: Microsoft.NotificationAreaIcons
  • GUID: {05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\taskbarcpl.dll,-1

Pen and Touch

  • Canonical name: Microsoft.PenAndTouch
  • GUID: {F82DF8F7-8B9F-442E-A48C-818EA735FF9B}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\tabletpc.cpl,-10103
  • Pages
    Page Name Opens
    1 Flicks
    2 Handwriting

     

Personalization

  • Canonical name: Microsoft.Personalization
  • GUID: {ED834ED6-4B5A-4bfe-8F11-A626DCB6A921}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\themecpl.dll,-1
  • Pages
    Page Name Opens
    pageColorization Color and Appearance
    pageWallpaper Desktop Background

     

Phone and Modem

  • Canonical name: Microsoft.PhoneAndModem
  • GUID: {40419485-C444-4567-851A-2DD7BFA1684D}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\telephon.cpl,-1
  • The window that this value launches is titled “Location Information” in versions of Windows prior to Windows 8. The item’s UI is considerably changed as of Windows 8.

Power Options

  • Canonical name: Microsoft.PowerOptions
  • GUID: {025A5937-A6BE-4686-A844-36FE4BEC8B6D}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\powercpl.dll,-1
  • Pages
    Page Name Opens
    pageGlobalSettings System Settings
    pagePlanSettings Edit Plan Settings

     

Programs and Features

  • Canonical name: Microsoft.ProgramsAndFeatures
  • GUID: {7b81be6a-ce2b-4676-a29e-eb907a5126c5}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%systemroot%\system32\appwiz.cpl,-159
  • Pages
    Page Name Opens
    ::{D450A8A1-9568-45C7-9C0E-B4F9FB4537BD} Installed Updates

     

Recovery

  • Canonical name: Microsoft.Recovery
  • GUID: {9FE63AFD-59CF-4419-9775-ABCC3849F861}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\recovery.dll,-101

Region

  • Canonical name: Microsoft.RegionAndLanguage
  • GUID: {62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\intl.cpl,-1
  • The Region and Language item found in Windows 7 was split as of Windows 8. Microsoft.RegionAndLanguage now launches the Region item. To launch the Language item, use Microsoft.Language.
  • Pages
    Page Name Opens
    1 Location
    2 Administrative

     

RemoteApp and Desktop Connections

  • Canonical name: Microsoft.RemoteAppAndDesktopConnections
  • GUID: {241D7C96-F8BF-4F85-B01F-E2B043341A4B}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\tsworkspace.dll,-15300

Sound

  • Canonical name: Microsoft.Sound
  • GUID: {F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\mmsys.cpl,-300

Speech Recognition

  • Canonical name: Microsoft.SpeechRecognition
  • GUID: {58E3C745-D971-4081-9034-86E34B30836A}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\Speech\SpeechUX\speechuxcpl.dll,-1

Storage Spaces

  • Canonical name: Microsoft.StorageSpaces
  • GUID: {F942C606-0914-47AB-BE56-1321B8035096}
  • Supported OS: Windows 8, Windows 8.1
  • Module name: @C:\Windows\System32\SpaceControl.dll,-1

Sync Center

  • Canonical name: Microsoft.SyncCenter
  • GUID: {9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\SyncCenter.dll,-3000

System

  • Canonical name: Microsoft.System
  • GUID: {BB06C0E4-D293-4f75-8A90-CB05B6477EEE}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\systemcpl.dll,-1

Tablet PC Settings

  • Canonical name: Microsoft.TabletPCSettings
  • GUID: {80F3F1D5-FECA-45F3-BC32-752C152E456E}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\tabletpc.cpl,-10100

Taskbar and Navigation

  • Canonical name: Microsoft.Taskbar
  • GUID: {0DF44EAA-FF21-4412-828E-260A8728E7F1}
  • Supported OS: Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\system32\shell32.dll,-32517

Troubleshooting

  • Canonical name: Microsoft.Troubleshooting
  • GUID: {C58C4893-3BE0-4B45-ABB5-A63E4B8C8651}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\DiagCpl.dll,-1
  • Pages
    Page Name Opens
    HistoryPage History

     

TSAppInstall

  • Canonical name: Microsoft.TSAppInstall
  • GUID: {BAA884F4-3432-48b8-AA72-9BF20EEF31D5}
  • Supported OS: Windows 7, Windows 8, Windows 8.1
  • Module name: @%systemroot%\system32\tsappinstall.exe,-2001

User Accounts

  • Canonical name: Microsoft.UserAccounts
  • GUID: {60632754-c523-4b62-b45c-4172da012619}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\usercpl.dll,-1

Windows Anytime Upgrade

  • Canonical name: Microsoft.WindowsAnytimeUpgrade
  • GUID: {BE122A0E-4503-11DA-8BDE-F66BAD1E3F3A}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @$(resourceString._SYS_MOD_PATH),-1

Windows Defender

  • Canonical name: Microsoft.WindowsDefender
  • GUID: {D8559EB9-20C0-410E-BEDA-7ED416AECC2A}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-104

Windows Firewall

  • Canonical name: Microsoft.WindowsFirewall
  • GUID: {4026492F-2F69-46B8-B9BF-5654FC07E423}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @C:\Windows\system32\FirewallControlPanel.dll,-12122
  • Pages
    Page Name Opens
    pageConfigureApps Allowed apps

     

Windows Mobility Center

  • Canonical name: Microsoft.MobilityCenter
  • GUID: {5ea4f148-308c-46d7-98a9-49041b1dd468}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\system32\mblctr.exe,-1002

Windows To Go

  • Canonical name: Microsoft.PortableWorkspaceCreator
  • GUID: {8E0C279D-0BD1-43C3-9EBD-31C3DC5B8A77}
  • Supported OS: Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\System32\pwcreator.exe,-151

Windows Update

  • Canonical name: Microsoft.WindowsUpdate
  • GUID: {36eef7db-88ad-4e81-ad49-0e313f0c35f8}
  • Supported OS: Windows Vista, Windows 7, Windows 8, Windows 8.1
  • Module name: @%SystemRoot%\system32\wucltux.dll,-1
  • Pages
    Page Name Opens
    pageSettings Change settings
    pageUpdateHistory View update history

     

Work Folders

  • Canonical name: Microsoft.WorkFolders
  • GUID: {ECDB0924-4208-451E-8EE0-373C0956DE16}
  • Supported OS: Windows 8.1
  • Module name: @C:\Windows\System32\WorkfoldersControl.dll,-1

Deprecated Control Panel Canonical Names

The following are canonical names that are no longer in use as of Windows 8.1. Some have been removed altogether. Others have been remapped in these situations:

  • A Control Panel item is renamed. The renamed item is given a new canonical name but keeps the same GUID. In this case, the old canonical name launches the renamed Control Panel item. Be aware that the item that’s launched might not use the same UI as that item’s older version.
  • The functionality of one or more Control Panel items is moved or consolidated into a new item. In this case, the old canonical name maps to the most appropriate new Control Panel item.
Note Remappings exist for backward compatibility. You should not use deprecated values in new code.
Deprecated canonical name Control Panel Item GUID Notes
Microsoft.AddHardware Add Hardware {7A979262-40CE-46ff-AEEE-7884AC3B6136} Maps to Microsoft.DevicesAndPrinters as of Windows 7.
Microsoft.AudioDevicesAndSoundThemes Sound {F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D} Maps to Microsoft.Sound as of Windows 7.
Microsoft.BackupAndRestoreCenter/Microsoft.BackupAndRestore Backup and Restore Center {B98A2BEA-7D42-4558-8BD1-832F41BAC6FD} Microsoft.BackupAndRestoreCenter maps to Microsoft.BackupAndRestore in Windows 7. Both are removed as of Windows 8; use Microsoft.FileHistory instead.
Microsoft.CardSpace Windows CardSpace {78CB147A-98EA-4AA6-B0DF-C8681F69341C} Removed as of Windows 8.
Microsoft.DesktopGadgets Desktop Gadgets {37efd44d-ef8d-41b1-940d-96973a50e9e0} Removed as of Windows 8.
Microsoft.GetProgramsOnline Windows Marketplace {3e7efb4c-faf1-453d-89eb-56026875ef90} Removed as of Windows 7.
Microsoft.InfraredOptions Infrared {A0275511-0E86-4ECA-97C2-ECD8F1221D08} Maps to Microsoft.Infrared as of Windows 7.
Microsoft.LocationAndOtherSensors Location and Other Sensors {E9950154-C418-419e-A90A-20C5287AE24B} Maps to Microsoft.LocationSettings as of Windows 8.
Microsoft.PenAndInputDevices Pen and Input Devices {F82DF8F7-8B9F-442E-A48C-818EA735FF9B} Maps to Microsoft.PenAndTouch as of Windows 7.
Microsoft.PeopleNearMe People Near Me {5224F545-A443-4859-BA23-7B5A95BDC8EF} Removed as of Windows 8.
Microsoft.PerformanceInformationAndTools Performance Information and Tools {78F3955E-3B90-4184-BD14-5397C15F1EFC} Removed as of Windows 8.1.
Microsoft.PhoneAndModemOptions Phone and Modem {40419485-C444-4567-851A-2DD7BFA1684D} Maps to Microsoft.PhoneAndModem as of Windows 7.
Microsoft.Printers Printers {2227A280-3AEA-1069-A2DE-08002B30309D} Maps to Microsoft.DevicesAndPrinters as of Windows 7.
Microsoft.ProblemReportsAndSolutions Problem Reports and Solutions {FCFEECAE-EE1B-4849-AE50-685DCF7717EC} Maps to Microsoft.ActionCenter as of Windows 7.
Microsoft.RegionalAndLanguageOptions Regional and Language Options {62D8ED13-C9D0-4CE8-A914-47DD628FB1B0} Maps to Microsoft.RegionAndLanguage as of Windows 7. Note that as of Windows 8, Region and Language were each given their own Control Panel item. Both Microsoft.RegionalAndLanguageOptions and Microsoft.RegionAndLanguage currently open the Region item. You must use Microsoft.Language to access the Language item.
Microsoft.SecurityCenter Windows Security Center {087DA31B-0DD3-4537-8E23-64A18591F88B} Maps to Microsoft.ActionCenter as of Windows 7.
Microsoft.SpeechRecognitionOptions Speech Recognition Options {58E3C745-D971-4081-9034-86E34B30836A} Maps to Microsoft.SpeechRecognition as of Windows 7.
Microsoft.TaskbarAndStartMenu Taskbar and Start Menu {0DF44EAA-FF21-4412-828E-260A8728E7F1} Maps to Microsoft.Taskbar as of Windows 8.
Microsoft.WelcomeCenter Welcome Center {CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} Maps to Microsoft.GettingStarted in Windows 7. Launches the Control Panel home page as of Windows 8.
Microsoft.WindowsSidebarProperties Windows Sidebar Properties {37efd44d-ef8d-41b1-940d-96973a50e9e0} Maps to Microsoft.DesktopGadgets in Windows 7. Removed as of Windows 8.
Microsoft.WindowsSideShow Windows SideShow {E95A4861-D57A-4be1-AD0F-35267E261739} Feature deprecated in Windows 8, removed as of Windows 8.1.

 

Using Canonical Names in Local Group Policy

As of Windows 7, you can use canonical names to restrict access to individual Control Panel items through group policy. This same procedure can be used in Windows Vista, but you have to use the module name instead of the canonical name.

Hiding individual Control Panel items

Use this method if you want to show more Control Panel items than you want to hide.

  1. Run the Gpedit.msc file to launch the Local Group Policy Editor. You can also type “group policy” at the Windows 8.1 Start screen and select Edit group policy from the search results.
  2. Select User Configuration > Administrative Templates > Control Panel.
  3. Select Hide specified Control Panel items.
  4. In the Hide Specified Control Panel Items window that opens, click Enabled.
  5. Click the Show button in the Options panel to show the list of disallowed Control Panel items.
  6. In the Show Contents window that opens, type a canonical name into the Value column. Repeat as necessary.
  7. Click OK.

Showing individual Control Panel items

Use this method if you want to hide more Control Panel items than you want to show.

  1. Run the Gpedit.msc file to launch the Local Group Policy Editor. You can also type “group policy” at the Windows 8.1 Start screen and select Edit group policy from the search results.
  2. Select User Configuration > Administrative Templates > Control Panel.
  3. Select Show only specified Control Panel items.
  4. In the Show Only Specified Control Panel Items window that opens, click Enabled. This hides everything in the Control Panel.
  5. Click the Show button in the Options panel to show the list of allowed Control Panel items.
  6. In the Show Contents window that opens, type a canonical name into the Value column. Repeat as necessary.
  7. Click OK.

If you want to remove all of the entries that you’ve added to a Show or Hide Control Panel items list, return to the screen in step 4 and select Not Configured to clear the list. If you want to retain your entries but suspend the restrictions, select Disabled.

Remarks

You might see items in your Control Panel that are not listed here. Those items are not part of Windows, but instead are added during the installation of various software and hardware, such as Microsoft Office or a video card. Non-Windows Control Panel items may or may not have a canonical name. To find the canonical name of a Control Panel item not listed here, look in the registry under these paths:

HKEY_CLASSES_ROOT
   CLSID
      {CLSID of the Control Panel item}
         System.ApplicationName
HKEY_LOCAL_MACHINE
   SOFTWARE
      Classes
         CLSID
            {CLSID of the Control Panel item}
               System.ApplicationName

For more information that can help you discover the necessary CLSIDs, see How to Register Executable Control Panel Items and How to Register DLL Control Panel Items.

Windows XP System File Reference



Who knows when ms will remove this from their servers.

Quote of System Files Reference

System Files Reference

114 out of 145 rated this helpful Rate this topic
Published: November 03, 2005

When you install the Microsoft Windows XP Professional operating system, the Setup program creates folders on your system drive into which it places files that the system requires. Knowing the names and locations of essential system files can help you understand and troubleshoot your Windows XP Professional installation.

For information on how to obtain the Windows XP Professional Resource Kit in its entirety, please see http://www.microsoft.com/mspress/books/6795.asp.

Bb457124.3squares(en-us,TechNet.10).gif

On This Page

on original ms page:
Related Information Related Information
System Files System Files
Startup Files Startup Files
Folders on the Local Disk Folders on the Local Disk
Windows Folder Windows Folder
System32 Folder System32 Folder
Extracting Files from the Operating System CD Extracting Files from the Operating System CD
Using the Copy Command in Recovery Console Using the Copy Command in Recovery Console
Using the Expand Command in Recovery Console Using the Expand Command in Recovery Console
Additional Resources Additional Resources

Related Information

  • For information about troubleshooting Startup and running Recovery Console, see Chapter 29, “Troubleshooting the Startup Process.”
  • For information about general troubleshooting concepts and strategies, see Chapter 27, “Understanding Troubleshooting.”

System Files

The following files are core components of the Windows XP Professional operating system. If you install Windows XP Professional as an upgrade from Microsoft Windows 2000 or earlier, the files listed in Table A-1 are located in the Windows\System32 folder or in Winnt\System32.

Table A-1 Essential System Files

File Name Description
Ntoskrnl.exe Executive and kernel.
Ntkrnlpa.exe Executive and kernel with support for Physical Address Extension (PAE), which allows addressing of more than 4 gigabytes (GB) of physical memory.
Hal.dll Hardware abstraction layer.
Win32k.sys Kernel-mode part of the Win32 subsystem.
Ntdll.dll Internal support functions and system service dispatch stubs to executive functions.
Kernel32.dll

Advapi32.dll

User32.dll

Gdi32.dll

Core Win32 subsystem DLLs.

Startup Files

The following files are essential to the startup process. All files listed in Table A-2 are located in the boot or root directory (for example, C:\) of your Windows XP Professional installation.

Table A-2 Essential Startup Files

File Name Description
Ntldr Reads the Boot.ini file, presents the boot menu, and loads Ntoskrnl.exe, Bootvid.dll, Hal.dll, and boot-start device drivers.
Boot.ini Contains options for starting the version of Windows that Setup installs and any preexisting Windows installations.
Ntdetect.com After the boot selection is made, Ntldr loads and executes this 16-bit real-mode program to query the computer for basic device and configuration information. This information includes the following:

  • The time and date information stored in the system’s CMOS (nonvolatile memory).
  • The types of buses (for example, ISA, PCI, EISA, Micro Channel Architecture [MCA]) on the system and identifiers for devices attached to the buses.
  • The number, size, and type of disk drives on the system.
  • The types of mouse input devices connected to the system.
  • The number and type of parallel ports configured on the system.
Pagefile.sys Contains memory data that Windows is unable to fit into physical RAM. During Startup, the virtual memory manager moves data in and out of the paging file to optimize the amount of physical memory available to the operating system and applications.
Ntbootdd.sys If either the boot or system drives are SCSI-based, Ntldr loads this file and uses it instead of the boot-code functions for disk access.

Folders on the Local Disk

Setup creates the following folders (shown in Table A-3) on your local disk by default when installing Windows XP Professional.

Note When Windows XP Professional is installed as an upgrade from Windows 2000 or earlier, Setup installs the operating system into the existing Winnt folder. A Windows folder is not created.

Table A-3 Default Local Disk Folders

Folder Name Contents
Documents and Settings Account information for each user who is granted access on the computer. Each user account is represented by a subfolder assigned the user name and called the user profile. Folders under each user account folder include My Documents, Desktop, and Start Menu.
Program Files Installed applications, such as Microsoft Internet Explorer or Microsoft Office.
WINDOWS or WINNT Entire operating system.

Windows Folder

The Windows folder and its subfolders contain the operating system files for your Windows XP Professional installation (as shown in Table A-4).

Table A-4 Windows Folder and Subfolders

Folder Name Contents
WINDOWS or WINNT Miscellaneous operating system and application files (for example, Control.ini, Desktop.ini, Notepad.exe, and System.ini files)
Addins ActiveX controls (.ocx) files
AppPatch Application compatibility files
Config Musical Instrument Digital Interface (MIDI) instrument definition files
Connection Wizard Internet connection files that are used when a computer starts Windows for the first time
CSC Offline files that are used during client-side caching
Cursors Cursor and icon files
Debug Log files
Downloaded Program Files Downloaded program files
Driver Cache Uninstalled driver files
ehome Used by Windows Media Center Edition
Fonts All font files
Help Help files
Ime Language files
ime (x86) Language files for x86-based systems
inf Device driver INF files
Installer Cached Windows Installer (.MSI) files
Java Java files
Media Sound and music files (for example: *.wav and *.midi)
MS Installation folder for Microsoft Systems Management Server (SMS) client
Msagent Microsoft Agent files (Microsoft Agent is a set of programmable software services that support the presentation of interactive animated characters within the Microsoft Windows interface.)
Msapps Files that support backward compatibility in applications
Mui Multi-user interface files
Offline Web Pages Downloaded Web pages for offline reading
PCHEALTH Help and Support Center files
PeerNet MSSL 2.0 files
PIF Program information files (PIFs) for MS-DOS-based programs
Prefetch Data files related to enhancing the speed at which applications start
Provisioning Schemas for creating wireless profiles
Registration COM+ files. (COM+ files are enhancements to the Microsoft Component Object Model [COM].)
Repair Registry backup files (These files are updated if you use NTBackup and choose to back up system state files.)
Resources User interface files
SchCache Schema cache folder
Security Log files, templates for snap-ins, and security database files
Setupupd Dynamic Update storage location
SoftwareDistribution Used by Automatic Updates
Srchasst Search assistant files
System Backward-compatibility files related to the System folder (for example, applications that look for a System folder)
system32 Core operating system files (For more information, see “System32 Folder” later in this appendix.)
Tasks Scheduled Task files
Temp Temporary files
twain_32 Imaging files (for scanners)
Web Printer and wallpaper files
WinSxS Side by Side (shared components)

System32 Folder

The System32 folder and its subfolders contain the core operating system files for your Windows XP Professional installation. Table A-5 describes the System32 files.

Table A-5 System32 Folder and Subfolders

Folder Name Contents
system32 Essential system files (for example, Hal.dll and Ntoskrnl.exe files).
1025, 1028, 1031, 1033, 1037, 1041, 1053, 2052, 3076 Localization (language) files for a specific language, corresponding to the number assigned to this folder. This folder remains empty unless Windows XP Professional is localized for this particular language.
CatRoot Catalog files and signature files.
CatRoot2 Catalog files and signature files.
Com Component Object Model (COM) objects.
Config Registry files and event logs.
Dhcp DHCP database files.
DirectX DirectX files.
Dllcache Windows File Protection backup files.
Drivers Installed drivers.
Export Encryption Pack installation files.
Group Policy Group Policy administrative templates and script files.
Ias Internet Authentication Service files.
Icsxml Universal Plug and Play files.
Ime Language files.
Inetsrv Internet Information Services files.
Macromed Macromedia files.
Microsoft Cryptography files.
MsDtc Microsoft Distributed Transaction Coordinator files.
Mui Multi-user interface files.
Npp Network Monitor and trace files.
NtmsData Removable Storage Manager (RSM) database.
Oobe Windows Welcome files.
Ras Remote access server encryption files.
RemoteStorage Remote Storage Service (RSS) database.
Restore Data files or System Restore–related files.
Rpcproxy RPC Proxy files (RPCProxy.dll).
Setup Optional component manager files.
ShellExt Shell extension components.
Smsmsgs SMS Site Component Manager files.
SoftwareDistribution Used by Automatic Updates (Windows XP Service Pack 2).
Spool Print spooling files.
Usmt User State Migration tool.
Wbem Web-based Enterprise Management data files. Windows Management Instrumentation (WMI) is the Microsoft implementation of WBEM.
Wins WINS database files.

Extracting Files from the Operating System CD

It is usually recommended that you use Add or Remove Programs in Control Panel to install and uninstall components, applications, and support software from the Windows XP Professional operating system CD. If system files are missing or damaged, you can run Windows XP Professional Setup from the operating system CD and choose the option to repair your existing installation. In some cases, however, you might need to extract a system or startup file directly from the operating system CD.

Warning If you install incorrect versions of system or startup files or if you install files to incorrect locations, your system might not operate as expected or might not start. Use the method described in this section only if your product support representative indicates that it is necessary to manually retrieve a compressed file from your operating system CD.

The /i386 folder on your Windows XP Professional operating system CD contains system and startup files in compressed form. If you need to replace a file in your Windows XP Professional installation, you can use the copy or expand command in Recovery Console to extract the needed file from the operating system CD. Use the copy command unless you are extracting a file from a .cab file, such as Driver.cab. When extracting a file from a .cab file, use the expand command.

When you use Recovery Console to extract a compressed file from the operating system CD, you must use exact file names for the compressed and uncompressed files. Table A-6 illustrates compressed and uncompressed file names.

Table A-6 Compressed and Uncompressed File Names

Compressed File Name Uncompressed File Name
Ntoskrnl.ex_ Ntoskrnl.exe
Hal.dl_ Hal.dll

Using the Copy Command in Recovery Console

If a file is not within a .cab file, you can use the copy command in Recovery Console to extract the file from the operating system CD and place it on your local disk in a Windows XP Professional installation. When you use the copy command to extract a file to a destination on your local disk, the file is automatically uncompressed. For more information about running Recovery Console, including how to add it to your startup options, see Chapter 29, “Troubleshooting the Startup Process.”

Use the copy command with the following syntax:

copy source [destination]

Table A-7 describes the parameters that you can use with the copy command.

Table A-7 Parameters for the Copy Command

Parameter Description
Source Specifies the file to be copied
Destination Specifies the directory and/or file name for the new file

Source can be removable media, any directory within the System32 directory of the current Windows installation, the root of any drive, the local installation sources, or the Cmdcons folder. (The C:\Cmdcons folder is the Recovery Console installation folder.)

Destination can be any directory within the System32 directories of the current Windows installation, the root of any drive, the local installation sources, or the Cmdcons folder. If you do not specify a destination, the command defaults to the current directory. The copy command prompts you if the destination file already exists. The destination cannot be removable media.

The copy command does not support replaceable parameters (wildcards).

Using the Expand Command in Recovery Console

To extract a file from a .cab file on the operating system CD and place it on your local disk in a Windows XP Professional installation, start Recovery Console and use the expand command. When you use the expand command to extract a file to a destination on your local disk, the file is automatically uncompressed. For more information about running Recovery Console, including how to add it to your startup options, see Chapter 29, “Troubleshooting the Startup Process.”

Use the expand command with the following syntax:

expand source [/f:filespec][destination][/y][/d]

Tables A-8 describes the parameters that you can use with the expand command.

Tables A-8 Parameters for the Expand Command

Parameter Description
source Specifies the file that you want to expand. Cannot include wildcards.
destination Specifies the directory for the new file; the default is the current directory.
/y Suppresses the overwrite prompt when you expand or extract files.
/f:filespec If the source contains more than one file, this parameter is required to identify the specific file or files that you want to expand. Can include wildcards.
/d Lists the files contained in the cabinet file without expanding it or extracting from it.
  • The destination can be any folder within the System32 folder of the current Windows installation, the root of any drive, the local installation sources, or the Cmdcons folder.
  • The destination cannot be removable media.
  • The destination file cannot be read-only. Use the Attrib command to remove the read-only attribute.
  • If the destination file already exists, the expand command prompts you for confirmation to overwrite the file unless you include the /y parameter.

Additional Resources

The following resources contain additional information related to this appendix.

Related Information

  • Chapter 27, “Understanding Troubleshooting.”
  • Appendix C, “Tools for Troubleshooting.”
  • Chapter 28, “Troubleshooting Disks and File Systems.”
  • Chapter 29, “Troubleshooting the Startup Process.”
  • Windows XP Professional Help and Support Center, for more information about running and troubleshooting Windows XP Professional. Search using the keywords troubleshooting and recovery console.

Mapped drives (incl net use) missing from elevated processes eg UAC cmd run as administrator



Mapped drives created in Windows Explorer Tools -> Map network drive OR via command prompt (cmd.exe) net use command will not be visible in programs that “run as administrator” ie with elevated privileges.

Eg if you do Start Orb -> type “cmd” without the quotes into the search box -> right click on cmd and select “run as administrator”

…then you will get an command prompt running with elevated privileges.

(There other other ways to get an elevated cmd prompt if you dont want to be bothered by UAC.)

If you do net use in that command prompt to show mapped netowrk drives, you wont see the same as you see in un-elevated or in windows explorer.

The key tidbit going on here is that an administrtor accoutn has 2 access tokens, a filtered and regular. Regular is priviledged / elevated. Filtered has the privs filered out, if you will.

And mapped drives are associated with only 1 particular access token; 1 or the other, not both.

A key to understanding this mechanism is

This article is so important, i quote it below so that if it ever goes away it’ll still be here. And i quote it with its user comments, cuz they are also key, in this case. Good, hi quality comments.

One of the places this technet article is referecned is

Microsoft KB

That was a technet article. Microsoft’s offical KB on it is here, but IMHO not as informative (and contains a bug)

One of the places this KB article is referecned is


Unfortunately the suggestion in this KB article is wrong, i think. It suggests to do net use without a drive letter:

To work around this issue, use the net use command together with a UNC name to access the network location. For example, at a command prompt, type the following command, and then press Enter:

net use \\COMPUTERNAME\SHARENAME /user:USERNAME

I just tried this and it did not make the \\COMPUTERNAME\SHARENAME appear in the other net use listing.

Now it’s possible that even tho it did not appear in the net use listing, it did log me in in both prived and non-prived. I did not test this, cuz i was already logged in in both prived and non-prived and so it requires logging out to test and i cant do that right now for other reasons.


Quote of technet article

NOTE: the comments have important info, eg, some, but not all, ppl see the logon script that maps drives running at elevated privs, so that they see mapped drives elevated but not un-elevated; all hinges on what access token is in use when the logon script runs

Some Programs Cannot Access Network Locations When UAC Is Enabled

47 out of 70 rated this helpful Rate this topic

Updated: November 16, 2009

Applies To: Windows Server 2008 R2

Symptom

After you turn on User Account Control (UAC) in Windows Vista or Windows 7, programs may not be able to access some network locations. This problem may also occur when you use the command prompt to access a network location.

Cause

This problem occurs because UAC treats members of the Administrators group as standard users. Therefore, network shares that are mapped by logon scripts are shared with the standard user access token instead of with the full administrator access token.

When a member of the Administrators group logs on to a computer running Windows Vista or Windows 7 that has UAC enabled, the user runs as a standard user. Standard users are members of the Users group. If you are a member of the Administrators group and you want to perform a task that requires a full administrator access token, UAC prompts you for approval. For example, if you try to edit security policies on the computer, you are prompted. If you approve the action in the User Account Control dialog box, you can then complete the administrative task by using the full administrator access token.

When an administrator logs on to a computer running Windows Vista or Windows 7, the Local Security Authority (LSA) creates two access tokens. If LSA is notified that the user is a member of the Administrators group, LSA creates the second logon that has the administrator rights removed (filtered). This filtered access token is used to start the user’s desktop. Applications can use the full administrator access token if the administrator user provides approval in a User Account Control dialog box.

If a user is logged on to a computer running Windows Vista or Windows 7 and if UAC is enabled, a program that uses the user’s filtered access token and a program that uses the user’s full administrator access token can run at the same time. Because LSA created the access tokens during two separate logon sessions, the access tokens contain separate logon IDs.

When network shares are mapped, they are linked to the current logon session for the current process access token. This means that if a user uses the command prompt (cmd.exe) together with the filtered access token to map a network share, the network share is not mapped for processes that run with the full administrator access token.

Resolution

ImportantImportant
This section contains steps that modify the registry. Incorrectly editing the registry may severely damage your system or make your system unsafe. Before making changes to the registry, you should back up any data on the computer. For more information about how to back up and restore the registry, see article 322756 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=133378).

To work around this problem, configure the EnableLinkedConnections registry value. This value enables Windows Vista and Windows 7 to share network connections between the filtered access token and the full administrator access token for a member of the Administrators group. After you configure this registry value, LSA checks whether there is another access token that is associated with the current user session if a network resource is mapped to an access token. If LSA determines that there is a linked access token, it adds the network share to the linked location.

To configure the EnableLinkedConnections registry value

  1. Click Start, type regedit in the Start programs and files box, and then press ENTER.
  2. Locate and then right-click the registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
  3. Point to New, and then click DWORD Value.
  4. Type EnableLinkedConnections, and then press ENTER.
  5. Right-click EnableLinkedConnections, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. Exit Registry Editor, and then restart the computer.

 

Community Additions

ADD

Doesn’t work properly with Windows 8.x

On Windows 8 and Windows 8.1, ‘EnableLinkedConnections’ does enable mapped drives to appear for local Administrators however drives mapped to a subfolder of a share do not then map correctly. So if you try to map a drive to \\server\share\subfolder the mapped drive appears but is incorrectly mapped to \\server\share instead.
4/4/2014

Does This Open A Security Vulnerability?

There are articles all over the internet that quote this registry hack. Most (superuser.com, vistaheads.com, intelliadmin.com, winhelponline.com, and notably social.technet.microsoft.com) also state that using it opens a security hole.
Microsoft does not discuss (in the article above) whether this creates a security vulnerability or what it might be. I spent all morning trying to find this original article to find out what the security risk might be. I’m disappointed that it is not discussed.
So here are some questions:
• If there is a risk, what is it?
• If there is no risk, why isn’t it the default?
• Where did all those other sites get the idea that it is potentially dangerous?

6/25/2013

Article seems correct to me.

I am seeing results consistent with the article and different than the two previous comments. I am a domain admin and when I log in, the drives mapped in the login script are available in Explorer and at a command prompt without elevated privileges. When I run a command prompt as administrator, the drives are not available. In the elevated command window, the drives are listed by net use, but show a status of unavailable.
1/12/2013

Windows 7, 64bit and 32bit

Thank you, this solved my problem.

Some additonal information: I had a problem on my Windows 7 64bit system where mapped drives would not show when using the Win32Api function: GetLogicalDrives().

By adding the registry key, I was glad to see that my mapped drives were shown again.

However, on a my 32bit system, which does not have this registry key, mapped drives do get shown when using the Win32Api GetLogicalDrives() function…

10/2/2012

Problem description is misstated.

This problem description in this article needs to be updated. Some of the statements in it are the exact opposite of the truth about how UAC works.

Drives mapped by logon scripts are only available to processes the are launched using UAC elevation or Run As Administrator. However, this article incorrectly states the reverse — that they are only accessible to processes started by the filtered logon token. To verify this, create a simple logon script to map a drive. Make sure that this drive has not been manually mapped already. Then logon to the computer with UAC turned on using and administrator account. Open Windows Explorer and there will be no mapped drive shown there because the drive is not accessible to the filtered token which is what Windows Explorer and non-elevated processes use to run. Open a command prompt and try to change the directory to the mapped drive. Again, it is not accessible. However, if you open a command prompt using Run As Administrator, you will see that you are able to change the directory to the mapped drive.

Likewise, if you launch a program that requires UAC elevation or run a program as administrator, you will also see that drives mapped by logon scripts are available to those programs,but not to programs that do not run elevated.
Please also note that drives that are mapped manually using Windows Explorer or net use in an unelevated command prompt are not available to processes that use the elevated token (elevated through UAC or using Run As Administrator). To test, manually map a drive through Windows Explorer and launch a program that prompts for UAC elevation or use Run As Administrator. Using the program, try to open a file on the mapped drive. You will notice that the mapped drive is not available. However, if you open an elevated command prompt and then use the net use command to map a drive, it will then be available to the elevated program.

8/29/2012

Logon scripts and UAC

The text is incorrect imho. Windows 7 behaves like this: the logon script runs at the elevated account and mappings are made using this. After logon explorer starts with the standard account. Missing the registry key – the standard account does not see the mappings. Running an elevated cmd prompt reveals the mappings.

Important to note: the same behaviour is observed for accounts that are member of the Power Users group. No special permissions are given to the group but a logon script runs as Power Users, after logon the standard account does not see the mappings. There seems to be no way to elevate to a Power User. Hard to explain to your users. Ouch.
Best use the EnableLinkedConnections registry key to avoid this.

4/13/2011

How do I search for a task in task scheduler (use autoruns)

Background on Windows Task Scheduler

If you’re already familiar with task scheduler skip to the answer

Windows (7, 8*) has many tasks that are scheduled to run at various times. Programs you install often create new tasks of their own to run at various times. These tasks can be set up to run at various times of day, or on various triggers, like system start, or user logon, or the start of a program (most likely a related program to run in a coordinated fashion).

You start task scheduler by

Windows 7:
clicking on the start orb (or hitting Ctrl-ESC) and typing “task” in the search box and clicking on “Task Scheduler”
Windows 8*:
Going to the tile screen (or hitting Ctrl-ESC) and just typing “task”. It’s in the “Settings” group; click on “Task Scheduler”.

How to search–You Can’t–Use autoruns

The short answer is that Windows Task Scheduler PROVIDES NO WAY TO SEARCH.
But, fortunately, another program Sysinternals autoruns, does.

Download autoruns here: https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

(it’s a .zip file so after downloading you’ll have to double-click it to open the .zip file and extract all the files in it to a folder that you’ll remember.)

Then double click on autoruns.exe to start it. (not the file with the ‘c’ in it’s name–that one runs the console-only application. That is, unless you like the command line style.)

Click the “Scheduled Tasks” tab to show ownly scheduled tasks.

Click File -> Find (or type Ctrl-F) and search for your task.

Once you find it, you can see the hierarchy in the first column of where it’s stored in regular task scheduler.

pastebin

pastebin is a generic term for posting text (usually programming code) online so that others can see it.

For example, to collaborate with people on the internet to improve or debug code.

Or to post a long segment of code in an online forum; rather than include the code directly in the post, just post the link to the pastebin.

The original and namesake is pastebin.com;

Two others are hastebin and GitHub Gist

A related site/concept is jsfiddle which allows pasting of all 3 of these: HTML, Javascript, CSS, and will actually run them for you. So it’s a sharing and testing platform in one.

Enable Admin Shares (C$) on Windows 7


Enable File and Print Sharing

The first step to enable administrative shares is to make sure you have File and Print sharing enabled.  While you’re at it, I recommend turning on Network Discovery also

  1. Click the Windows button (formerly the Start button).
  2. Type “advanced shar” into the search text box (that’s all you need).
  3. Click the link to “Manage advanced sharing settings” (aka “Change advanced sharing settings”).
  4. In the window that opens, expand the “Home or Work” profile and browse to the “Network discovery” section.
  5. Click the link to “Turn on network discovery (Figure 1).
  6. Browse to the “File and printer sharing” section.
  7. Click the link to “Turn on file and printer sharing (Figure 1).
  8. Click Save Changes.

Note that this will only enable file and printer sharing for your home network. If you connect your computer to a public or “unknown” network, your shares will still remain disabled. It is not recommended, but If you want to change this, follow the above procedure for the “Public” profile.

Image:change_advanced_settings_annotated

Figure 1

Step 2: LocalAccountTokenFilterPolicy

The next step is to go into the registry and give local users the ability to access remote administrative shares. BE CAREFUL–you can destroy our system by editing the registry.

  1. Click the Windows button and in the Search box, type “regedit”. If you get a User Access Control warning, click Yes.
  2. The Registry Editor will open. Expand the items until you get to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System (Figure 3).
  3. Click Edit from the top menu then New and then DWORD.
  4. Type in LocalAccountTokenFilterPolicy for the name of the DWORD. Hit ENTER.
  5. Double click the new entry and enter “1” for the value. Click OK.
  6. Close the Registry Editor and reboot your computer.
IMAGE:Regedit create LocalAccountTokenFilterPolicy

Regedit create LocalAccountTokenFilterPolicy

What’s going on here?

You might be familiar with UAC (User Account Control)

IMAGE:UAC example

UAC example (for regedit in this case)

This is new for Windows Vista and Windows 7. It is Microsoft’s attempt at security. The idea is that before programs can do dangerous things, or access sensitive areas, the OS will prompt the user for an additional OK. If the user expects this, they can click YES, if it comes out of the blue, they can click NO. For example, if some program is running in the background without the user’s knowledge, and tries to change a sensitive area, this UAC prompt will come out of the blue, and the user can then click NO, protecting his computer.

Clicking YES to the UAC prompt enables what’s called as “elevated privilege”. Ie the process now has more privilege to access and change sensitive areas.

Well, when logging in from a remote PC, like you do when you’re trying to access a network admin share, even if you provide username and password to an administrator account, you do NOT get elevated privilege and there is no UAC prompt.

The LocalAccountTokenFilterPolicy turns this off. The values of 0 and 1 dont make any sense, so i provide mnemonics to help remember below.

Value  Description Mnemonic
0 This value builds a filtered token. This is the default value. The administrator credentials are removed. zero-no privileges
1 This value builds an elevated token. 1-privileges on

References: