God mode, sysinternals importing .dll for more mmc snap ins? Oh my
Posted by itiscodeman@reddit | sysadmin | View on Reddit | 24 comments
Over heard my supervisor say he’s added reg keys which lets ad display more attributes!? He also had us register a .dll that helped us switch schema master using an mmc snap in that’s not there by default
What is your knowledge about secret windows setting ?
I see value in sysinternals and that good desktop icon for godmode to have all the settings still works in 11 I bet.
Cormacolinde@reddit
There’s the one where you reset the Time Service with
w32tm /unregister
W32tm /register
And also the one to reset the Windows Update service
https://learn.microsoft.com/en-gb/answers/questions/2338408/article-reset-windows-update-components
Kangie@reddit
If you insert a USB and hold down a special key combination you can use Linux instead and never have to deal with M$ shit again.
TimePlankton3171@reddit
Can confirm. Not saying which key tho.
itiscodeman@reddit (OP)
It’s rnicrosoft*
sembee2@reddit
The schema master one isn't a secret, it's in the MS instructions for moving the roles.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/view-transfer-fsmo-roles
itiscodeman@reddit (OP)
Well no ya thanks. It makes you run a command with a .dll I think that’s so cool and wonder what other .dll can be loaded to reveal things
DonL314@reddit
This "trick" was taught in every Windows Server training course I have participated in, so it's not "a secret".
I bet this is totally on purpose by MS, and not meant as a "secret" but a "safeguard". Messing with the schema is something that should be planned carefully since many operations are irreversible, and the consequences can be disastrous for a forest. (Btw, you don't want any accounts having the role of Schema Administrator except at the times when it's needed.)
BloodFeastMan@reddit
God mode simply shows all settings in a file explorer type window
fireandbass@reddit
Don't do it. It can get you stuck in a boot loop.
Anticept@reddit
Sounds like they put it on the desktop.
Fun fact about people with dirty desktops: everytime your desktop loads it triggers a scan of antivirus tooling. Either put it in a folder on a desktop or not on your desktop at all.
Root of start menu and taskbar can do that too
itiscodeman@reddit (OP)
Can you elaborate?
Anticept@reddit
The "godmode" shortcut is undocumented behavior as far as I know. Undocumented behavior are things that exist that are probably not meant for general use, and it isn't quite as bad as undefined behavior which can be total chaos, but when something is undocumented, you're accepting the risk that it might not always work or work in the way you expected patch to patch.
As I said, things on the desktop automatically trigger scans when booting, because the desktop itself is also a folder that is opened by the shell. If you have something badly broken, it could cause exceptions, which are particularly bad if there's no handler for it.
AcornAnomaly@reddit
If anyone's curious how it actually works, it creates what's called a "shell namespace junction".
https://brandonlive.com/2010/01/04/the-so-called-god-mode/
itiscodeman@reddit (OP)
Dang that would suck. So cool of you to warn. Ya I never needed the shortcut personally but I do wanna see the secret menu you know?
jmbpiano@reddit
You don't need to create an extra shortcut, you just create an empty folder and give it the
.{ED7BA470-8E54-465E-825C-99712043E01C}extension (the base name can be anything; the "god mode" string has no effect).itiscodeman@reddit (OP)
Ya awesome to share I think everyone knows but someone will go make the folder now.
BloodFeastMan@reddit
I figure there's still plenty of people who aren't aware of that one.
zerotol4@reddit
This takes me back quite a number of years where we did something similar it is possible to create custom items in the ADUC MMC that when you right clicked the user or computer for example additional items could be triggered that ran a script to perform additional tasks like asking a computer to wake on LAN when a computer was right clicked for example and additional tasks for users also etc
I beleive it involved adjusting the displayspecifiers via adsiedit which to be honest its probably a bad idea to go messing around with but in case you are interested
https://web.archive.org/web/20120330185909/http://blogs.technet.com/b/isingh/archive/2007/02/18/adding-custom-attributes-in-active-directory.aspx
I think it also may be possible to execute powershell scripts but not tried it.
https://www.dsinternals.com/en/extending-active-directory-aduc-context-menu-powershell/
fireandbass@reddit
I use this in my environment. You don't have to edit adsi edit. You save a .mmc file and right click and enter authoring mode, then you can add a custom taskpad view and save it. You can pass many variables shown in ADUC to Powershell scripts, CMD and other apps that support command line variables.
itiscodeman@reddit (OP)
So cool
zerotol4@reddit
Nice, I did see this recently but I have not tried it.
itiscodeman@reddit (OP)
Dude heck ya this is exactly the type of stuff I’m researching. Preeshh …
AdminSDHolder@reddit
If you register this dll you will be able to browse the AD Schema in MMC
itiscodeman@reddit (OP)
Ya that’s it! Ever have to register another dll tho ?