Who knows when ms will remove this from their servers.

Quote of System Files Reference

• <https://technet.microsoft.com/en-us/library/bb457124.aspx>

System Files Reference

114 out of 145 rated this helpful – Rate this topic

Published: November 03, 2005

When you install the Microsoft Windows XP Professional operating system, the Setup program creates folders on your system drive into which it places files that the system requires. Knowing the names and locations of essential system files can help you understand and troubleshoot your Windows XP Professional installation.

For information on how to obtain the Windows XP Professional Resource Kit in its entirety, please see http://www.microsoft.com/mspress/books/6795.asp.

On This Page	on original ms page:
Related Information	Related Information
System Files	System Files
Startup Files	Startup Files
Folders on the Local Disk	Folders on the Local Disk
Windows Folder	Windows Folder
System32 Folder	System32 Folder
Extracting Files from the Operating System CD	Extracting Files from the Operating System CD
Using the Copy Command in Recovery Console	Using the Copy Command in Recovery Console
Using the Expand Command in Recovery Console	Using the Expand Command in Recovery Console
Additional Resources	Additional Resources

Related Information

• For information about troubleshooting Startup and running Recovery Console, see Chapter 29, “Troubleshooting the Startup Process.”
• For information about general troubleshooting concepts and strategies, see Chapter 27, “Understanding Troubleshooting.”

Top of page

System Files

The following files are core components of the Windows XP Professional operating system. If you install Windows XP Professional as an upgrade from Microsoft Windows 2000 or earlier, the files listed in Table A-1 are located in the Windows\System32 folder or in Winnt\System32.

Table A-1 Essential System Files

File Name	Description
Ntoskrnl.exe	Executive and kernel.
Ntkrnlpa.exe	Executive and kernel with support for Physical Address Extension (PAE), which allows addressing of more than 4 gigabytes (GB) of physical memory.
Hal.dll	Hardware abstraction layer.
Win32k.sys	Kernel-mode part of the Win32 subsystem.
Ntdll.dll	Internal support functions and system service dispatch stubs to executive functions.
Kernel32.dll Advapi32.dll User32.dll Gdi32.dll	Core Win32 subsystem DLLs.

Top of page

Startup Files

The following files are essential to the startup process. All files listed in Table A-2 are located in the boot or root directory (for example, C:\) of your Windows XP Professional installation.

Table A-2 Essential Startup Files

File Name	Description
Ntldr	Reads the Boot.ini file, presents the boot menu, and loads Ntoskrnl.exe, Bootvid.dll, Hal.dll, and boot-start device drivers.
Boot.ini	Contains options for starting the version of Windows that Setup installs and any preexisting Windows installations.
Ntdetect.com	After the boot selection is made, Ntldr loads and executes this 16-bit real-mode program to query the computer for basic device and configuration information. This information includes the following: The time and date information stored in the system’s CMOS (nonvolatile memory). The types of buses (for example, ISA, PCI, EISA, Micro Channel Architecture [MCA]) on the system and identifiers for devices attached to the buses. The number, size, and type of disk drives on the system. The types of mouse input devices connected to the system. The number and type of parallel ports configured on the system.
Pagefile.sys	Contains memory data that Windows is unable to fit into physical RAM. During Startup, the virtual memory manager moves data in and out of the paging file to optimize the amount of physical memory available to the operating system and applications.
Ntbootdd.sys	If either the boot or system drives are SCSI-based, Ntldr loads this file and uses it instead of the boot-code functions for disk access.

Top of page

Folders on the Local Disk

Setup creates the following folders (shown in Table A-3) on your local disk by default when installing Windows XP Professional.

Note When Windows XP Professional is installed as an upgrade from Windows 2000 or earlier, Setup installs the operating system into the existing Winnt folder. A Windows folder is not created.

Table A-3 Default Local Disk Folders

Folder Name	Contents
Documents and Settings	Account information for each user who is granted access on the computer. Each user account is represented by a subfolder assigned the user name and called the user profile. Folders under each user account folder include My Documents, Desktop, and Start Menu.
Program Files	Installed applications, such as Microsoft Internet Explorer or Microsoft Office.
WINDOWS or WINNT	Entire operating system.

Top of page

Windows Folder

The Windows folder and its subfolders contain the operating system files for your Windows XP Professional installation (as shown in Table A-4).

Table A-4 Windows Folder and Subfolders

Folder Name	Contents
WINDOWS or WINNT	Miscellaneous operating system and application files (for example, Control.ini, Desktop.ini, Notepad.exe, and System.ini files)
Addins	ActiveX controls (.ocx) files
AppPatch	Application compatibility files
Config	Musical Instrument Digital Interface (MIDI) instrument definition files
Connection Wizard	Internet connection files that are used when a computer starts Windows for the first time
CSC	Offline files that are used during client-side caching
Cursors	Cursor and icon files
Debug	Log files
Downloaded Program Files	Downloaded program files
Driver Cache	Uninstalled driver files
ehome	Used by Windows Media Center Edition
Fonts	All font files
Help	Help files
Ime	Language files
ime (x86)	Language files for x86-based systems
inf	Device driver INF files
Installer	Cached Windows Installer (.MSI) files
Java	Java files
Media	Sound and music files (for example: *.wav and *.midi)
MS	Installation folder for Microsoft Systems Management Server (SMS) client
Msagent	Microsoft Agent files (Microsoft Agent is a set of programmable software services that support the presentation of interactive animated characters within the Microsoft Windows interface.)
Msapps	Files that support backward compatibility in applications
Mui	Multi-user interface files
Offline Web Pages	Downloaded Web pages for offline reading
PCHEALTH	Help and Support Center files
PeerNet	MSSL 2.0 files
PIF	Program information files (PIFs) for MS-DOS-based programs
Prefetch	Data files related to enhancing the speed at which applications start
Provisioning	Schemas for creating wireless profiles
Registration	COM+ files. (COM+ files are enhancements to the Microsoft Component Object Model [COM].)
Repair	Registry backup files (These files are updated if you use NTBackup and choose to back up system state files.)
Resources	User interface files
SchCache	Schema cache folder
Security	Log files, templates for snap-ins, and security database files
Setupupd	Dynamic Update storage location
SoftwareDistribution	Used by Automatic Updates
Srchasst	Search assistant files
System	Backward-compatibility files related to the System folder (for example, applications that look for a System folder)
system32	Core operating system files (For more information, see “System32 Folder” later in this appendix.)
Tasks	Scheduled Task files
Temp	Temporary files
twain_32	Imaging files (for scanners)
Web	Printer and wallpaper files
WinSxS	Side by Side (shared components)

Top of page

System32 Folder

The System32 folder and its subfolders contain the core operating system files for your Windows XP Professional installation. Table A-5 describes the System32 files.

Table A-5 System32 Folder and Subfolders

Folder Name	Contents
system32	Essential system files (for example, Hal.dll and Ntoskrnl.exe files).
1025, 1028, 1031, 1033, 1037, 1041, 1053, 2052, 3076	Localization (language) files for a specific language, corresponding to the number assigned to this folder. This folder remains empty unless Windows XP Professional is localized for this particular language.
CatRoot	Catalog files and signature files.
CatRoot2	Catalog files and signature files.
Com	Component Object Model (COM) objects.
Config	Registry files and event logs.
Dhcp	DHCP database files.
DirectX	DirectX files.
Dllcache	Windows File Protection backup files.
Drivers	Installed drivers.
Export	Encryption Pack installation files.
Group Policy	Group Policy administrative templates and script files.
Ias	Internet Authentication Service files.
Icsxml	Universal Plug and Play files.
Ime	Language files.
Inetsrv	Internet Information Services files.
Macromed	Macromedia files.
Microsoft	Cryptography files.
MsDtc	Microsoft Distributed Transaction Coordinator files.
Mui	Multi-user interface files.
Npp	Network Monitor and trace files.
NtmsData	Removable Storage Manager (RSM) database.
Oobe	Windows Welcome files.
Ras	Remote access server encryption files.
RemoteStorage	Remote Storage Service (RSS) database.
Restore	Data files or System Restore–related files.
Rpcproxy	RPC Proxy files (RPCProxy.dll).
Setup	Optional component manager files.
ShellExt	Shell extension components.
Smsmsgs	SMS Site Component Manager files.
SoftwareDistribution	Used by Automatic Updates (Windows XP Service Pack 2).
Spool	Print spooling files.
Usmt	User State Migration tool.
Wbem	Web-based Enterprise Management data files. Windows Management Instrumentation (WMI) is the Microsoft implementation of WBEM.
Wins	WINS database files.

Top of page

Extracting Files from the Operating System CD

It is usually recommended that you use Add or Remove Programs in Control Panel to install and uninstall components, applications, and support software from the Windows XP Professional operating system CD. If system files are missing or damaged, you can run Windows XP Professional Setup from the operating system CD and choose the option to repair your existing installation. In some cases, however, you might need to extract a system or startup file directly from the operating system CD.

Warning If you install incorrect versions of system or startup files or if you install files to incorrect locations, your system might not operate as expected or might not start. Use the method described in this section only if your product support representative indicates that it is necessary to manually retrieve a compressed file from your operating system CD.

The /i386 folder on your Windows XP Professional operating system CD contains system and startup files in compressed form. If you need to replace a file in your Windows XP Professional installation, you can use the copy or expand command in Recovery Console to extract the needed file from the operating system CD. Use the copy command unless you are extracting a file from a .cab file, such as Driver.cab. When extracting a file from a .cab file, use the expand command.

When you use Recovery Console to extract a compressed file from the operating system CD, you must use exact file names for the compressed and uncompressed files. Table A-6 illustrates compressed and uncompressed file names.

Table A-6 Compressed and Uncompressed File Names

Compressed File Name	Uncompressed File Name
Ntoskrnl.ex_	Ntoskrnl.exe
Hal.dl_	Hal.dll

Top of page

Using the Copy Command in Recovery Console

If a file is not within a .cab file, you can use the copy command in Recovery Console to extract the file from the operating system CD and place it on your local disk in a Windows XP Professional installation. When you use the copy command to extract a file to a destination on your local disk, the file is automatically uncompressed. For more information about running Recovery Console, including how to add it to your startup options, see Chapter 29, “Troubleshooting the Startup Process.”

Use the copy command with the following syntax:

copy source [destination]

Table A-7 describes the parameters that you can use with the copy command.

Table A-7 Parameters for the Copy Command

Parameter	Description
Source	Specifies the file to be copied
Destination	Specifies the directory and/or file name for the new file

Source can be removable media, any directory within the System32 directory of the current Windows installation, the root of any drive, the local installation sources, or the Cmdcons folder. (The C:\Cmdcons folder is the Recovery Console installation folder.)

Destination can be any directory within the System32 directories of the current Windows installation, the root of any drive, the local installation sources, or the Cmdcons folder. If you do not specify a destination, the command defaults to the current directory. The copy command prompts you if the destination file already exists. The destination cannot be removable media.

The copy command does not support replaceable parameters (wildcards).

Top of page

Using the Expand Command in Recovery Console

To extract a file from a .cab file on the operating system CD and place it on your local disk in a Windows XP Professional installation, start Recovery Console and use the expand command. When you use the expand command to extract a file to a destination on your local disk, the file is automatically uncompressed. For more information about running Recovery Console, including how to add it to your startup options, see Chapter 29, “Troubleshooting the Startup Process.”

Use the expand command with the following syntax:

expand source [/f:filespec][destination][/y][/d]

Tables A-8 describes the parameters that you can use with the expand command.

Tables A-8 Parameters for the Expand Command

Parameter	Description
source	Specifies the file that you want to expand. Cannot include wildcards.
destination	Specifies the directory for the new file; the default is the current directory.
/y	Suppresses the overwrite prompt when you expand or extract files.
/f:filespec	If the source contains more than one file, this parameter is required to identify the specific file or files that you want to expand. Can include wildcards.
/d	Lists the files contained in the cabinet file without expanding it or extracting from it.

• The destination can be any folder within the System32 folder of the current Windows installation, the root of any drive, the local installation sources, or the Cmdcons folder.
• The destination cannot be removable media.
• The destination file cannot be read-only. Use the Attrib command to remove the read-only attribute.
• If the destination file already exists, the expand command prompts you for confirmation to overwrite the file unless you include the /y parameter.

Top of page

Additional Resources

The following resources contain additional information related to this appendix.

Related Information

• Chapter 27, “Understanding Troubleshooting.”
• Appendix C, “Tools for Troubleshooting.”
• Chapter 28, “Troubleshooting Disks and File Systems.”
• Chapter 29, “Troubleshooting the Startup Process.”
• Windows XP Professional Help and Support Center, for more information about running and troubleshooting Windows XP Professional. Search using the keywords troubleshooting and recovery console.

Mapped drives created in Windows Explorer Tools -> Map network drive OR via command prompt (cmd.exe) net use command will not be visible in programs that “run as administrator” ie with elevated privileges.

Eg if you do Start Orb -> type “cmd” without the quotes into the search box -> right click on cmd and select “run as administrator”

…then you will get an command prompt running with elevated privileges.

(There other other ways to get an elevated cmd prompt if you dont want to be bothered by UAC.)

If you do net use in that command prompt to show mapped netowrk drives, you wont see the same as you see in un-elevated or in windows explorer.

The key tidbit going on here is that an administrtor accoutn has 2 access tokens, a filtered and regular. Regular is priviledged / elevated. Filtered has the privs filered out, if you will.

And mapped drives are associated with only 1 particular access token; 1 or the other, not both.

A key to understanding this mechanism is

• Microsoft Technet article : Some Programs Cannot Access Network Locations When UAC Is Enabled
  • <https://technet.microsoft.com/en-us/library/ee844140%28v=ws.10%29.aspx>

This article is so important, i quote it below so that if it ever goes away it’ll still be here. And i quote it with its user comments, cuz they are also key, in this case. Good, hi quality comments.

One of the places this technet article is referecned is

• superuser.com : Command Prompt in Administrator mode doesn’t see mapped drives
  • <http://superuser.com/questions/690287/command-prompt-in-administrator-mode-doesnt-see-mapped-drives>

Microsoft KB

That was a technet article. Microsoft’s offical KB on it is here, but IMHO not as informative (and contains a bug)

• Microsoft KB : Programs may be unable to access some network locations after you turn on User Account Control in Windows Vista or newer operating systems
  • <http://support.microsoft.com/kb/937624>

One of the places this KB article is referecned is

• edugeek : Mapped network drives not showing in My Computer
  • <http://www.edugeek.net/forums/windows-server-2000-2003/75049-mapped-network-drives-not-showing-my-computer.html>

Unfortunately the suggestion in this KB article is wrong, i think. It suggests to do net use without a drive letter:

To work around this issue, use the net use command together with a UNC name to access the network location. For example, at a command prompt, type the following command, and then press Enter:

net use \\COMPUTERNAME\SHARENAME /user:USERNAME

I just tried this and it did not make the \\COMPUTERNAME\SHARENAME appear in the other net use listing.

Now it’s possible that even tho it did not appear in the net use listing, it did log me in in both prived and non-prived. I did not test this, cuz i was already logged in in both prived and non-prived and so it requires logging out to test and i cant do that right now for other reasons.

Quote of technet article

• Microsoft Technet article : Some Programs Cannot Access Network Locations When UAC Is Enabled
  • <https://technet.microsoft.com/en-us/library/ee844140%28v=ws.10%29.aspx>

NOTE: the comments have important info, eg, some, but not all, ppl see the logon script that maps drives running at elevated privs, so that they see mapped drives elevated but not un-elevated; all hinges on what access token is in use when the logon script runs

Some Programs Cannot Access Network Locations When UAC Is Enabled

47 out of 70 rated this helpful – Rate this topic

Updated: November 16, 2009

Applies To: Windows Server 2008 R2

Symptom

After you turn on User Account Control (UAC) in Windows Vista or Windows 7, programs may not be able to access some network locations. This problem may also occur when you use the command prompt to access a network location.

Cause

This problem occurs because UAC treats members of the Administrators group as standard users. Therefore, network shares that are mapped by logon scripts are shared with the standard user access token instead of with the full administrator access token.

When a member of the Administrators group logs on to a computer running Windows Vista or Windows 7 that has UAC enabled, the user runs as a standard user. Standard users are members of the Users group. If you are a member of the Administrators group and you want to perform a task that requires a full administrator access token, UAC prompts you for approval. For example, if you try to edit security policies on the computer, you are prompted. If you approve the action in the User Account Control dialog box, you can then complete the administrative task by using the full administrator access token.

When an administrator logs on to a computer running Windows Vista or Windows 7, the Local Security Authority (LSA) creates two access tokens. If LSA is notified that the user is a member of the Administrators group, LSA creates the second logon that has the administrator rights removed (filtered). This filtered access token is used to start the user’s desktop. Applications can use the full administrator access token if the administrator user provides approval in a User Account Control dialog box.

If a user is logged on to a computer running Windows Vista or Windows 7 and if UAC is enabled, a program that uses the user’s filtered access token and a program that uses the user’s full administrator access token can run at the same time. Because LSA created the access tokens during two separate logon sessions, the access tokens contain separate logon IDs.

When network shares are mapped, they are linked to the current logon session for the current process access token. This means that if a user uses the command prompt (cmd.exe) together with the filtered access token to map a network share, the network share is not mapped for processes that run with the full administrator access token.

Resolution

Important
This section contains steps that modify the registry. Incorrectly editing the registry may severely damage your system or make your system unsafe. Before making changes to the registry, you should back up any data on the computer. For more information about how to back up and restore the registry, see article 322756 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=133378).

To work around this problem, configure the EnableLinkedConnections registry value. This value enables Windows Vista and Windows 7 to share network connections between the filtered access token and the full administrator access token for a member of the Administrators group. After you configure this registry value, LSA checks whether there is another access token that is associated with the current user session if a network resource is mapped to an access token. If LSA determines that there is a linked access token, it adds the network share to the linked location.

To configure the EnableLinkedConnections registry value

1. Click Start, type regedit in the Start programs and files box, and then press ENTER.
2. Locate and then right-click the registry subkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
3. Point to New, and then click DWORD Value.
4. Type EnableLinkedConnections, and then press ENTER.
5. Right-click EnableLinkedConnections, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Exit Registry Editor, and then restart the computer.

 

Community Additions

ADD

Doesn’t work properly with Windows 8.x

On Windows 8 and Windows 8.1, ‘EnableLinkedConnections’ does enable mapped drives to appear for local Administrators however drives mapped to a subfolder of a share do not then map correctly. So if you try to map a drive to \\server\share\subfolder the mapped drive appears but is incorrectly mapped to \\server\share instead.

Ross Aveling

4/4/2014

Does This Open A Security Vulnerability?

There are articles all over the internet that quote this registry hack. Most (superuser.com, vistaheads.com, intelliadmin.com, winhelponline.com, and notably social.technet.microsoft.com) also state that using it opens a security hole.
Microsoft does not discuss (in the article above) whether this creates a security vulnerability or what it might be. I spent all morning trying to find this original article to find out what the security risk might be. I’m disappointed that it is not discussed.
So here are some questions:
• If there is a risk, what is it?
• If there is no risk, why isn’t it the default?
• Where did all those other sites get the idea that it is potentially dangerous?

Barniferous

6/25/2013

Article seems correct to me.

I am seeing results consistent with the article and different than the two previous comments. I am a domain admin and when I log in, the drives mapped in the login script are available in Explorer and at a command prompt without elevated privileges. When I run a command prompt as administrator, the drives are not available. In the elevated command window, the drives are listed by net use, but show a status of unavailable.

Ross Boulet

1/12/2013

Windows 7, 64bit and 32bit

Thank you, this solved my problem.

Some additonal information: I had a problem on my Windows 7 64bit system where mapped drives would not show when using the Win32Api function: GetLogicalDrives().

By adding the registry key, I was glad to see that my mapped drives were shown again.

However, on a my 32bit system, which does not have this registry key, mapped drives do get shown when using the Win32Api GetLogicalDrives() function…

Sh0gun

10/2/2012

Problem description is misstated.

This problem description in this article needs to be updated. Some of the statements in it are the exact opposite of the truth about how UAC works.

Drives mapped by logon scripts are only available to processes the are launched using UAC elevation or Run As Administrator. However, this article incorrectly states the reverse — that they are only accessible to processes started by the filtered logon token. To verify this, create a simple logon script to map a drive. Make sure that this drive has not been manually mapped already. Then logon to the computer with UAC turned on using and administrator account. Open Windows Explorer and there will be no mapped drive shown there because the drive is not accessible to the filtered token which is what Windows Explorer and non-elevated processes use to run. Open a command prompt and try to change the directory to the mapped drive. Again, it is not accessible. However, if you open a command prompt using Run As Administrator, you will see that you are able to change the directory to the mapped drive.

Likewise, if you launch a program that requires UAC elevation or run a program as administrator, you will also see that drives mapped by logon scripts are available to those programs,but not to programs that do not run elevated.
Please also note that drives that are mapped manually using Windows Explorer or net use in an unelevated command prompt are not available to processes that use the elevated token (elevated through UAC or using Run As Administrator). To test, manually map a drive through Windows Explorer and launch a program that prompts for UAC elevation or use Run As Administrator. Using the program, try to open a file on the mapped drive. You will notice that the mapped drive is not available. However, if you open an elevated command prompt and then use the net use command to map a drive, it will then be available to the elevated program.

Nevco, Inc

8/29/2012

Logon scripts and UAC

The text is incorrect imho. Windows 7 behaves like this: the logon script runs at the elevated account and mappings are made using this. After logon explorer starts with the standard account. Missing the registry key – the standard account does not see the mappings. Running an elevated cmd prompt reveals the mappings.

Important to note: the same behaviour is observed for accounts that are member of the Power Users group. No special permissions are given to the group but a logon script runs as Power Users, after logon the standard account does not see the mappings. There seems to be no way to elevate to a Power User. Hard to explain to your users. Ouch.

Best use the EnableLinkedConnections registry key to avoid this.

PeterW-home

4/13/2011

Background on Windows Task Scheduler

If you’re already familiar with task scheduler skip to the answer

Windows (7, 8*) has many tasks that are scheduled to run at various times. Programs you install often create new tasks of their own to run at various times. These tasks can be set up to run at various times of day, or on various triggers, like system start, or user logon, or the start of a program (most likely a related program to run in a coordinated fashion).

You start task scheduler by

Windows 7:

clicking on the start orb (or hitting Ctrl-ESC) and typing “task” in the search box and clicking on “Task Scheduler”

Windows 8*:

Going to the tile screen (or hitting Ctrl-ESC) and just typing “task”. It’s in the “Settings” group; click on “Task Scheduler”.

How to search–You Can’t–Use autoruns

The short answer is that Windows Task Scheduler PROVIDES NO WAY TO SEARCH.
But, fortunately, another program Sysinternals autoruns, does.

Download autoruns here: https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

(it’s a .zip file so after downloading you’ll have to double-click it to open the .zip file and extract all the files in it to a folder that you’ll remember.)

Then double click on autoruns.exe to start it. (not the file with the ‘c’ in it’s name–that one runs the console-only application. That is, unless you like the command line style.)

Click the “Scheduled Tasks” tab to show ownly scheduled tasks.

Click File -> Find (or type Ctrl-F) and search for your task.

Once you find it, you can see the hierarchy in the first column of where it’s stored in regular task scheduler.

Enable File and Print Sharing

The first step to enable administrative shares (ie, C$ and even Admin$ and IPC$) is to make sure you have File and Print sharing enabled. While you’re at it, I recommend turning on Network Discovery also

1. Click the Windows button (formerly the Start button).
2. Type “advanced shar” into the search text box (that’s all you need).
3. Click the link to “Manage advanced sharing settings” (aka “Change advanced sharing settings”).
4. In the window that opens, expand the “Home or Work” profile and browse to the “Network discovery” section.
5. Click the link to “Turn on network discovery” (Figure 1).
6. Browse to the “File and printer sharing” section.
7. Click the link to “Turn on file and printer sharing” (Figure 1).
8. Click Save Changes.

Note that this will only enable file and printer sharing for your home network. If you connect your computer to a public or “unknown” network, your shares will still remain disabled. It is not recommended, but If you want to change this, follow the above procedure for the “Public” profile.

Figure 1

Step 2: LocalAccountTokenFilterPolicy

The next step is to go into the registry and give local users the ability to access remote administrative shares. BE CAREFUL–you can destroy our system by editing the registry.

1. Click the Windows button and in the Search box, type “regedit”. If you get a User Access Control warning, click Yes.
2. The Registry Editor will open. Expand the items until you get to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System (Figure 3).
3. Click Edit from the top menu then New and then DWORD.
4. Type in LocalAccountTokenFilterPolicy for the name of the DWORD. Hit ENTER.
5. Double click the new entry and enter “1” for the value. Click OK.
6. Close the Registry Editor and reboot your computer.

Regedit create LocalAccountTokenFilterPolicy

What’s going on here?

You might be familiar with UAC (User Account Control)

UAC example (for regedit in this case)

This is new for Windows Vista and Windows 7. It is Microsoft’s attempt at security. The idea is that before programs can do dangerous things, or access sensitive areas, the OS will prompt the user for an additional OK. If the user expects this, they can click YES, if it comes out of the blue, they can click NO. For example, if some program is running in the background without the user’s knowledge, and tries to change a sensitive area, this UAC prompt will come out of the blue, and the user can then click NO, protecting his computer.

Clicking YES to the UAC prompt enables what’s called as “elevated privilege”. Ie the process now has more privilege to access and change sensitive areas.

Well, when logging in from a remote PC, like you do when you’re trying to access a network admin share, even if you provide username and password to an administrator account, you do NOT get elevated privilege and there is no UAC prompt.

The LocalAccountTokenFilterPolicy turns this off. The values of 0 and 1 dont make any sense, so i provide mnemonics to help remember below.

Active Directory

It’s not admin shares exactly, but you can create (non-admin) shares via GPO (Group Policy Object) in an Active Directory environment.

Briefly, in GPO -> Preferences -> Windows Settings -> Network Shares create new network shares. On the remote computer.

References:

• Windows 7 Administrative Shares – What They Are and How to Enable Them (at Brighthub)
• Description of User Account Control and remote restrictions in Windows Vista (and 7) (at support.microsoft.com)
• Network Shares Group Policy configuration notes (at techrepublic)

I like to run the search program Everything (link valid 6/4/2014 but check techsupportalert.com for any updates) but it is a stand-alone executable downloaded from the internet so it triggers a UAC (User Account Control) warning.

No biggie, but i also want it to start automatically when windows starts. And i dont want to have to click UAC or have my customers click UAC every time they start windows.

I also might want to put commands that must be elevated in batch jobs (.bat files) when there’s no one there to click YES to the UAC.

The workaround is to go thru task scheduler. There you can set up a task to start with elevated privileges which won’t trigger a UAC.

The article at http://www.winhelponline.com/blog/run-programs-elevated-without-getting-the-uac-prompt/ contains the basic, but forgets some points.

My edits are in green:

Creating a Scheduled Task

1. Open Task Scheduler by clicking the Windows Orb and typing “task” and selecting “Task Scheduler” from the search results, or from Control Panel or by running the command control schedtasks from Start, Search box.

2. Left-click Task Scheduler Library category in the left to select it (make it highlighted; or else you can’t do “New Folder” below)

3. Right-click “Task Scheduler Library” category in the left, and choose New Folder

4. Name the folder as MyApps (or whatever name you choose; you’ll use the same name again, below)

5. Click the little triangle to the left of “Task Scheduler Library” to display the list of folders beneath it, including our newly created MyApps folder.
Select the MyApps folder (or whatever you named it) by left clicking on it once.

6. In the Actions pane on the right, click Create Task…

7. Type a name for the task that you want to create. You’re going to have to type this again later, so for convenience, keep it short and dont use any spaces.

8. Enable the option Run with highest privileges. This is an important step. In fact the key to the whole thing.

8.a. (FYI The “Hidden” checkbox refers to only viewing tasks in the task scheduler; there is way to show or now show hidden tasks when in task scheduler; This Hidden settings does not make the task hidden in any way when it runs.)

9. Select the Action tab

10. Click New

11. Click Browse… to select the program (Example: Regedit.exe) you want to run, and mention the parameters (called arguments in task scheduler). required if any, for the application. (For example, to run a .REG file, select Regedit.exe and mention the parameter (argument) as “/s filename.reg” without the quotes. Another example: my Everything program takes a -startup argument to start in the system tray rather than with a window.)

To run Services MMC applet, browse and select MMC.EXE and type services.msc in the Add arguments (optional) field.

12. Select the Conditions tab

12.a. UNcheck “Start the task only if the computer is on AC power”

13. Select the Settings tab

13.a UNcheck “Stop the task if it runs longer than”

13.b at the bottom there is “If the task is already running, then the following rule applies:” You can choose whatever you want here.

If when it’s running you want to not start another one, select “Do not start a new instance”.

If when it’s running you want might want start another one running simultaneously, select “Run a new instance in parallel”.

If when it’s running you want to end the one that’s currently running, and start another one running, select “Stop the existing instance”.

I suppose “Queue a new instance” is helpful, but i can’t think of an example right now.

Note, you can export this to an xml file (see below) and then import it into another system

Creating a Scheduled Task via cmd line schtasks

(NOTE: this method is NOT AS GOOD–see below)

Alternatively, you can create a task via the cmd line schtasks :

schtasks /create /sc once /tn cmd_elev /tr cmd /rl highest /st 00:00

schtasks

invoke the schtasks.exe cmd line program

/create

schtasks can also query, delete, etc; we want to create a task

/sc once

how often to run; we’re not creating a repetitive task; in fact we dont want to run it at all, just set it up to be run manually, but that option does not appear to be available, so “once” is the closest (see explanation at /sc starttime)

/tn cmd_elev

/tn stands for Task Name and you can name it anything you want (but you have to use the same name when you later invoke /run

/tr cmd

the command to run, in this case the cmd.exe program, aka command prompt

/rl highest

Why we came to the party. /rl stands for Run at privilege Level; and we want the highest priv level

/st 00:00

/st stands for Start Time; dont want a start time, but it appears to require one. When you create thru the GUI you dont have to have a trigger at all, but via cmd line you seem to (or was it just me?). I just put in 00:00 (format is HH:MM) which is never in the future, which means it’ll trigger a warning

WARNING: Task may not run because /ST is earlier than current time.

Yeah, that’s what i want. (NOTE: love those microsoft guys: it’s a nit, but when the time is EQUAL to the current time, you get the warning)

If all goes well, you should see

SUCCESS: The scheduled task "cmd_elev" has successfully been created.

or whatever name you called it.

If you re-run the line (let’s say you were experimenting 😉 you will get the warning

WARNING: The task name "cmd_elev" already exists. Do you want to replace it (Y/N)? y

You can safely say Y to this.

Namely,

• “start the task only if the computer is on ac power” will be checked in the conditions tab; not ideal
• “stop the task if it runs longer than [time]” where time defaults to “3 days” will be checked in the setting tab; not ideal

Launching a Scheduled Task item manually

To run a scheduled task item manually, use the schtasks.exe command-line tool that comes with Windows. For example, to launch the Services console task that you already created, use the following command:

SCHTASKS.EXE /RUN /TN MyApps\REGEDIT

Note: Where MyApps\REGEDIT is the name you chose for the folder and Taskname. You’ll need to enclose the task name within double-quotes if the task name contains blank spaces in between. (Example: SCHTASKS.EXE /RUN /TN folder\“Name of the Task”) If the folder has spaces, you’ll have to enclose that in double-quotes; perhaps best to enclose the whole thing. (Example: SCHTASKS.EXE /RUN /TN “folder\Name of the Task”)

Creating Shortcuts to run each Task

You can create a Desktop shortcut for each scheduled task item you’ve created earlier. Right-click on the Desktop and choose New, Shortcut. Type the command-line (say, SCHTASKS.EXE /RUN /TN MyApps\REGEDIT). Mention a name for the shortcut and click Finish.

Run the task minimized

As Schtasks.exe is a console utility, you’ll see the Command Prompt window opening and closing quickly whenever you run the shortcut. So, you may configure the shortcut to run in a minimized window state, in the the shortcut properties.

• Right-click on the shortcut and click Properties.
• In the Run drop-down options, change the selection from “Normal Window” to Minimized.
• Click OK.

Note: In the shortcut properties, you may want to click Change Icon and assign appropriate icon for the shortcut. The icons should be present inside the executable itself, in most cases. For Regedit.exe, browse to Regedit.exe and choose an icon. You may also browse the shell32.dll and imageres.dll files for additional icons.

xml file

Once you set up a task the way you like it via the GUI (recommended method), you can export it to an xml file so that it’s easier to set up on the next system.

Here’s my xml file for (Search) Everything. Filename ends in .xml.txt so change it to just .xml befor importing to task scheduler. start_search_everything.xml.txt

Other Methods

There are at least three other compelling methods.

The first two come from

• stackoverflow : Open an elevated cmd using command line for Windows
  • <http://stackoverflow.com/questions/19098101/open-an-elevated-cmd-using-command-line-for-windows>

1. NirSoft NirCmd

nircmdc has an elevate cmd

nircmdc elevate cmd

2. SysInternals PsExec

Part of PsTools suite.

psexec.exe -accepteula -h -u “$username” -p “$password” cmd.exe

The “-h” switch is the one doing the magic:

-h If the target system is Vista or higher, has the process run with the account’s elevated token, if available.

The third comes from

• Matt’s answer to stackoverflow question : How can I auto-elevate my batch file, so that it requests from UAC administrator rights if required?
  • <http://stackoverflow.com/questions/7044985/how-can-i-auto-elevate-my-batch-file-so-that-it-requests-from-uac-administrator/12264592#12264592>

3. vbs or PowerShell to elevate

key lines are to use the visual basic script / vbscript command UAC.ShellExecute to perform the elevation, create a new cmd (command prompt), and re-run the original bat file, now elevated. Does that by writing a .vbs file:

ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs"
"%temp%\OEgetPrivileges.vbs"

Or, you can use PowerShell to elevate:

if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( powershell "saps -filepath %0 -verb runas" >nul 2>&1)

Elevated command prompt and mapped drives

One problem you might encounter when using this method if you’re running a batch file (.bat) in elevated mode, is: Mapped drives (incl net use) missing from elevated processes eg UAC cmd run as administrator. Fortunately, there’s some solutions in that blog post.

An excerpt from the excellent Sean’s Windows 7 Install & Optimization Guide for SSDs & HDDs at overclock.net url: <http://www.overclock.net/t/1156654/seans-windows-7-install-optimization-guide-for-ssds-hdds>

Windows 7 ISO download links:

• Have you lost your disc or is it damaged beyond use and need a legitimate copy of windows 7?
• Are you getting error messages or BSoDs with your installer?
• Do you just want a copy of Windows 7 with SP1 pre-installed?

  These are new SP1-U ISOs directly from Microsoft; having a direct Digital River download from Microsoft is the only way you can link Windows 7 downloads on this site. You will still need an activation key to use these copies after the 30 day grace period is over.

  Windows 7 Home Premium SP1-U ISO:
  English 32-bit

  • http://msft.digitalrivercontent.net/win/X17-58996.iso

  English 64-bit

  • http://msft.digitalrivercontent.net/win/X17-58997.iso

  Windows 7 Professional SP1-U ISO:
  English 32-bit

  • http://msft.digitalrivercontent.net/win/X17-59183.iso

  English 64-bit

  • http://msft.digitalrivercontent.net/win/X17-59186.iso

  Windows 7 Professional N SP1-U ISO: (Note: N editions come without media components)
  English 32-bit

  • http://msft.digitalrivercontent.net/win/X17-59335.iso

  English 64-bit

  • http://msft.digitalrivercontent.net/win/X17-59337.iso

  Windows 7 Ultimate SP1-U ISO:
  English 32-bit

  • http://msft.digitalrivercontent.net/win/X17-59463.iso

  English 64-bit

  • http://msft.digitalrivercontent.net/win/X17-59465.iso

  Multilingual Windows 7 versions here: (link)

When you cut and paste, what you cut is stored in the windows “clipboard”.  You can cut and paste (or copy and paste) using the Edit -> Cut (or Edit -> Copy) and Edit -> Paste menu options in nearly all programs.  Or you can cut (or copy) and paste using the Ctrl-X (or Ctrl-C) and Ctrl-V keyboard shortcuts.  As you probably know, “cut” deletes the old one, whereas “copy” preserves the old one.

Either way, this “clipboard”  which stores your cut (or copy) is normally invisible.

On Windows XP there was a way to view it.  You had to run the program "clipbrd" (file: clipbrd.exe) and because it was in the C:\WINXP\system32 or C:\Windows\system32 folder you could run this by using Start->Run and typing clipbrd into the box.

Windows Vista and Windows 7 do not contain the clipbrd program file.

But, you can copy the file from a Windows XP system and just place it in your Windows Vista or Windows 7 C:\Windows\system32 folder and it should just work.