Getting back Windows explorer functions when using alternative shell

snowdog · 30 Nov 2015 at 10:21

Another non standard question from me

:

Does anyone know how to get the Windows explorer functions back if you start explorer.exe from the task manager when you are using a different executable for shell ?

The problem is, if you use a different shell, eg. ''touchscreenapplicationx.exe'' instead of explorer, and then open explorer.exe, you just get a file explorer window: the task bar, windows hotkeys ( eg. Win+R), start, etc, all still don't work/exist. This applies to Win 7,8,8.1 and 10...

Is there some kind of startup suffix/command for explorer.exe to make it load these parts of Windows, like when it is used as the standard shell ?

snowdog · 30 Nov 2015 at 15:04

Ok, after some research this does not exist, seem to need to make a script that edits the registry shell setting, starts explorer, then changes it back, it somehow doesn't work though.

I wrote 2 .REG's who work on their own:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="C:\\Program Files\\Snowdog\\snowdoglauncher.exe

However the batch file running these doesn't work (even when running as admin, is this an issue with privileges ( need to start regedit as admin too?)):

Regedit.exe /S explorer.reg
timeout 2
explorer.exe
timeout 3
regedit.exe /S snowdog.reg

Any ideas ?

snowdog · 30 Nov 2015 at 17:11

Ok got it working by simply placing all 3 files in the System32 folder and running the bat as admin, just a shame you need to enter a password/that there's no way to hardcode this in a .bat file encrypted, might write a console app in VS that has the admin pw hardcoded in.

bledd · 1 Dec 2015 at 10:21

This is basically a commandline 'run as' tool.

http://www.joeware.net/freetools/tools/cpau/

Create Process As User

snowdog · 1 Dec 2015 at 21:33

Is the source available anywhere, looks like a great tool, but closed source = risk, especially with passwords.

andshrew · 1 Dec 2015 at 23:19

snowdog said:
Is the source available anywhere, looks like a great tool, but closed source = risk, especially with passwords.

Says the person that wants to hardcode administrator credentials into an application or batch file and then launch Explorer...

runas is a built in command, you don't need a 3rd party application.

snowdog · 2 Dec 2015 at 08:48

If it's encrypted then what's the problem ? Putting the pw in a batch file is indeed a no-go.

Someone else on Technet has the exact same question as me:

During normal operation, the desktop is replaced by my app, which is only operated using a touch monitor. This locks the user out of any access to the operating system (kiosk mode). For servicing, a staff member can plug in a keyboard, hit Ctrl-Shift-ESC to start Task Manager, kill my app and run explorer.exe to create the shell.

Working without desktop is a bit annoying for people who service the device ( in this case probably me in the future).

andshrew · 2 Dec 2015 at 12:51

The point is that you would be creating an application that at the push of a button is capable of creating an elevated instance of Explorer. It sounds inherently insecure to me.

If you're only using this while servicing the device then, sure, script the process to complete the task but prompt for the credentials of whoever is servicing it.

snowdog · 2 Dec 2015 at 14:59

andshrew said:
The point is that you would be creating an application that at the push of a button is capable of creating an elevated instance of Explorer. It sounds inherently insecure to me.

If you're only using this while servicing the device then, sure, script the process to complete the task but prompt for the credentials of whoever is servicing it.

The admin password is a bit of a ***** to type, the person who services it always has it on a USB stick in a txt file.

Typing it manually takes 30 + seconds

( 27 char long with loads of random special chars, caps and nrs).

Atm my batch solution works fine, but still needs to be run as admin and have the password pasted. Trying to evade that last step, as it saves a bit of time browsing to the txt on usb, copying the pw, and then pasting it when running the bat as admin.