Print Page | Close Window

defprof & file assoc's in HKCU/Software/Classes

Printed From: ForensiT
Category: ForensiT Support
Forum Name: Desktop Management
Forum Discription: User Profile Manager questions, suggestions, comments and bug reports
URL: http://forum.ForensiT.com/forum_posts.asp?TID=1518
Printed Date: 13 Oct 2019 at 4:11pm


Topic: defprof & file assoc's in HKCU/Software/Classes
Posted By: snmdla
Subject: defprof & file assoc's in HKCU/Software/Classes
Date Posted: 11 Sep 2017 at 8:40am
I was surprised that defprof appears to delete file associations in HKCU/Software/Classes, i.e. custom user file associations like those that come from going through an "open with" dialogue.

This appears to be by design, as we can read in http://forensit.blogspot.de/2010/09/changing-default-profile-on-windows-7.html - http://forensit.blogspot.de/2010/09/changing-default-profile-on-windows-7.html :

"... Additionally, DefProf loads the registry for the specified profile and cleans it up so that any user specific settings (that we know about) are removed."

This brings me to ask why: isn't the default profile meant to be customized for users with company defaults by a model user before the execution of defprofile?

If this design is unchangable, it would be interesting to know where else defprof deletes user specific settings in addition to HKCU/Software/Classes

Kind regards, Tom




Replies:
Posted By: snmdla
Date Posted: 13 Sep 2017 at 10:07am
Another example that comes to my mind is the choice of the default browser.

If set in the model profile, this setting is lost in the process of running defprof.



Posted By: Support
Date Posted: 14 Sep 2017 at 7:40am
File associations on Windows 10 are encrypted to an individual user account; this is to prevent malware hijacking types of files.

This applies to the default browser, which, after all, is just the application that opens html (etc.) files.

Because file associations are encrypted per user, any new user signing-in (and getting a new default profile based on another user's profile) will just get their file associations reset. This is because the new user account cannot decrypt the file associations saved for the original user in the registry.


Posted By: snmdla
Date Posted: 27 Sep 2017 at 5:20am
Thanks, that makes the decision clear.

Are there other similar places in the registry where defprof does similar deletions in HKCU?

Thanks, Thomas



Print Page | Close Window