How to enable or disable password protection in software?

Question

How to enable or disable password protection in software?

Windows Vista and 7 have this switch in the Network and Sharing Center. It is enabled by default and prevents access to shared resources without authentication, even if they are shared by Everyone (for example, in a shared folder). I need to teach my application to turn it on and off automatically. How? ~~I suspect there is a value somewhere in the registry that is responsible for this, but I have no idea how to find it.~~

+4

windows-7 windows-vista

Cannibal smith Nov 05 '09 at 19:26

source share

6 answers

paolo · Answer 1 · 2012-04-20T10:29:04+0000

Maybe too late :), but hopefully useful for others.

The following steps worked fine for me (it also worked with the W8 preview).

to disable it:

1 - Enable guest account by running

net user guest / active: yes

2 - get the SID of the guest user by running, for example,

wmic useraccount where name = 'guest' get sid

3 - Get write access to the registry folder HKLM \ SECURITY

4 - Change the following key, where $ SID is the sid received at point 2 so that:

[HKEY_LOCAL_MACHINE \ SECURITY \ Policy \ Accounts \ $ SID \ ActSysAc]
@ = Hex (0): 41.00.00.00

5 - restart the computer (so far I have not found a better way to make the change effective)

to turn it on again:

[HKEY_LOCAL_MACHINE \ SECURITY \ Policy \ Accounts \ $ SID \ ActSysAc]
@ = Hex (0): c1.00.00.00

then restart

Kimvais · Answer 2 · 2010-01-13T13:08:23+0000

Export the full register as 1.reg, enable the exchange (or turn it off if it was enabled), export to 2.reg and check the differences?

To use diff utility, export files to Win9X/NT4 registration files (*.reg) -format

tyranid · Answer 3 · 2010-01-13T23:51:20+0000

This in the registry is simply not necessary in the place you expect (it is in SAM). From what I can say, all the settings are enabling or disabling the guest account, so just enable or disable the account.

You didn’t say which programming language you are using, so here is a simple C code to enable the account, if you need something else, I’m sure there are a lot with google.

 #include <LM.h> #pragma comment(lib, "Netapi32.lib") BOOL EnableUser(LPCWSTR lpUserName, BOOL bEnable) { BOOL bRet = FALSE; DWORD dwLevel = 1008; LPUSER_INFO_1 ui1; USER_INFO_1008 ui1008; NET_API_STATUS nStatus; nStatus = NetUserGetInfo(NULL, lpUserName, 1, (LPBYTE*)&ui1); if(nStatus == NERR_Success) { ui1008.usri1008_flags = ui1->usri1_flags; if(bEnable) { ui1008.usri1008_flags &= ~UF_ACCOUNTDISABLE; } else { ui1008.usri1008_flags |= UF_ACCOUNTDISABLE; } nStatus = NetUserSetInfo(NULL, lpUserName, dwLevel, (LPBYTE)&ui1008, NULL); NetApiBufferFree(ui1); if(nStatus == NERR_Success) { bRet = TRUE; } } return bRet; }

PaulFreund · Answer 4 · 2015-03-11T15:33:49+0000

Here's a powershell script that implements paolos answer. It is not politicized, as it allows everyone to write access to a specific registry key (part [7] indicates this using regini syntax) and uses the file in C: \ root, but it works flawlessly:

 # Get guest user id $SID = & "wmic" "useraccount" "where" "name='guest'" "get" "sid" "/Value" | Out-String $SID = $SID.Trim().Substring(4) # Generate regini script $PATH = "\Registry\Machine\Security\Policy\Accounts\" + $SID + "\ActSysAc" $PATH + " [7]`r`n" + $PATH + "`r` n@ = REG_NONE 4 0x41 0x00 0x00 0x00" >> "C:\firstrun.regini" # Execute regini script & "regini" "C:\firstrun.regini"

Mohammed said · Answer 5 · 2016-07-30T00:27:25+0000

Take a look at this file (disable_password_protected_sharing.bat)

 @echo off echo 12- get sid gust variable for /f "delims= " %%a in ('"wmic useraccount where name='guest' get sid"') do ( if not "%%a"=="SID" ( set sid_guest=%%a goto :loop_end ) ) :loop_end echo 13- create script for regini @echo \Registry\Machine\SECURITY [1 5 7 11 17 21]> x @echo \Registry\Machine\SECURITY\policy [1 5 7 11 17 21]>> x @echo \Registry\Machine\SECURITY\policy\accounts [1 5 7 11 17 21]>> x @echo \Registry\Machine\SECURITY\policy\accounts\%sid_guest% [1 5 7 11 17 21]>> x @echo \Registry\Machine\SECURITY\policy\accounts\%sid_guest%\ActSysAc [1 5 7 11 17 21]>> x echo 14- add permission for machine/security net user guest /active:yes regini x del x @echo Windows Registry Editor Version 5.00 > y.reg @echo [HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\%sid_guest%\ActSysAc] >> y.reg @echo @=hex(0):42,00,00,00 >> y.reg reg import y.reg del y.reg shutdown -r

it works fine in windows7

Arnaud · Answer 6 · 2017-09-15T14:43:02+0000

I tried Paolo's answer on Windows 7 Home without success. Comparing the .reg registry extraction before and after disabling password sharing, I noticed a change in 3 values:

[HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\S-1-5-21-3207962671-1026919178-1165869658-501\ActSysAc] REG_NONE value of the first byte changed from c1 to 41 (this SID is the SID of the guest account)

[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account] REG_BINARY "F" The value of the 17th byte has changed from 3b to 3c

[HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users\000001F5] REG_BINARY "F" value of the 57th byte changed from 15 to 14 ( 0x1F5 is the value type of guest names)

I tried to change only the first value indicated by Paolo. This did not change the password protected password, even after a reboot. But I was successful at changing the 57th byte between 14 and 15 only for the third value:

 [HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account\Users\000001F5] REG_BINARY "F".

I successfully passed testing on another computer with Windows 7.

How to enable or disable password protection in software?

More articles: