Single Batch File to Request User Input and Modify Registry

[cameronlanni]

Hello all,

In my organization, our passwords expire every 90 days. For certain users, we have Auto-Logon to Windows configured, but a technician has to reconfigure the registry each time the user's password changes.

I'd like to create a *single* Batch file that prompts the user for their new password, and then modifies the appropriate registry key so their Auto-Logon can be reconfigured without intervention from a PC Tech.

Is this possible without having to import a separate .REG file from within the batch?

I've tinkered with it a bit, and it seems like I'm getting close, but I can't get the Registry modified within an IF statement.

Here's what I've created so far. (I know it's far from complete, but bear with me for proof of concept)

Code: Select all

REGEDIT4

; @ECHO OFF
; CLS
; REGEDIT.EXE /S "%~f0"

@echo off

:choice
set /P c=Would you like to update your Windows Auto-Logon Password?[Y/N]?
if /I "%c%" EQU "Y" goto :answered_yes
if /I "%c%" EQU "N" goto :answered_no
goto :choice

:answered_yes
echo Let's update your password...
set /P newpw=Please enter your new Windows password:  
cls
echo Your password has been updated 
pause 
:: Now Update in Registry
goto :editRegPW

:answered_no
goto :username

:username
set /P u=Would you like to update your Windows Auto-Logon Username?[Y/N]?
if /I "%u%" EQU "Y" goto :answered_yes_un
if /I "%u%" EQU "N" goto :answered_no_un

:answered_yes_un
echo Let's update your username...
set /P newun=Please enter your new Windows username:  
echo Your username has been updated to %newun%
:: Now Update in Registry
goto :editRegUN
pause 

:answered_no_un
exit

:editRegPW

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Test]
"DefaultPassword"="Test PW"
"AutoAdminLogon"="1"
pause
goto :username

:editRegUN

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Test]
"DefaultUserName"="Test UN"
"DefaultDomain"="Test DOM"
"AutoAdminLogon"="1"
exit

In case it's not obvious, I'm fairly new to Batch files.

Thanks in advance for any advice!

Cameron

[cameronlanni]

Scratch that. I've resolved this issue on my own by using the REG ADD command.

Thanks,
Cameron

[aGerman]

Yes, that would have been my suggestion in the next few minutes
Please be careful with user inputs in a batch script. You could run into trouble if the user has special characters or advanced ASCII characters in his password. The batch window uses a different character encoding. Also I'm amazed the users are allowed to make changes in HKLM. It's strictly prevented by the administrators of our company.

Regards
aGerman

[cameronlanni]

Thanks for that tip. I'll keep that in mind. Are characters like !, @, #, $, %, &, etc valid?

Also, users are not allowed to make changes to HKLM in my organization. None of our end users are Local Admins. We use Rights Management software called ViewFinity and are able to elevate this one and only batch file to admin level via MD5 hash to allow it to work.

Good looking out.

Thanks,
Cameron

[cameronlanni]

In case anyone needs the final working version:

Code: Select all

@echo off

:choice
::This line makes a local copy of the BATCH file on the user's C: Drive
xcopy /Y /V /I "%~dp0Windows Auto-Login Configuration.BAT" "C:\Auto-Logon\"

::Now lets create a shortcut to this BATCH file on user's desktop
echo [InternetShortcut] >> "C:\Users\Public\desktop\Auto-Logon Setup.url"
echo URL="C:\Auto-Logon\Windows Auto-Login Configuration.BAT" >> "C:\Users\Public\desktop\Auto-Logon Setup.url"
::Now change the shortcut's icon to something more noticeable
echo IconFile=C:\WINDOWS\system32\SHELL32.dll >> "C:\Users\Public\desktop\Auto-Logon Setup.url"
echo IconIndex=44 >> "C:\Users\Public\desktop\Auto-Logon Setup.url"

set /P c=Would you like to update your Windows Auto-Logon Password?[Y/N]?
if /I "%c%" EQU "Y" goto :answered_yes
if /I "%c%" EQU "N" goto :answered_no
goto :choice

:answered_yes
echo Let's update your password...
set /P newpw=Please enter your new Windows password:  
cls
echo Your password has been updated 
pause 
:: Now Update in Registry
goto :editRegPW

:answered_no
goto :username

:username
set /P u=Would you like to update your Windows Auto-Logon Username?[Y/N]?
if /I "%u%" EQU "Y" goto :answered_yes_un
if /I "%u%" EQU "N" goto :answered_no_un

:answered_yes_un
echo Let's update your username...
set /P newun=Please enter your new Windows username:  
echo Your username has been updated to %newun%
:: Now Update in Registry
goto :editRegUN
pause 

:answered_no_un
exit

:editRegPW

REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /V "DefaultPassword" /d "%newpw%" /f
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /V "AutoAdminLogon" /d "1" /f

pause
goto :username

:editRegUN
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /V "DefaultUsername" /d "%newun%" /f
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /V "DefaultDomainName" /d "YOURDOMAIN" /f
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /t REG_SZ /V "AutoAdminLogon" /d "1" /f

pause
exit

Bear in mind, this must be ran as Administrator. Also, I adjusted it so running it once makes a local copy of the script and then adds a shortcut to Public Desktop so any user that logs in could configure it themselves. (Like when a system gets inherited by another user)

Thanks again,
Cameron

[aGerman]

As long as the characters are in the range of ASCII 0x20 and 0x7E it should work for most of them. I remember that quotation marks have to be escaped with a backslash each. For that reason I guess that also backslashes have to be doubled. Maybe forward-slashes could also be misinterpreted. You should do some tests with these characters.

Regards
aGerman