Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

What is "Impersonation" in these files?

22 views
Skip to first unread message

SueInCincy

unread,
Apr 18, 2007, 12:02:20 PM4/18/07
to
Hi,
I am hoping someone might help educate me about a couple of files,
apparently part of the manufacturers' installation, that have many references
to registry keys that involve "impersonation."

One called HiveSys had this:
HKLM,"SYSTEM\CurrentControlSet\Control\Lsa",
"ImpersonatePrivilegeUpgradeToolHasRun", 0x00010003, 1


Another, called I think, HiveProg, had many, many, many of them, including:

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1

HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1
HKLM,"SOFTWARE\Microsoft\Windows

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\Windows

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1
HKLM,"SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\Windows

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0
HKLM,"SOFTWARE\Microsoft\Windows

HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1
HKLM,"SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0
HKLM,"SOFTWARE\Microsoft\Windows

HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1

HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1

HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1

HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0

HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1

HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1

Wesley Vogel

unread,
Apr 18, 2007, 12:59:27 PM4/18/07
to
Things in this key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify
relate to Winlogon Notification Packages.

<quote>
What Were Winlogon Notification Packages?
In pre-Windows Vista versions of Windows, Winlogon notification packages are
registered DLLs that the Winlogon process loads. These DLLs receive Winlogon
notifications and handle different Winlogon events. Winlogon previously
supported the following events.
<quote>
from...
http://technet2.microsoft.com/WindowsVista/en/library/6ec4ec6d-6b84-44c9-b3af-116589a42b861033.mspx?mfr=true

Apparently Vista had to come out before MS explained what things did in XP.
;-(

I have no idea what Impersonate means or what it does, but it has nothing to
do with a manufacturer's installation of Windows XP. I installed XP Pro
myself on this machine and I have the following:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\crypt32chain
Impersonate REG_DWORD 0x00000000 (0)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\cryptnet
Impersonate REG_DWORD 0x00000000 (0)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\cscdll
Impersonate REG_DWORD 0x00000000 (0)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\ScCertProp
Impersonate REG_DWORD 0x00000001 (1)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\Schedule
Impersonate REG_DWORD 0x00000000 (0)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\sclgntfy
Impersonate REG_DWORD 0x00000000 (0)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\SensLogn
Impersonate REG_DWORD 0x00000001 (1)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\termsrv
Impersonate REG_DWORD 0x00000000 (0)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\wlballoon
Impersonate REG_DWORD 0x00000001 (1)

HKLM\SYSTEM\ControlSet001\Control\Lsa
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x00000001 (1)

HKLM\SYSTEM\ControlSet002\Control\Lsa
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x00000001 (1)

HKLM\SYSTEM\CurrentControlSet\Control\Lsa
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x00000001 (1)

Note: 0x is in hex and numbers in parenthesis (0) are in decimal.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:F2BEE9C3-35EC-40D2...@microsoft.com,
SueInCincy <SueIn...@discussions.microsoft.com> hunted and pecked:

0 new messages