One called HiveSys had this:
HKLM,"SYSTEM\CurrentControlSet\Control\Lsa",
"ImpersonatePrivilegeUpgradeToolHasRun", 0x00010003, 1
Another, called I think, HiveProg, had many, many, many of them, including:
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1
HKLM,"SOFTWARE\Microsoft\Windows
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\Windows
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\Windows
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0
HKLM,"SOFTWARE\Microsoft\Windows
HKLM,"SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0
HKLM,"SOFTWARE\Microsoft\Windows
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\wlballoon","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\cscdll","Impersonate",0x00010001,0
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\ScCertProp","Impersonate",0x00010001,1
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\SensLogn","Impersonate",0x00010003,1
<quote>
What Were Winlogon Notification Packages?
In pre-Windows Vista versions of Windows, Winlogon notification packages are
registered DLLs that the Winlogon process loads. These DLLs receive Winlogon
notifications and handle different Winlogon events. Winlogon previously
supported the following events.
<quote>
from...
http://technet2.microsoft.com/WindowsVista/en/library/6ec4ec6d-6b84-44c9-b3af-116589a42b861033.mspx?mfr=true
Apparently Vista had to come out before MS explained what things did in XP.
;-(
I have no idea what Impersonate means or what it does, but it has nothing to
do with a manufacturer's installation of Windows XP. I installed XP Pro
myself on this machine and I have the following:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\crypt32chain
Impersonate REG_DWORD 0x00000000 (0)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\cryptnet
Impersonate REG_DWORD 0x00000000 (0)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\cscdll
Impersonate REG_DWORD 0x00000000 (0)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\ScCertProp
Impersonate REG_DWORD 0x00000001 (1)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\Schedule
Impersonate REG_DWORD 0x00000000 (0)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\sclgntfy
Impersonate REG_DWORD 0x00000000 (0)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\SensLogn
Impersonate REG_DWORD 0x00000001 (1)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\termsrv
Impersonate REG_DWORD 0x00000000 (0)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\wlballoon
Impersonate REG_DWORD 0x00000001 (1)
HKLM\SYSTEM\ControlSet001\Control\Lsa
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x00000001 (1)
HKLM\SYSTEM\ControlSet002\Control\Lsa
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x00000001 (1)
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
ImpersonatePrivilegeUpgradeToolHasRun REG_DWORD 0x00000001 (1)
Note: 0x is in hex and numbers in parenthesis (0) are in decimal.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:F2BEE9C3-35EC-40D2...@microsoft.com,
SueInCincy <SueIn...@discussions.microsoft.com> hunted and pecked: