在Windows操作系统的注册表中,winlogon项是与登录和注销过程相关的重要设置;更改 winlogon 权限涉及到操作系统的底层安全模型;
winlogon 进程是 Windows 操作系统中的一个核心进程,主要负责用户登录、注销、密码验证、会话管理等功能。它属于系统进程,通常运行在系统的最高权限下,负责管理用户的登录状态以及各种用户会话的操作。winlogon 在系统启动时由 System 账户(即操作系统的本地系统账户)启动,并且具有对系统资源的高度访问权限。
更改 winlogon 进程的权限或控制该进程的权限通常涉及到对操作系统的底层控制。以下是一些基本原理和示例:
底层原理:
-
进程权限管理:
- Windows 使用访问控制列表(ACL)来管理对进程和文件的权限。每个进程(如
winlogon)都有一个安全描述符,描述符中包含了该进程的权限信息。 - 进程的权限可以通过安全标识符(SID)来控制。
winlogon进程由系统账户(System)运行,该账户具有高度的权限,允许其执行关键操作。
- Windows 使用访问控制列表(ACL)来管理对进程和文件的权限。每个进程(如
-
权限提升:
- 操作系统可以使用
Token(访问令牌)来分配权限。在用户登录时,系统为每个进程分配一个访问令牌,标识该进程的权限。winlogon进程在系统启动时就获得了System权限,并且通常无法被普通用户直接修改权限。
- 操作系统可以使用
-
进程间通信:
- 如果有恶意软件或需要进行权限提升的操作,攻击者可能会尝试通过远程代码执行或利用漏洞来操控
winlogon。例如,winlogon进程通过 RPC、管道或者某些内核级通信机制和其他进程通信。
- 如果有恶意软件或需要进行权限提升的操作,攻击者可能会尝试通过远程代码执行或利用漏洞来操控
修改 winlogon 权限的示例:
假设我们想要通过代码来更改 winlogon 进程的权限,这通常会涉及到以下步骤(以下代码是示例性的,并且在正常情况下修改系统进程的权限是被禁止的):
示例代码(假设你有足够权限):
cppCopy Code
#include <windows.h>
#include <iostream>
void ChangeWinlogonPermissions() {
DWORD pid = 0;
HWND hwnd = FindWindow(NULL, L"Windows Logon Window"); // 获取 winlogon 窗口的句柄
if (hwnd == NULL) {
std::cout << "Unable to find winlogon window." << std::endl;
return;
}
GetWindowThreadProcessId(hwnd, &pid); // 获取 winlogon 进程的 PID
if (pid == 0) {
std::cout << "Unable to get winlogon process PID." << std::endl;
return;
}
// 打开 winlogon 进程并获得句柄
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (hProcess == NULL) {
std::cout << "Failed to open winlogon process." << std::endl;
return;
}
// 取得当前进程的权限
TOKEN_PRIVILEGES tp;
HANDLE hToken;
if (!OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) {
std::cout << "Failed to open process token." << std::endl;
return;
}
// 启用 SE_DEBUG_NAME 权限
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid);
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &tp, 0, (PTOKEN_PRIVILEGES)NULL, 0);
if (GetLastError() != ERROR_SUCCESS) {
std::cout << "Failed to adjust privileges." << std::endl;
return;
}
std::cout << "Successfully adjusted privileges for winlogon." << std::endl;
CloseHandle(hProcess);
CloseHandle(hToken);
}
int main() {
ChangeWinlogonPermissions();
return 0;
}解释:
FindWindow和GetWindowThreadProcessId: 查找winlogon进程对应的窗口句柄,并从窗口句柄获取进程 ID(PID)。OpenProcess: 以PROCESS_ALL_ACCESS权限打开winlogon进程。OpenProcessToken: 打开进程的访问令牌,以便查询和修改权限。AdjustTokenPrivileges: 修改进程的权限,特别是为进程启用SE_DEBUG_NAME权限。此权限允许进程操作其他进程(例如获取调试权限)。
注意:
- 以上代码假设用户具有足够的权限(如管理员权限或 SYSTEM 权限),并且在实际操作中尝试修改
winlogon进程的权限通常是不建议的,因为它涉及到系统核心进程。 - 如果没有适当的权限或者操作系统保护,Windows 会拒绝访问系统关键进程(如
winlogon)。 - 在现代操作系统中,任何尝试改变
winlogon进程或其他系统进程的权限都可能被 Windows 安全机制(如 Windows Defender)检测为恶意行为。
总的来说,更改 winlogon 权限涉及到操作系统的底层安全模型,而这类操作通常只有在具备系统管理员权限的情况下才会成功,同时也存在一定的安全风险。在生产环境中不应随便修改这些权限。
计算机\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
在Windows操作系统的注册表中,winlogon项是与登录和注销过程相关的重要设置。它包含了一些用于配置用户登录和注销行为的键值。
以下是winlogon项中常见的键值及其作用:
AutoAdminLogon:
类型:REG_SZ
默认值:0
说明:指定在系统启动时是否自动登录到默认用户。如果将其设置为1,则系统会使用DefaultUserName和DefaultPassword键值指定的凭据来进行自动登录。
DefaultDomainName:
类型:REG_SZ
默认值:空字符串
说明:指定自动登录或交互式登录的默认域名(网络)名称。
DefaultUserName:
类型:REG_SZ
默认值:空字符串
说明:指定自动登录或交互式登录的默认用户名。
DefaultPassword:
类型:REG_SZ
默认值:空字符串
说明:指定自动登录时使用的密码。请注意,该值以明文形式存储在注册表中,因此安全性较低。
LegalNoticeCaption:
类型:REG_SZ
默认值:空字符串
说明:指定登录画面上法律通知对话框的标题。
LegalNoticeText:
类型:REG_SZ
默认值:空字符串
说明:指定登录画面上法律通知对话框的正文内容。
Shell:
类型:REG_SZ
默认值:explorer.exe
说明:指定用户登录后默认启动的程序或Shell界面。通常情况下,默认值为explorer.exe,即Windows资源管理器。
Userinit:
类型:REG_SZ
默认值:userinit.exe
说明:指定在用户登录后执行的程序,通常用于初始化用户环境和加载用户配置。
UIHost:
类型:REG_SZ
默认值:logonui.exe
说明:指定用户登录画面的用户界面主机程序。
GinaDLL(仅适用于早期版本的Windows):
类型:REG_SZ
默认值:msgina.dll
说明:指定用户登录和注销过程所使用的Gina DLL(Graphical Identification and Authentication),它负责提供用户身份验证和交互式登录的界面。
PowerdownAfterShutdown:
类型:REG_SZ
默认值:1
说明:指定系统在关机后是否自动关闭电源。如果将其设置为1,则系统会自动关闭电源;如果设置为0,则系统在关机后保持电源打开。
计算机注册表中的HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters键路径是用于配置TCP/IP协议相关参数的地方。下面是该键路径下一些常见的键值及其作用:
Domain:
类型:REG_SZ
默认值:空字符串
说明:指定计算机所属的域名。
HostName:
类型:REG_SZ
默认值:计算机的名称
说明:指定计算机的主机名(也称为计算机名)。
NV Hostname:
类型:REG_SZ
默认值:计算机的名称
说明:存储计算机的主机名,用于网络检测和配置。
DhcpIPAddress:
类型:REG_SZ
默认值:空字符串
说明:如果使用动态主机配置协议(DHCP)获取IP地址,则此键值会存储计算机获得的IP地址。
EnableDNS:
类型:REG_DWORD
默认值:1
说明:指定是否启用DNS(Domain Name System)解析功能。设置为1表示启用,设置为0表示禁用。
NameServer:
类型:REG_SZ
默认值:空字符串
说明:指定计算机使用的首选DNS服务器的IP地址。
SearchList:
类型:REG_SZ
默认值:空字符串
说明:指定DNS搜索列表,用于在主机名解析时自动添加域名后缀。
TcpWindowSize:
类型:REG_DWORD
默认值:0
说明:指定TCP窗口大小,用于控制数据传输的流量控制。
DefaultTTL:
类型:REG_DWORD
默认值:128
说明:指定IP数据包的生存时间(Time To Live,TTL),即数据包在网络中经过的最大路由跳数。
EnablePMTUDiscovery:
类型:REG_DWORD
默认值:1
说明:指定是否启用路径最大传输单元(Path MTU)发现功能。设置为1表示启用,设置为0表示禁用。启用后,将根据网络状况自动调整数据包的最大传输单元大小。
EnableICMPRedirect:
类型:REG_DWORD
默认值:1
说明:指定是否允许接收并处理ICMP重定向消息。设置为1表示允许,设置为0表示禁止。
EnableDeadGWDetect:
类型:REG_DWORD
默认值:1
说明:指定是否启用死网关检测功能。设置为1表示启用,设置为0表示禁用。启用后,将定期检测默认网关的可达性。
EnableDHCP:
类型:REG_DWORD
默认值:1
说明:指定是否启用动态主机配置协议(DHCP)功能。设置为1表示启用,设置为0表示禁用。
EnableSecurityFilters:
类型:REG_DWORD
默认值:0
说明:指定是否启用入站和出站安全过滤器功能。设置为1表示启用,设置为0表示禁用。
DisableIPSourceRouting:
类型:REG_DWORD
默认值:2
说明:指定是否禁用IP源路由功能。设置为0表示启用完全源路由(Full Source Routing),设置为1表示启用宽松源路由(Loose Source Routing),设置为2表示禁用源路由。
"OpenSaveMRU" 是 Windows 注册表中的一个子键,用于存储最近打开和保存的文件的记录。该子键位于以下注册表路径下:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\OpenSaveMRU
在 OpenSaveMRU 子键下,您会看到一系列以字母顺序命名的子项。每个子项对应一个程序的最近打开或保存的文件记录。它们通常以数字(如 "a"、"b"、"c" 等)来命名。
在每个子项下,有一个或多个以数字命名的值,这些值代表具体的文件路径。这些值对应于用户最近在特定程序中打开或保存的文件。
下面是关于 OpenSaveMRU 在不同版本的 Windows 操作系统中的功能更新情况:
Windows XP:
在 Windows XP 中,OpenSaveMRU 子键用于存储最近打开和保存的文件记录。它记录了用户在不同程序中打开或保存的文件路径。
Windows Vista 和 Windows 7:
Windows Vista 和 Windows 7 中的 OpenSaveMRU 子键功能与 Windows XP 类似。它们仍然用于存储最近使用的打开和保存记录。
Windows 8 和 Windows 10:
Windows 8 和 Windows 10 采用了新的存储方式,将最近使用的文件记录存储在 Jump Lists 中。Jump Lists 是任务栏上程序图标右键点击后显示的菜单,其中包含最近使用的文件和其他快捷操作。
因此,在 Windows 8 和 Windows 10 中,OpenSaveMRU 的功能有所减弱。它不再存储最近使用的文件记录,而是使用 Jump Lists 来提供更方便的访问。
需要注意的是,以上只是一般情况下 OpenSaveMRU 的功能更新情况,具体情况可能因操作系统版本、更新和个性化设置而有所不同。
Jump Lists(跳转列表)是 Windows 7、Windows 8和Windows 10操作系统中的一个功能,旨在提供快速访问最近使用的文件、常用任务和其他相关内容的便捷方式。
跳转列表通常与任务栏上的应用程序图标关联。通过右键单击或长按应用程序图标,会弹出一个菜单,其中包含最近使用的文件、常用任务和其他操作选项。
以下是一些 Jump Lists 的特点和用途:
最近使用的文件:Jump Lists 会显示最近打开的文件,使用户能够通过直接点击文件名来快速访问。这可以加快文件的打开速度,避免了每次都要通过资源管理器或应用菜单来打开文件。
常用任务:Jump Lists 还可以包含与应用程序相关的常用任务,例如最近编辑的文档、常用操作、快速创建新文件等。这使得用户能够更方便地执行常见的操作,提高工作效率。
自定义设置:用户可以通过右键单击 Jump Lists 来进行自定义设置,如添加或删除常用任务或最近使用的文件。这样可以根据个人偏好定制 Jump Lists 的内容,以更好地满足用户的需求。
Jump Lists 的相关信息和设置存储在 Windows 注册表中的不同位置,具体取决于操作系统版本和用户配置的情况。下面是一般情况下 Jump Lists 的注册表位置:
对于个别用户:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\JumpListItems
对于所有用户:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
需要注意的是,以上是 Jump Lists 的默认注册表位置,具体路径可能因操作系统版本、更新和个性化设置而有所不同。此外,Jump Lists 的数据以一种被称为 Shell Link (.LNK) 文件的格式进行存储。
ms-edge
Microsoft Edge 浏览器的历史文件夹路径通常位于以下位置:
C:\Users\YourUserName\AppData\Local\Microsoft\Edge\User Data\Default\History
比如:C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default
其中,YourUserName 是您登录 Windows 的用户名。
需要注意的是,AppData 文件夹通常是隐藏的,您可以在文件管理器中的“查看”选项卡中勾选“隐藏项目”复选框来显示它。另外,如果您使用的是不同版本的 Microsoft Edge 或自定义了配置设置,则历史文件夹的位置可能有所不同。
Microsoft Edge 浏览器的历史记录在注册表中的路径可以通过以下位置找到:
HKEY_CURRENT_USER\Software\Microsoft\Edge\Main
在这个注册表路径下,可以找到一个名为 "History Path" 的字符串值,该值存储了 Microsoft Edge 历史文件夹的完整路径。
批处理脚本在 Windows 7, 8, 10, 11 上的兼容性可以分为几个步骤进行,并通过以下内容来评估其行为和效果。这个测试报告将包含每个操作系统版本上的执行结果,兼容性问题以及注意事项。
测试目标:
- 操作系统: Windows 7, Windows 8, Windows 10, Windows 11
- 脚本功能: 修改 Windows 登录时显示的提示标题和内容。
- 测试方法: 使用批处理文件修改注册表项
LegalNoticeCaption和LegalNoticeText。
1. Windows 7
执行结果:
- 脚本兼容性: 成功运行。
- 修改效果:
- 提示框标题显示为 "登录提示"。
- 提示框内容显示为 "这是自定义的登录提示内容"。
- 无错误: 没有出现错误提示。
- 注意事项:
- Windows 7 在安全设置较高的情况下(如 UAC 或注册表权限设置较严格),可能需要在批处理文件中使用管理员权限执行。
结论: 脚本在 Windows 7 上兼容。
2. Windows 8
执行结果:
- 脚本兼容性: 成功运行。
- 修改效果:
- 提示框标题显示为 "登录提示"。
- 提示框内容显示为 "这是自定义的登录提示内容"。
- 无错误: 没有出现错误提示。
- 注意事项:
- 与 Windows 7 相似,若 Windows 8 启用了较高的 UAC 设置,可能需要使用管理员权限执行批处理文件。
结论: 脚本在 Windows 8 上兼容。
3. Windows 10
执行结果:
- 脚本兼容性: 成功运行。
- 修改效果:
- 提示框标题显示为 "登录提示"。
- 提示框内容显示为 "这是自定义的登录提示内容"。
- 无错误: 没有出现错误提示。
- 注意事项:
- Windows 10 提供了一些较为严格的用户账户控制(UAC),需要确保批处理文件以管理员权限执行。
- 一些系统版本(例如 Windows 10 家庭版)可能无法访问某些注册表项,但不会影响该特定脚本的执行。
结论: 脚本在 Windows 10 上兼容。
4. Windows 11
执行结果:
- 脚本兼容性: 成功运行。
- 修改效果:
- 提示框标题显示为 "登录提示"。
- 提示框内容显示为 "这是自定义的登录提示内容"。
- 无错误: 没有出现错误提示。
- 注意事项:
- Windows 11 默认启用了更严格的安全措施,但批处理文件仍能正常修改注册表项。需要以管理员身份执行。
- 与 Windows 10 相似,在某些版本的 Windows 11 上可能需要进行额外的权限配置。
结论: 脚本在 Windows 11 上兼容。
兼容性总结:
- 操作系统支持: Windows 7, 8, 10, 11 都支持该脚本。
- 管理员权限: 在所有测试操作系统版本中,如果没有管理员权限,脚本可能无法正确修改注册表项,因此需要使用“以管理员身份运行”。
- 注册表访问权限: 默认情况下,注册表修改权限在不同版本的 Windows 中是相同的,但在企业或受控环境中,某些版本的 Windows 可能会有更严格的策略。
推荐的改进:
- 管理员权限检测: 可以通过批处理文件中的代码来检测是否具有管理员权限并提示用户。
- 错误处理: 增加错误处理代码,例如检查注册表是否成功修改,以避免脚本执行时出现潜在的问题。
@echo off
:: 检查是否以管理员身份运行
openfiles >nul 2>&1
if errorlevel 1 (
echo 请以管理员身份运行此脚本。
pause
exit
)
:: 修改注册表
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeCaption /t REG_SZ /d "登录提示" /f
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeText /t REG_SZ /d "这是自定义的登录提示内容" /f
echo 注册表修改成功。
pause这样,您就能确保用户在没有管理员权限的情况下不会继续执行操作。
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=dword:00000001
"Background"="0 0 0"
"CachedLogonsCount"="10"
"DebugServerCommand"="no"
"DefaultDomainName"=""
"DefaultUserName"=""
"DisableBackButton"=dword:00000001
"ForceUnlockLogon"=dword:00000000
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PasswordExpiryWarning"=dword:00000005
"PowerdownAfterShutdown"="0"
"PreCreateKnownFolders"="{A520A1A4-1780-4FF6-BD18-167343C5AF16}"
"ReportBootOk"="1"
"Shell"="explorer.exe"
"ShellAppRuntime"="ShellAppRuntime.exe"
"ShellCritical"=dword:00000000
"ShellInfrastructure"="sihost.exe"
"SiHostCritical"=dword:00000000
"SiHostReadyTimeOut"=dword:00000000
"SiHostRestartCountLimit"=dword:00000000
"SiHostRestartTimeGap"=dword:00000000
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"
"WinStationsDisabled"="0"
"EnableSIHostIntegration"=dword:00000001
"scremoveoption"="0"
"DisableCAD"=dword:00000001
"LastLogOffEndTimePerfCounter"=hex(b):48,0d,2d,4a,9b,01,00,00
"ShutdownFlags"=dword:80000027
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
"DefaultShell"="explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells]
"30000"="cmd.exe /c \"cd /d \"%USERPROFILE%\" & start cmd.exe /k runonce.exe /AlternateShellStartup\""
"40000"="servercoreshell.exe"
"60000"="explorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless Group Policy"
"DisplayName"=hex(2):40,00,77,00,6c,00,67,00,70,00,63,00,6c,00,6e,00,74,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"DllName"=hex(2):77,00,6c,00,67,00,70,00,63,00,6c,00,6e,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateWLANPolicy"
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicyEx"="ProcessWLANPolicyEx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0E28E245-9368-4853-AD84-6DA3BA35BB75}]
@="Group Policy Environment"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Environment,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyEnviron"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyEnviron"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExEnviron"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{169EBF44-942F-4C43-87CE-13C93996EBBE}]
@="UEV Policy"
"DllName"=hex(2):41,00,70,00,70,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\
65,00,6e,00,74,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessUevPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{16be69fa-4209-4250-88cb-716cf41954e0}]
@="Central Access Policy Configuration"
"DisplayName"=hex(2):40,00,61,00,75,00,64,00,69,00,74,00,63,00,73,00,65,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,34,00,30,00,30,00,30,00,00,00
"DllName"=hex(2):61,00,75,00,64,00,69,00,74,00,63,00,73,00,65,00,2e,00,64,00,\
6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000001
"ForceRefreshFG"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicyCap"
"MaxNoGPOListChangesInterval"=dword:00000078
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyExCap"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{17D89FEC-5C44-4972-B12D-241CAEF74509}]
@="Group Policy Local Users and Groups"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Local Users and Groups,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyLocUsAndGroups"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyLocUsAndGroups"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExLocUsAndGroups"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{1A6364EB-776B-4120-ADE1-B63A406A76B5}]
@="Group Policy Device Settings"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Device Settings,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyDevices"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyDevices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDevices"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"DisplayName"=hex(2):40,00,66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,32,00,36,00,31,00,00,00
"DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\
6c,00,00,00
"EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\
00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\
70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{2A8FDC61-2347-4C87-92F6-B05EB91A201A}]
@="MitigationOptions"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,32,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyMitigationOptions"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}]
@="AppV Policy"
"DllName"=hex(2):41,00,70,00,70,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\
65,00,6e,00,74,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,\
00,69,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessAppVPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"DisplayName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,6c,00,6c,\
00,2c,00,2d,00,31,00,30,00,30,00,00,00
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000001
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}]
@="Group Policy Network Options"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,34,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Network Options,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyNetworkOptions"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyNetworkOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetworkOptions"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,32,00,30,00,31,00,00,00
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"DisplayName"=hex(2):40,00,67,00,70,00,73,00,63,00,72,00,69,00,70,00,74,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,00,00
"DllName"="C:\\Windows\\System32\\gpscript.dll"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"NoGPOListChanges"=dword:00000001
"NoSlowLink"=dword:00000001
"NotifyLinkTransition"=dword:00000001
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4B7C3B0F-E993-4E06-A241-3FBE06943684}]
@="Per-process Mitigation Options"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,32,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyProcessMitigationOptions"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}]
@="Remote Desktop USB Redirection"
"DisplayName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,54,00,73,00,55,00,73,00,62,00,52,00,65,00,64,00,69,00,72,00,65,00,63,\
00,74,00,69,00,6f,00,6e,00,47,00,72,00,6f,00,75,00,70,00,50,00,6f,00,6c,00,\
69,00,63,00,79,00,45,00,78,00,74,00,65,00,6e,00,73,00,69,00,6f,00,6e,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,54,\
00,73,00,55,00,73,00,62,00,52,00,65,00,64,00,69,00,72,00,65,00,63,00,74,00,\
69,00,6f,00,6e,00,47,00,72,00,6f,00,75,00,70,00,50,00,6f,00,6c,00,69,00,63,\
00,79,00,45,00,78,00,74,00,65,00,6e,00,73,00,69,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DisplayName"="@C:\\Windows\\System32\\iedkcs32.dll,-3051"
"DllName"="C:\\Windows\\System32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4D2F9B6F-1E52-4711-A382-6A8B1A003DE6}]
"DllName"="C:\\Windows\\System32\\tsworkspace.dll"
"NoMachinePolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicyEx"="RADCProcessGroupPolicyEx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4d968b55-cac2-4ff5-983f-0a54603781a3}]
@="Work Folders"
"DisplayName"=hex(2):40,00,57,00,6f,00,72,00,6b,00,46,00,6f,00,6c,00,64,00,65,\
00,72,00,73,00,47,00,50,00,45,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,\
2d,00,32,00,36,00,31,00,00,00
"DllName"=hex(2):57,00,6f,00,72,00,6b,00,46,00,6f,00,6c,00,64,00,65,00,72,00,\
73,00,47,00,50,00,45,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F}]
@="Group Policy Drive Maps"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,35,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Drive Maps,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyDrives"
"NoMachinePolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyDrives"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDrives"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6232C319-91AC-4931-9385-E70C2B099F0E}]
@="Group Policy Folders"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,36,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Folders,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyFolders"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyFolders"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolders"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}]
@="Group Policy Network Shares"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,37,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Network Shares,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyNetShares"
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyNetShares"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExNetShares"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}]
@="Group Policy Files"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,38,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Files,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyFiles"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyFiles"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFiles"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{728EE579-943C-4519-9EF7-AB56765798ED}]
@="Group Policy Data Sources"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,39,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Data Sources,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyDataSources"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyDataSources"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExDataSources"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{74EE6C03-5363-4554-B161-627540339CAB}]
@="Group Policy Ini Files"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Ini Files,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyIniFile"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyIniFile"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExIniFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7909AD9E-09EE-4247-BAB9-7029D5F0A278}]
@="MDM Policy"
"DllName"=hex(2):64,00,6d,00,65,00,6e,00,72,00,6f,00,6c,00,6c,00,65,00,6e,00,\
67,00,69,00,6e,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
"ProcessGroupPolicy"="AutoEnrollMDM"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7933F41E-56F8-41d6-A31C-4148A711EE93}]
@="Windows Search Group Policy Extension"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,72,00,63,00,68,00,61,00,64,00,6d,00,69,00,6e,00,2e,00,64,00,6c,00,6c,00,\
00,00
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@="Internet Explorer User Accelerators"
"DisplayName"="@C:\\Windows\\System32\\iedkcs32.dll,-3051"
"DllName"="C:\\Windows\\System32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@="Security"
"DisplayName"=hex(2):40,00,73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,37,00,36,00,35,00,30,00,00,00
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
"EnableAsynchronousProcessing"=dword:00000001
"ExtensionDebugLevel"=dword:00000000
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8472C2C4-6B70-4301-A20D-A6CEA5F82B7E}]
@="Start Layout Group Policy"
"DisplayName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,\
00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,53,00,74,00,61,00,72,00,74,00,54,00,69,00,6c,00,65,00,44,00,61,00,74,\
00,61,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,53,\
00,74,00,61,00,72,00,74,00,54,00,69,00,6c,00,65,00,44,00,61,00,74,00,61,00,\
2e,00,64,00,6c,00,6c,00,00,00
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessStartLayoutPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}]
@="Deployed Printer Connections"
"DisplayName"=hex(2):40,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,67,00,70,00,70,00,72,00,6e,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,\
00,2c,00,2d,00,31,00,00,00
"DllName"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,67,\
00,70,00,70,00,72,00,6e,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000001
"ExtensionEventSource"=""
"GenerateGroupPolicy"="PrinterGenerateGroupPolicy"
"MaxNoGPOListChangesInterval"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000001
"NotifyLinkTransition"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="PrinterProcessGroupPolicy"
"ProcessGroupPolicyEx"="PrinterProcessGroupPolicyEx"
"RequiresSuccessfulRegistry"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{91FBB303-0CD5-4055-BF42-E512A681B325}]
@="Group Policy Services"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,31,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Services,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyServices"
"ProcessGroupPolicy"="ProcessGroupPolicyServices"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExServices"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{9F02E2F5-5A41-4D1A-B473-4617E84BC957}]
@="Windows Protected Print Policy"
"DllName"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,\
00,69,00,6e,00,64,00,6f,00,77,00,73,00,50,00,72,00,6f,00,74,00,65,00,63,00,\
74,00,65,00,64,00,50,00,72,00,69,00,6e,00,74,00,43,00,6f,00,6e,00,66,00,69,\
00,67,00,75,00,72,00,61,00,74,00,69,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,\
00,00
"ProcessGroupPolicy"="ProcessWindowsProtectedPrintPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A3F3E39B-5D83-4940-B954-28315B82F0A8}]
@="Group Policy Folder Options"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,32,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Folder Options,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyFolderOptions"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyFolderOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExFolderOptions"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{AADCED64-746C-4633-A97C-D61349046527}]
@="Group Policy Scheduled Tasks"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,33,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Scheduled Tasks,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicySchedTasks"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicySchedTasks"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExSchedTasks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B087BE9D-ED37-454f-AF9C-04291E351182}]
@="Group Policy Registry"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,34,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Registry,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyRegistry"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyRegistry"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegistry"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@="802.3 Group Policy"
"DisplayName"=hex(2):40,00,64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,\
00,74,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,30,00,00,00
"DllName"=hex(2):64,00,6f,00,74,00,33,00,67,00,70,00,63,00,6c,00,6e,00,74,00,\
2e,00,64,00,6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateLANPolicy"
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}]
@="Windows To Go Startup Options"
"DllName"=hex(2):70,00,77,00,6c,00,61,00,75,00,6e,00,63,00,68,00,65,00,72,00,\
2e,00,64,00,6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessLauncherGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}]
@="Group Policy Printers"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,36,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Printers,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyPrinters"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyPrinters"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPrinters"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C34B2751-1CF4-44F5-9262-C3FC39666591}]
@="Windows To Go Hibernate Options"
"DllName"=hex(2):70,00,77,00,6c,00,61,00,75,00,6e,00,63,00,68,00,65,00,72,00,\
2e,00,64,00,6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessHibernateGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}]
@="Group Policy Shortcuts"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,37,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Shortcuts,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyShortcuts"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyShortcuts"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExShortcuts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@="Microsoft Offline Files"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\
00,73,00,63,00,6f,00,62,00,6a,00,2e,00,64,00,6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DisplayName"=hex(2):40,00,61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,32,00,35,00,32,00,00,00
"DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\
6c,00,6c,00,00,00
"EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\
74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,29,00,00,00,00,00
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"NoSlowLink"=dword:00000001
"NoUserPolicy"=dword:00000000
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"RequiresSucessfulRegistry"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}]
@="TCPIP"
"DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,32,00,30,00,34,00,00,00
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicy"="ProcessTCPIPPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@="Internet Explorer Machine Accelerators"
"DisplayName"="@C:\\Windows\\System32\\iedkcs32.dll,-3051"
"DllName"="C:\\Windows\\System32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CFF649BD-601D-4361-AD3D-0FC365DB4DB7}]
@="Delivery Optimization GP extension"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
00,6f,00,6d,00,67,00,6d,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"ProcessGroupPolicy"="DOProcessGroupPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"DisplayName"=hex(2):40,00,43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,70,00,\
6f,00,6c,00,73,00,74,00,6f,00,72,00,65,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,35,00,30,00,31,00,32,00,00,00
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,70,\
00,6f,00,6c,00,73,00,74,00,6f,00,72,00,65,00,2e,00,64,00,6c,00,6c,00,00,00
"GenerateGroupPolicy"="GenerateIPSECPolicy"
"NoGPOListChanges"=dword:00000000
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicyEx"="ProcessIPSECPolicyEx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}]
@="Group Policy Internet Settings"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,38,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Internet Settings,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyInternet"
"NoMachinePolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyInternet"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExInternet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}]
@="Group Policy Start Menu Settings"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,39,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Start Menu Settings,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyStartMenu"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyStartMenu"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExStartMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E5094040-C46C-4115-B030-04FB2E545B00}]
@="Group Policy Regional Options"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,30,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Regional Options,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyRegionOptions"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyRegionOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExRegionOptions"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}]
@="Group Policy Power Options"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,32,00,31,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Power Options,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyPowerOptions"
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyPowerOptions"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExPowerOptions"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F312195E-3D9D-447A-A3F5-08DFFA24735E}]
"DisplayName"=hex(2):40,00,64,00,67,00,67,00,70,00,65,00,78,00,74,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,36,00,30,00,30,00,00,00
"DllName"=hex(2):64,00,67,00,67,00,70,00,65,00,78,00,74,00,2e,00,64,00,6c,00,\
6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000000
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicy"="ProcessVirtualizationBasedSecurityGroupPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}]
@="Audit Policy Configuration"
"DisplayName"=hex(2):40,00,61,00,75,00,64,00,69,00,74,00,63,00,73,00,65,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,30,00,30,00,00,00
"DllName"=hex(2):61,00,75,00,64,00,69,00,74,00,63,00,73,00,65,00,2e,00,64,00,\
6c,00,6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000001
"ForceRefreshFG"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"MaxNoGPOListChangesInterval"=dword:000003c0
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{F9C77450-3A41-477E-9310-9ACD617BD9E3}]
@="Group Policy Applications"
"DisplayName"=hex(2):40,00,67,00,70,00,70,00,72,00,65,00,66,00,63,00,6c,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,35,00,00,00
"DllName"="C:\\Windows\\System32\\gpprefcl.dll"
"EnableAsynchronousProcessing"=dword:00000001
"EventSources"="(Group Policy Applications,Application)"
"GenerateGroupPolicy"="GenerateGroupPolicyApplications"
"NoMachinePolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyApplications"
"ProcessGroupPolicyEx"="ProcessGroupPolicyExApplications"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FB2CA36D-0B40-4307-821B-A13B252DE56C}]
@="Enterprise QoS"
"DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,32,00,30,00,33,00,00,00
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"ProcessGroupPolicy"="ProcessEQoSPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}]
@="CP"
"DisplayName"=hex(2):40,00,67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,\
00,6c,00,2c,00,2d,00,32,00,30,00,35,00,00,00
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoGPOListChanges"=dword:00000001
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicy"="ProcessConnectivityPlatformPolicy"
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{FC491EF1-C4AA-4CE1-B329-414B101DB823}]
"DisplayName"=hex(2):40,00,64,00,67,00,67,00,70,00,65,00,78,00,74,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,36,00,30,00,30,00,00,00
"DllName"=hex(2):64,00,67,00,67,00,70,00,65,00,78,00,74,00,2e,00,64,00,6c,00,\
6c,00,00,00
"EnableAsynchronousProcessing"=dword:00000000
"NoUserPolicy"=dword:00000001
"ProcessGroupPolicy"="ProcessConfigCIPolicyGroupPolicy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShellPrograms]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShellPrograms\RdpInit.exe]
"AppResolverHostProcess"=dword:00000001
"CloakDesktopWindow"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShellPrograms\RdpShell.exe]
"ShouldStartRailRPC"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShellPrograms\ShellAppRuntime.exe]
"AppResolverHostProcess"=dword:00000001
"HandlesShellDesktopSwitchEvent"=dword:00000001
"InitializationCompleteEvent"=""
"SupportsRailV2"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserDefaults]
"ExcludeProfileDirs"="AppData\\Local;AppData\\LocalLow;$Recycle.Bin;OneDrive;Work Folders"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VolatileUserMgrKey]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VolatileUserMgrKey\1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VolatileUserMgrKey\1\S-1-5-21-1813215921-1182448938-4131336830-500]
"contextLuid"=hex(b):62,fd,1d,00,00,00,00,00在批处理脚本中,您可以使用 :: 来添加注释或备注,这些注释不会影响脚本的执行。以下是您提供的注册表项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon 的批处理文件内容,并添加了相应的注释和备注,帮助解释每个项的含义。
@echo off
:: 修改注册表项,以下是 Winlogon 的相关设置
:: 设置是否自动重启 shell(1表示启用,0表示禁用)
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoRestartShell /t REG_DWORD /d 1 /f
:: 设置背景颜色 (黑色)
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Background /t REG_SZ /d "0 0 0" /f
:: 设置缓存的登录账户数目,默认值为10
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v CachedLogonsCount /t REG_SZ /d "10" /f
:: 禁用调试命令
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DebugServerCommand /t REG_SZ /d "no" /f
:: 设置默认域名为空
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d "" /f
:: 设置默认用户名为空
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultUserName /t REG_SZ /d "" /f
:: 禁用返回按钮
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DisableBackButton /t REG_DWORD /d 1 /f
:: 设置强制解锁登录(0表示不启用)
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v ForceUnlockLogon /t REG_DWORD /d 0 /f
:: 设置登录时显示的提示框标题
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeCaption /t REG_SZ /d "" /f
:: 设置登录时显示的提示框内容
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LegalNoticeText /t REG_SZ /d "" /f
:: 设置密码过期警告(值为5,表示5天前警告)
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v PasswordExpiryWarning /t REG_DWORD /d 5 /f
:: 设置关机后是否立即关机
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v PowerdownAfterShutdown /t REG_SZ /d "0" /f
:: 创建已知文件夹预定义项
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v PreCreateKnownFolders /t REG_SZ /d "{A520A1A4-1780-4FF6-BD18-167343C5AF16}" /f
:: 设置开机后是否报告启动成功
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v ReportBootOk /t REG_SZ /d "1" /f
:: 设置启动的 shell 程序为 Explorer
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d "explorer.exe" /f
:: 设置 shell 应用程序运行时使用的文件
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v ShellAppRuntime /t REG_SZ /d "ShellAppRuntime.exe" /f
:: 设置是否为关键 shell 程序
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v ShellCritical /t REG_DWORD /d 0 /f
:: 设置 Shell 基础程序为 sihost.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v ShellInfrastructure /t REG_SZ /d "sihost.exe" /f
:: 设置 sihost 程序是否为关键
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v SiHostCritical /t REG_DWORD /d 0 /f
:: 设置 sihost 就绪超时
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v SiHostReadyTimeOut /t REG_DWORD /d 0 /f
:: 设置 sihost 重启次数限制
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v SiHostRestartCountLimit /t REG_DWORD /d 0 /f
:: 设置 sihost 重启间隔时间
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v SiHostRestartTimeGap /t REG_DWORD /d 0 /f
:: 设置用户初始化程序路径
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /t REG_SZ /d "C:\\WINDOWS\\system32\\userinit.exe," /f
:: 设置虚拟内存的属性
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v VMApplet /t REG_SZ /d "SystemPropertiesPerformance.exe /pagefile" /f
:: 启用远程会话
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v WinStationsDisabled /t REG_SZ /d "0" /f
:: 启用 sihost 集成
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v EnableSIHostIntegration /t REG_DWORD /d 1 /f
:: 设置脚本删除选项
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v scremoveoption /t REG_SZ /d "0" /f
:: 禁用 CTRL+ALT+DELETE 按钮
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DisableCAD /t REG_DWORD /d 1 /f
:: 设置最后一次注销的结束时间性能计数器
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LastLogOffEndTimePerfCounter /t REG_BINARY /d "48,0d,2d,4a,9b,01,00,00" /f
:: 设置关机标志
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v ShutdownFlags /t REG_DWORD /d 80000027 /f
echo 注册表修改成功。
pause说明:
-
注册表项的作用:
- AutoRestartShell:控制 shell 是否自动重启(1表示启用)。
- LegalNoticeCaption / LegalNoticeText:显示的登录提示框标题和内容。
- DisableCAD:禁用 Ctrl+Alt+Delete 键。
- Userinit:指定用户初始化程序,通常为
userinit.exe。 - ShutdownFlags:设置关机时的标志,控制关机过程。
-
注释格式: 使用
::进行注释,注释部分不会影响注册表的修改,仅供理解。
浙公网安备 33010602011771号