无忧启动论坛

 找回密码
 注册
搜索

如何解决PE的Administrator文件夹打不开的问题

查看数: 4548 | 评论数: 38 | 收藏 0
关灯 | 提示:支持键盘翻页<-左 右->
    组图打开中,请稍候......
发布时间: 2023-11-2 14:39

正文摘要:

本帖最后由 martin313 于 2024-9-15 21:33 编辑 最近折腾 win11.22000.2538 的 双用户(System与Administrator)PE,发现附图中的Administrator文件夹打不开,请问如何解决? 存在2个问题:一是Administrator ...

回复

yy2012 发表于 2024-10-29 15:31:23
楼主大大能分享一下制作心得吗?
wn168cn@163.com 发表于 2024-10-18 10:11:15

感谢分享
martin313 发表于 2024-9-21 15:16:16
本帖最后由 martin313 于 2024-9-21 15:17 编辑



纠正一个错误观念,PE维护,网络功能也是必须的,并不是维护版PE就不需要网络功能!!!

http://bbs.wuyou.net/forum.php?mod=viewthread&tid=439445

martin313 发表于 2024-9-18 08:58:26
本帖最后由 martin313 于 2024-9-18 11:17 编辑

2024中秋假期,解决了winpe的一个历史遗留问题即双用户PE切换的问题,解决了英文版pe不能正常启用bitlocker的问题

巨硬真是坑爹啊,bitlocker在简体中文版与繁体中文版是好好的,到了英文版就死活不行
后来发现就是因为缺一个注册表导致的,大海捞针似的的定位,搞了3个小时

幸亏有Sergei Strelec英文PE,作为样本(比较分析测试),不然不知从何下手去解决Bitlocker问题
截至2024年9月18日,折腾 WinPE 正式宣告完美结束!!!


martin313 发表于 2024-9-16 09:14:05
本帖最后由 martin313 于 2024-9-16 09:25 编辑

在斗鱼的PE制作方案里,Software基本上是全的,所以下面的就不能再全部复制,不然会导致PE的System用户账户地址异常:

rem call RegCopy "HKLM\Software\Microsoft\Windows\CurrentVersion"
rem call RegCopy "HKLM\Software\Microsoft\Windows NT\CurrentVersion"
rem call RegCopy "HKLM\Software\Classes\AppID"
rem call RegCopy "HKLM\Software\Classes\CLSID"
rem call RegCopy "HKLM\Software\Classes\Interface"

正在全新制作Win11_22000.3197的双用户PE



点评

成功制成 Win11_22000.3197的双用户PE 的简体版、繁体版、英文版  发表于 2024-9-19 14:42
martin313 发表于 2024-9-16 05:45:40
纠正一个错误观念,PE维护,网络功能也是必须的,并不是维护版PE就不需要网络功能!!!
martin313 发表于 2024-9-15 20:28:04
注册表可进一步减少为如下:

call RegCopy "HKLM\System\ControlSet001\Services\WindowsTrustedRT"
call RegCopy "HKLM\System\ControlSet001\Services\WindowsTrustedRTProxy"
call RegCopy "HKLM\System\DriverDatabase\DeviceIds\{4d36e97d-e325-11ce-bfc1-08002be10318}"
call RegCopy "HKLM\System\DriverDatabase\DeviceIds\{4E815EE1-20F8-41EF-8CFF-3C283F02D722}"
call RegCopy "HKLM\System\DriverDatabase\DriverInfFiles\WindowsTrustedRTProxy.inf"

call RegCopy "HKLM\System\ControlSet001\Services\BDESVC"
call RegCopy "HKLM\System\ControlSet001\Services\Netlogon"
call RegCopy "HKLM\System\ControlSet001\Services\ProfSvc"
call RegCopy "HKLM\System\ControlSet001\Services\seclogon"
call RegCopy "HKLM\System\ControlSet001\Services\UserManager"
martin313 发表于 2024-9-15 13:30:25
本帖最后由 martin313 于 2024-9-15 13:35 编辑


至此,我所关心关注的有关PE的所有问题,全部解决了,剩下点点小瑕疵就忽略了!

martin313 发表于 2024-9-15 13:26:37
本帖最后由 martin313 于 2024-9-15 21:48 编辑

最近测试这个自制的双用户PE,发现不仅仅存在Administrator系统文件夹打不开的问题,还存在A用户下,Bitlocker无法正常使用的问题。于是今天下决心解决,经过与论坛win10全能版的注册表对比,一番折腾后,总算彻底解决!方法如下:

一、补充文件
WindowsTrustedRT.sys        
WindowsTrustedRTProxy.inf        
WindowsTrustedRTProxy.sys        

二、补充注册表(其中有些注册表是多余的,不管那么多了,胡子眉毛一把抓,反正不算多)
call RegCopy "HKLM\System\ControlSet001\Services\WindowsTrustedRT"
call RegCopy "HKLM\System\ControlSet001\Services\WindowsTrustedRTProxy"
call RegCopy "HKLM\System\DriverDatabase\DeviceIds\{4d36e97d-e325-11ce-bfc1-08002be10318}"
call RegCopy "HKLM\System\DriverDatabase\DeviceIds\{4E815EE1-20F8-41EF-8CFF-3C283F02D722}"
call RegCopy "HKLM\System\DriverDatabase\DriverInfFiles\WindowsTrustedRTProxy.inf"

call RegCopy "HKLM\System\ControlSet001\Services\ahcache"
call RegCopy "HKLM\System\ControlSet001\Services\AWEAlloc"
call RegCopy "HKLM\System\ControlSet001\Services\BDESVC"
call RegCopy "HKLM\System\ControlSet001\Services\Beep"
call RegCopy "HKLM\System\ControlSet001\Services\Browser"
call RegCopy "HKLM\System\ControlSet001\Services\camsvc"
call RegCopy "HKLM\System\ControlSet001\Services\CertPropSvc"
call RegCopy "HKLM\System\ControlSet001\Services\CompositeBus"
call RegCopy "HKLM\System\ControlSet001\Services\DisplayEnhancementService"
call RegCopy "HKLM\System\ControlSet001\Services\Dnscache"
call RegCopy "HKLM\System\ControlSet001\Services\dot3svc"
call RegCopy "HKLM\System\ControlSet001\Services\Eaphost"
call RegCopy "HKLM\System\ControlSet001\Services\EventLog"
call RegCopy "HKLM\System\ControlSet001\Services\EventSystem"
call RegCopy "HKLM\System\ControlSet001\Services\fdPHost"
call RegCopy "HKLM\System\ControlSet001\Services\FDResPub"
call RegCopy "HKLM\System\ControlSet001\Services\FontCache"
call RegCopy "HKLM\System\ControlSet001\Services\FrameServer"
call RegCopy "HKLM\System\ControlSet001\Services\gpsvc"
call RegCopy "HKLM\System\ControlSet001\Services\HfcDisableService"
call RegCopy "HKLM\System\ControlSet001\Services\hidspi"
call RegCopy "HKLM\System\ControlSet001\Services\HTTP"
call RegCopy "HKLM\System\ControlSet001\Services\iaStorAC"
call RegCopy "HKLM\System\ControlSet001\Services\iaStorAfs"
call RegCopy "HKLM\System\ControlSet001\Services\iaStorAfsService"
call RegCopy "HKLM\System\ControlSet001\Services\intelpep"
call RegCopy "HKLM\System\ControlSet001\Services\IpFilterDriver"
call RegCopy "HKLM\System\ControlSet001\Services\iphlpsvc"
call RegCopy "HKLM\System\ControlSet001\Services\IPNAT"
call RegCopy "HKLM\System\ControlSet001\Services\KeyIso"
call RegCopy "HKLM\System\ControlSet001\Services\LanmanServer"
call RegCopy "HKLM\System\ControlSet001\Services\LanmanWorkstation"
call RegCopy "HKLM\System\ControlSet001\Services\lltdio"
call RegCopy "HKLM\System\ControlSet001\Services\LPDSVC"
call RegCopy "HKLM\System\ControlSet001\Services\monitor"
call RegCopy "HKLM\System\ControlSet001\Services\mpssvc"
call RegCopy "HKLM\System\ControlSet001\Services\MRxDAV"
call RegCopy "HKLM\System\ControlSet001\Services\mrxsmb10"
call RegCopy "HKLM\System\ControlSet001\Services\MsBridge"
call RegCopy "HKLM\System\ControlSet001\Services\mshidumdf"
call RegCopy "HKLM\System\ControlSet001\Services\MSiSCSI"
call RegCopy "HKLM\System\ControlSet001\Services\MSKSSRV"
call RegCopy "HKLM\System\ControlSet001\Services\MsLldp"
call RegCopy "HKLM\System\ControlSet001\Services\MSPCLOCK"
call RegCopy "HKLM\System\ControlSet001\Services\MSPQM"
call RegCopy "HKLM\System\ControlSet001\Services\MSTEE"
call RegCopy "HKLM\System\ControlSet001\Services\NcdAutoSetup"
call RegCopy "HKLM\System\ControlSet001\Services\NdisCap"
call RegCopy "HKLM\System\ControlSet001\Services\NdisImPlatform"
call RegCopy "HKLM\System\ControlSet001\Services\NdisImPlatformMp"
call RegCopy "HKLM\System\ControlSet001\Services\NdisVirtualBus"
call RegCopy "HKLM\System\ControlSet001\Services\Netlogon"
call RegCopy "HKLM\System\ControlSet001\Services\npsvctrig"
call RegCopy "HKLM\System\ControlSet001\Services\PolicyAgent"
call RegCopy "HKLM\System\ControlSet001\Services\ProfSvc"
call RegCopy "HKLM\System\ControlSet001\Services\Ramdisk"
call RegCopy "HKLM\System\ControlSet001\Services\RasAuto"
call RegCopy "HKLM\System\ControlSet001\Services\RasMan"
call RegCopy "HKLM\System\ControlSet001\Services\rdpbus"
call RegCopy "HKLM\System\ControlSet001\Services\RDPDR"
call RegCopy "HKLM\System\ControlSet001\Services\RDPNP"
call RegCopy "HKLM\System\ControlSet001\Services\RDPUDD"
call RegCopy "HKLM\System\ControlSet001\Services\RdpVideoMiniport"
call RegCopy "HKLM\System\ControlSet001\Services\RemoteAccess"
call RegCopy "HKLM\System\ControlSet001\Services\rspndr"
call RegCopy "HKLM\System\ControlSet001\Services\RstMwService"
call RegCopy "HKLM\System\ControlSet001\Services\seclogon"
call RegCopy "HKLM\System\ControlSet001\Services\SENS"
call RegCopy "HKLM\System\ControlSet001\Services\SessionEnv"
call RegCopy "HKLM\System\ControlSet001\Services\SharedAccess"
call RegCopy "HKLM\System\ControlSet001\Services\ShellHWDetection"
call RegCopy "HKLM\System\ControlSet001\Services\smbdirect"
call RegCopy "HKLM\System\ControlSet001\Services\Spooler"
call RegCopy "HKLM\System\ControlSet001\Services\SSDPSRV"
call RegCopy "HKLM\System\ControlSet001\Services\SstpSvc"
call RegCopy "HKLM\System\ControlSet001\Services\stisvc"
call RegCopy "HKLM\System\ControlSet001\Services\swprv"

call RegCopy "HKLM\System\ControlSet001\Services\TsUsbGD"
call RegCopy "HKLM\System\ControlSet001\Services\tsusbhub"
call RegCopy "HKLM\System\ControlSet001\Services\tunnel"
call RegCopy "HKLM\System\ControlSet001\Services\UcmCx0101"
call RegCopy "HKLM\System\ControlSet001\Services\UcmTcpciCx0101"
call RegCopy "HKLM\System\ControlSet001\Services\UcmUcsiAcpiClient"
call RegCopy "HKLM\System\ControlSet001\Services\UcmUcsiCx0101"
call RegCopy "HKLM\System\ControlSet001\Services\UmRdpService"
call RegCopy "HKLM\System\ControlSet001\Services\upnphost"
call RegCopy "HKLM\System\ControlSet001\Services\usbaudio2"
call RegCopy "HKLM\System\ControlSet001\Services\usbcir"
call RegCopy "HKLM\System\ControlSet001\Services\usbehci"
call RegCopy "HKLM\System\ControlSet001\Services\usbprint"
call RegCopy "HKLM\System\ControlSet001\Services\UserManager"
call RegCopy "HKLM\System\ControlSet001\Services\vmbus"
call RegCopy "HKLM\System\ControlSet001\Services\W32Time"
call RegCopy "HKLM\System\ControlSet001\Services\wcncsvc"
call RegCopy "HKLM\System\ControlSet001\Services\WdmCompanionFilter"
call RegCopy "HKLM\System\ControlSet001\Services\WebClient"
call RegCopy "HKLM\System\ControlSet001\Services\WerSvc"
call RegCopy "HKLM\System\ControlSet001\Services\Winsock"
call RegCopy "HKLM\System\ControlSet001\Services\WinSock2"
call RegCopy "HKLM\System\ControlSet001\Services\WlanSvc"
call RegCopy "HKLM\System\ControlSet001\Services\wmiApSrv"
call RegCopy "HKLM\System\ControlSet001\Services\WMPNetworkSvc"
call RegCopy "HKLM\System\ControlSet001\Services\WudfPf"
call RegCopy "HKLM\System\ControlSet001\Services\WUDFWpdFs"
martin313 发表于 2024-9-12 14:22:25
2010hook 发表于 2023-11-5 21:02
我想起来了,是缺少用户变量注册表值!


怎么补?
martin313 发表于 2024-9-10 14:17:06
这个问题,至今还未解决

难道是权限问题?
tilltotell007 发表于 2024-2-16 07:31:06
学习了
无犹启动 发表于 2024-2-15 22:28:34
学习学习
martin313 发表于 2023-11-12 21:57:51
smine 发表于 2023-11-4 20:25
你这个快捷方式的目标很奇怪,暂时没有好办法


请教老大,PE下运行VBS脚本文件的话,补充以下文件,是否足够:

"Program Files"\"Common Files"\System\ado\msado15.dll
Windows\System32\vbscript.dll
Windows\System32\zh-CN\vbscript.dll.mui

点评

VBS 相关支持文件,也搞定了,哈哈  发表于 2024-2-29 09:26
martin313 发表于 2023-11-5 21:34:40
2010hook 发表于 2023-11-5 21:02
我想起来了,是缺少用户变量注册表值!


这个正常系统里,也是没有属性的
2010hook 发表于 2023-11-5 21:02:07

我想起来了,是缺少用户变量注册表值!

点评

怎么补?  详情 回复 发表于 2024-9-12 14:22
刚刚测试了 加了环境变量,也无效  详情 回复 发表于 2023-11-5 22:01
这个正常系统里,也是没有属性的  详情 回复 发表于 2023-11-5 21:34
martin313 发表于 2023-11-4 20:50:58
smine 发表于 2023-11-4 20:25
你这个快捷方式的目标很奇怪,暂时没有好办法


这2天还碰到一个奇怪的事情,制作PE相同的方案,简体中文版可以实现system与admin双用户任意切换,但繁体中文版与英文版PE,死活不行,文件列表都几乎一样,也就是语言包的文件夹名称不一样,zh-cn、zh-tw、en-us的区别,咋就不行,很是奇怪!!!

启动到system都正常,但繁体版与英文版切换到admin就进不了桌面,黑屏显示,鼠标一直闪!

点评

这个问题,通过补充system32文件,已彻底解决  发表于 2024-9-12 14:24
martin313 发表于 2023-11-4 20:36:08
smine 发表于 2023-11-4 20:25
你这个快捷方式的目标很奇怪,暂时没有好办法



谢谢

那只能暂时搁置
smine 发表于 2023-11-4 20:25:08
martin313 发表于 2023-11-4 16:20
谢谢
快捷键文件也上传了:https://www.123pan.com/s/jKNSVv-FPutv.html

你这个快捷方式的目标很奇怪,暂时没有好办法
martin313 发表于 2023-11-4 16:20:32


谢谢
快捷键文件也上传了:https://www.123pan.com/s/jKNSVv-FPutv.html

点评

你这个快捷方式的目标很奇怪,暂时没有好办法  详情 回复 发表于 2023-11-4 20:25
smine 发表于 2023-11-4 16:12:59

我晚上看看

点评

谢谢 快捷键文件也上传了:https://www.123pan.com/s/jKNSVv-FPutv.html  详情 回复 发表于 2023-11-4 16:20
smine 发表于 2023-11-4 15:46:04

选择创建快捷方式,把创建好的快捷方式文件发出来

点评

截图可以吗  详情 回复 发表于 2023-11-4 16:02
martin313 发表于 2023-11-3 17:35:28
本帖最后由 martin313 于 2023-11-3 20:00 编辑

用以下方法,也不行:

用管理员取得administrator文件夹的所有权

新建记事本文件输入以下内容 并把文件后缀改成 .reg 然后双击 确定

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\runas]
@="管理员取得所有权"
"NoWorkingDirectory"=""[HKEY_CLASSES_ROOT\*\shell\runas\command]
@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"
"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"[HKEY_CLASSES_ROOT\exefile\shell\runas2]
@="管理员取得所有权"


小黑屋|手机版|Archiver|捐助支持|无忧启动 ( 闽ICP备05002490号-1 )

闽公网安备 35020302032614号

GMT+8, 2024-11-29 06:11

Powered by Discuz! X3.3

© 2001-2017 Comsenz Inc.

快速回复 返回顶部 返回列表