• Still running Windows 7 or earlier? Support for Windows 7 ended on January 14th 2020. Please review the thread here for more details.

right click, my context option not appearing for all users in Win 7

Shintaro

Shintaro

Well-known member
Joined
Jun 12, 2012
Posts
206
Location
Brisbane, Australia
Hi,

Why does the following Registry key, show when right clicking on a .dmp file, in Win XP all users, but only works for Administrator in Win 7?

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Debugger.Dump\Shell\Debug_without_Remote\Command]
@="\"C:\\Program Files\\Debugging Tools for Windows (x64)\\windbg\" -z \"%1\" -c \"$<C:\\Tools\\windbg\\commands.txt\"


Is there some other region in the registry for all users in Win 7??
 
I don't have that Registry key - W7 x64

Code: 
[FONT=Lucida Console]Reg Query HKCR\Debugger.Dump\Shell\Debug_without_Remote\Command /s > 0 & Start notepad 0[/FONT]

Where did it come from?

What is it you are tying to do?
 
Please run this command from an Admin CMD prompt -
Code: 
[FONT=Lucida Console]Reg Query HKCR\.dmp /s >0 & Reg Query HKCR\Debugger.Dump /s >>0 & start notepad 0[/FONT]

A Notepad will open. Attach to your next post.

Where is the commands.txt file located & what is in it?
 
It's also of note - what are the permissions and the mandatory integrity control on that key? If you created it elevated as an administrator, it isn't likely to have the right permissions. Check it against other keys to see if it differs. If it works for admins and not users, this is the likely explanation.
 
Reg Query HKCR\.dmp /s >0 & Reg Query HKCR\Debugger.Dump /s >>0 & start notepad 0

HKEY_CLASSES_ROOT\.dmp
(Default) REG_SZ Debugger.Dump

HKEY_CLASSES_ROOT\.dmp\OpenWithProgids
VisualStudio.dmp.9.0 REG_SZ
VisualStudio.dmp.10.0 REG_SZ

HKEY_CLASSES_ROOT\.dmp\OpenWithProgids\Shared
(Default) REG_SZ Shared key to keep this from being removed with install/uninstall of side-by-side components.


HKEY_CLASSES_ROOT\Debugger.Dump\DefaultIcon
(Default) REG_SZ C:\Program Files\Debugging Tools for Windows (x64)\cdb.exe

HKEY_CLASSES_ROOT\Debugger.Dump\Shell

HKEY_CLASSES_ROOT\Debugger.Dump\Shell\Debug_without_Remote

HKEY_CLASSES_ROOT\Debugger.Dump\Shell\Debug_without_Remote\Command
(Default) REG_SZ "C:\Program Files\Debugging Tools for Windows (x64)\windbg" -z "%1" -c "$<C:\Tools\windbg\commands.txt"

HKEY_CLASSES_ROOT\Debugger.Dump\Shell\Debug_With_Remote70

HKEY_CLASSES_ROOT\Debugger.Dump\Shell\Debug_With_Remote70\Command
(Default) REG_SZ "C:\Program Files\Debugging Tools for Windows (x64)\windbg " -server tcp:Port=70 -z \"%1\" -c \"$<C:\Tools\windbg\commands.txt"
Click to expand...



command.txt

as sortold .shell -ci "lm nt" cscript c:\tools\windbg\sort.vbs
as jcgriff !analyze -v;r;kv;lmtn;.bugcheck;!sysinfo cpuinfo;!sysinfo machineid; !sysinfo cpuspeed; !sysinfo smbios
Click to expand...
 
cluberti said:
It's also of note - what are the permissions and the mandatory integrity control on that key? If you created it elevated as an administrator, it isn't likely to have the right permissions. Check it against other keys to see if it differs. If it works for admins and not users, this is the likely explanation.
Click to expand...

I thought so as well, but I used regedit from my user account (Does not have admin rights). I just re-checked and users have Read permissions on all subkeys.
 
How did you get into regedit without admin perms?

UAC comes up here to elevate regedit.

Please run -
Code: 
whoami /all /fo list >0 & start notepad 0

Regards. . .

jcgriff2
 
ahh yea, I must have been having a senior moment.:o There is no way I could have done that.

Attached screen shot is from HKEY_CLASSES_ROOT\Debugger.Dump

I checked each key and for users it is the same Read permission.

USER INFORMATION
----------------

User Name: defiant\andrew
SID: S-1-5-21-772383937-1110144617-1839867379-1003


GROUP INFORMATION
-----------------

Group Name: Everyone
Type: Well-known group
SID: S-1-1-0
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: Defiant\HelpLibraryUpdaters
Type: Alias
SID: S-1-5-21-772383937-1110144617-1839867379-1029
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: Defiant\HomeUsers
Type: Alias
SID: S-1-5-21-772383937-1110144617-1839867379-1009
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: BUILTIN\Remote Desktop Users
Type: Alias
SID: S-1-5-32-555
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: BUILTIN\Users
Type: Alias
SID: S-1-5-32-545
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: NT AUTHORITY\INTERACTIVE
Type: Well-known group
SID: S-1-5-4
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: CONSOLE LOGON
Type: Well-known group
SID: S-1-2-1
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: NT AUTHORITY\Authenticated Users
Type: Well-known group
SID: S-1-5-11
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: NT AUTHORITY\This Organization
Type: Well-known group
SID: S-1-5-15
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: LOCAL
Type: Well-known group
SID: S-1-2-0
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: NT AUTHORITY\NTLM Authentication
Type: Well-known group
SID: S-1-5-64-10
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: Mandatory Label\Medium Mandatory Level
Type: Label
SID: S-1-16-8192
Attributes: Mandatory group, Enabled by default, Enabled group


PRIVILEGES INFORMATION
----------------------

Privilege Name: SeShutdownPrivilege
Description: Shut down the system
State: Disabled

Privilege Name: SeChangeNotifyPrivilege
Description: Bypass traverse checking
State: Enabled

Privilege Name: SeUndockPrivilege
Description: Remove computer from docking station
State: Disabled

Privilege Name: SeIncreaseWorkingSetPrivilege
Description: Increase a process working set
State: Disabled

Privilege Name: SeTimeZonePrivilege
Description: Change the time zone
State: Disabled
Click to expand...
 

Attachments

  • P1.png
    P1.png
    39.2 KB · Views: 3
I thought maybe you had UAC off.

The user account shows a SID ending in -1003.

Are there 2 other user-admin accounts?

Here is the whoami from this system - W7 x64 Ult -

Read More:

Why do you believe you have no Admin perms?

Does the system belong to work or school?
 
Just some BOINC Stuff.

I set my account up as a "Standard User". I have a seperate Administrator account. And if I feel lazy I right click and use "Run as Administrator".

Group Name: Defiant\boinc_admins
Type: Alias
SID: S-1-5-21-772383937-1110144617-1839867379-1026
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: Defiant\boinc_projects
Type: Alias
SID: S-1-5-21-772383937-1110144617-1839867379-1028
Attributes: Mandatory group, Enabled by default, Enabled group

Group Name: Defiant\boinc_users
Type: Alias
SID: S-1-5-21-772383937-1110144617-1839867379-1027
Attributes: Mandatory group, Enabled by default, Enabled group
Click to expand...
 
If the key and values all have the same perms as others, then it might be time to log in as a non-admin user, start procmon (run as admin, of course), and right-click. Then immediately save off the procmon log and start looking for any references to that reg key and/or value set, and see what the problem is :).
 
In windows 7 standard users have read permssions only.

Administrators have full permssions as you know. Even if you use run as administrator you are restricted with config and need to log on with an administrator account to do the config changes.

I think it is a security enhancement with Windows 7 designed to prevent unauthorised changes from standard users accounts and also using the elevation run as option.
 
Nah mate, it's not a permission problem. I added full permissions to my specific user account. Rebooted. No change. It still does not appear in the right click context menu.
 
Did you run ProcMon to check the reg keys?

cluberti said:
If the key and values all have the same perms as others, then it might be time to log in as a non-admin user, start procmon (run as admin, of course), and right-click. Then immediately save off the procmon log and start looking for any references to that reg key and/or value set, and see what the problem is :).
Click to expand...
 
But the keys are there because you created them.
And running ProcMon will (hopefully) elicit some errors that you can see in the logfiles when the right click tries to access them (I'd right click on a .dmp file just to be sure that it's trying to access it).

I believe that cluberti was referring to running Process Monitor as an Administrator
You can also "Run as admin" by highlighting the ProcMon executable (single left click) and then press/hold "Ctrl" + "Shift" while pressing "Enter"

But beware, the logfiles are huge!
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top