How To Restart PC in Safe Mode and do some stuff












0















I had some task these days to automate removing antivirus from PC-s in our company... on some PC-s there was a password mismatch issue so we had to restart PC in safe mode to remove the config files and then we were able to remove the antivirus itself... so i wrote some scripts to automate it... The logic was this:



1) run the file which will set the password and enable built in administrator account. Copy two batch files (file1, file2) on C disk for Further work, run file 1 As administrator...



2)file 1 contains instructions and reg keys to restart computer in safe mode, autologin, run the file2 instead of explorer.exe... then deletes itself...



3)file2 contains instructions to restart computer in normal mode, delete config file of antivirus, sets default values for normal startup of explorer... then deletes itself...



actually it did work: after this script is launched - computer restarts in safe mode, administrator account automatically logs on, deletes config file, restarts in normal mode and everything seems nice and clean... but in some cases i was not able to restart in safe mode... and in other case computer restarted ins safe mode administrator account automatically got log on and then nothing happened...



so what i did wrong?



here are the files with code:



Main file which was launched by administrative privileges:



@echo off
net user Administrator Pass12345
net user Administrator /active:yes
xcopy "Bat_Ffile1.bat" "C:" /Y
xcopy "Bat_Ffile2.bat" "C:" /Y
"Bat_FRunas.vbs"


Runas file:



Option explicit
dim oShell
set oShell=Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /profile /user:Administrator ""C:file1.bat"""
WScript.Sleep 100
oShell.Sendkeys "Pass12345~"
Wscript.Quit


file1 :



@echo off
bcdedit /set {default} safeboot minimal
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v DefaultUserName /t REG_SZ /d Administrator /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v DefaultPassword /t REG_SZ /d Pass12345 /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v AutoLogonCount /t REG_DWORD /d 1 /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v Shell /t REG_SZ /d "C:file2.bat" /f
shutdown -r -t 10 -c "Computer Will Now Restart In SAFE MODE..."
del "%~f0"


file2 :



@echo off
bcdedit /deletevalue {default} safeboot
del "C:\ProgramdataSomeAntivirusSomeconfigfile.cfg"
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v Shell /t REG_SZ /d "explorer.exe" /f
shutdown -r -t 10 -c "Computer Will Now Restart In NORMAL MODE..."
del "%~f0"


so what do i do wrong? or what would you suggest / reccomend?? what can i do for troubleshooting???










share|improve this question























  • I see a few issues - runas.vbs is executing "runas" without an extension, so could cause a loop. xcopy is copying to "c:" with a " which escapes the quote. remove those quotes. the destination, the root of the C: drive, is also usually protected so unless the initial "main" process has rights to write there it'll choke on those lines which will leave you in limbo later. you're not removing the autologin options or disabling the administrator account in file2. using sendkeys is terrifying for security, since it would insert the password into any app that had focus.

    – shawn
    Feb 15 at 18:48











  • vbs might not be associated with anything, so using cscript or wscript to call it would be safer. if you're running these across the network, then the initial setup would be safer if called via psexec.

    – shawn
    Feb 15 at 18:49











  • @shawn thank you for your reply & advice!!!

    – Davida M
    Feb 15 at 20:55











  • @shawn thank you for your reply and advice!!!

    – Davida M
    Feb 15 at 20:58
















0















I had some task these days to automate removing antivirus from PC-s in our company... on some PC-s there was a password mismatch issue so we had to restart PC in safe mode to remove the config files and then we were able to remove the antivirus itself... so i wrote some scripts to automate it... The logic was this:



1) run the file which will set the password and enable built in administrator account. Copy two batch files (file1, file2) on C disk for Further work, run file 1 As administrator...



2)file 1 contains instructions and reg keys to restart computer in safe mode, autologin, run the file2 instead of explorer.exe... then deletes itself...



3)file2 contains instructions to restart computer in normal mode, delete config file of antivirus, sets default values for normal startup of explorer... then deletes itself...



actually it did work: after this script is launched - computer restarts in safe mode, administrator account automatically logs on, deletes config file, restarts in normal mode and everything seems nice and clean... but in some cases i was not able to restart in safe mode... and in other case computer restarted ins safe mode administrator account automatically got log on and then nothing happened...



so what i did wrong?



here are the files with code:



Main file which was launched by administrative privileges:



@echo off
net user Administrator Pass12345
net user Administrator /active:yes
xcopy "Bat_Ffile1.bat" "C:" /Y
xcopy "Bat_Ffile2.bat" "C:" /Y
"Bat_FRunas.vbs"


Runas file:



Option explicit
dim oShell
set oShell=Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /profile /user:Administrator ""C:file1.bat"""
WScript.Sleep 100
oShell.Sendkeys "Pass12345~"
Wscript.Quit


file1 :



@echo off
bcdedit /set {default} safeboot minimal
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v DefaultUserName /t REG_SZ /d Administrator /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v DefaultPassword /t REG_SZ /d Pass12345 /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v AutoLogonCount /t REG_DWORD /d 1 /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v Shell /t REG_SZ /d "C:file2.bat" /f
shutdown -r -t 10 -c "Computer Will Now Restart In SAFE MODE..."
del "%~f0"


file2 :



@echo off
bcdedit /deletevalue {default} safeboot
del "C:\ProgramdataSomeAntivirusSomeconfigfile.cfg"
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v Shell /t REG_SZ /d "explorer.exe" /f
shutdown -r -t 10 -c "Computer Will Now Restart In NORMAL MODE..."
del "%~f0"


so what do i do wrong? or what would you suggest / reccomend?? what can i do for troubleshooting???










share|improve this question























  • I see a few issues - runas.vbs is executing "runas" without an extension, so could cause a loop. xcopy is copying to "c:" with a " which escapes the quote. remove those quotes. the destination, the root of the C: drive, is also usually protected so unless the initial "main" process has rights to write there it'll choke on those lines which will leave you in limbo later. you're not removing the autologin options or disabling the administrator account in file2. using sendkeys is terrifying for security, since it would insert the password into any app that had focus.

    – shawn
    Feb 15 at 18:48











  • vbs might not be associated with anything, so using cscript or wscript to call it would be safer. if you're running these across the network, then the initial setup would be safer if called via psexec.

    – shawn
    Feb 15 at 18:49











  • @shawn thank you for your reply & advice!!!

    – Davida M
    Feb 15 at 20:55











  • @shawn thank you for your reply and advice!!!

    – Davida M
    Feb 15 at 20:58














0












0








0








I had some task these days to automate removing antivirus from PC-s in our company... on some PC-s there was a password mismatch issue so we had to restart PC in safe mode to remove the config files and then we were able to remove the antivirus itself... so i wrote some scripts to automate it... The logic was this:



1) run the file which will set the password and enable built in administrator account. Copy two batch files (file1, file2) on C disk for Further work, run file 1 As administrator...



2)file 1 contains instructions and reg keys to restart computer in safe mode, autologin, run the file2 instead of explorer.exe... then deletes itself...



3)file2 contains instructions to restart computer in normal mode, delete config file of antivirus, sets default values for normal startup of explorer... then deletes itself...



actually it did work: after this script is launched - computer restarts in safe mode, administrator account automatically logs on, deletes config file, restarts in normal mode and everything seems nice and clean... but in some cases i was not able to restart in safe mode... and in other case computer restarted ins safe mode administrator account automatically got log on and then nothing happened...



so what i did wrong?



here are the files with code:



Main file which was launched by administrative privileges:



@echo off
net user Administrator Pass12345
net user Administrator /active:yes
xcopy "Bat_Ffile1.bat" "C:" /Y
xcopy "Bat_Ffile2.bat" "C:" /Y
"Bat_FRunas.vbs"


Runas file:



Option explicit
dim oShell
set oShell=Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /profile /user:Administrator ""C:file1.bat"""
WScript.Sleep 100
oShell.Sendkeys "Pass12345~"
Wscript.Quit


file1 :



@echo off
bcdedit /set {default} safeboot minimal
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v DefaultUserName /t REG_SZ /d Administrator /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v DefaultPassword /t REG_SZ /d Pass12345 /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v AutoLogonCount /t REG_DWORD /d 1 /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v Shell /t REG_SZ /d "C:file2.bat" /f
shutdown -r -t 10 -c "Computer Will Now Restart In SAFE MODE..."
del "%~f0"


file2 :



@echo off
bcdedit /deletevalue {default} safeboot
del "C:\ProgramdataSomeAntivirusSomeconfigfile.cfg"
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v Shell /t REG_SZ /d "explorer.exe" /f
shutdown -r -t 10 -c "Computer Will Now Restart In NORMAL MODE..."
del "%~f0"


so what do i do wrong? or what would you suggest / reccomend?? what can i do for troubleshooting???










share|improve this question














I had some task these days to automate removing antivirus from PC-s in our company... on some PC-s there was a password mismatch issue so we had to restart PC in safe mode to remove the config files and then we were able to remove the antivirus itself... so i wrote some scripts to automate it... The logic was this:



1) run the file which will set the password and enable built in administrator account. Copy two batch files (file1, file2) on C disk for Further work, run file 1 As administrator...



2)file 1 contains instructions and reg keys to restart computer in safe mode, autologin, run the file2 instead of explorer.exe... then deletes itself...



3)file2 contains instructions to restart computer in normal mode, delete config file of antivirus, sets default values for normal startup of explorer... then deletes itself...



actually it did work: after this script is launched - computer restarts in safe mode, administrator account automatically logs on, deletes config file, restarts in normal mode and everything seems nice and clean... but in some cases i was not able to restart in safe mode... and in other case computer restarted ins safe mode administrator account automatically got log on and then nothing happened...



so what i did wrong?



here are the files with code:



Main file which was launched by administrative privileges:



@echo off
net user Administrator Pass12345
net user Administrator /active:yes
xcopy "Bat_Ffile1.bat" "C:" /Y
xcopy "Bat_Ffile2.bat" "C:" /Y
"Bat_FRunas.vbs"


Runas file:



Option explicit
dim oShell
set oShell=Wscript.CreateObject("WScript.Shell")
oShell.Run "runas /profile /user:Administrator ""C:file1.bat"""
WScript.Sleep 100
oShell.Sendkeys "Pass12345~"
Wscript.Quit


file1 :



@echo off
bcdedit /set {default} safeboot minimal
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v DefaultUserName /t REG_SZ /d Administrator /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v DefaultPassword /t REG_SZ /d Pass12345 /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v AutoLogonCount /t REG_DWORD /d 1 /f
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v Shell /t REG_SZ /d "C:file2.bat" /f
shutdown -r -t 10 -c "Computer Will Now Restart In SAFE MODE..."
del "%~f0"


file2 :



@echo off
bcdedit /deletevalue {default} safeboot
del "C:\ProgramdataSomeAntivirusSomeconfigfile.cfg"
reg add "HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon" /v Shell /t REG_SZ /d "explorer.exe" /f
shutdown -r -t 10 -c "Computer Will Now Restart In NORMAL MODE..."
del "%~f0"


so what do i do wrong? or what would you suggest / reccomend?? what can i do for troubleshooting???







bash batch vbscript regedit autologon






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Feb 11 at 19:39









Davida MDavida M

11




11













  • I see a few issues - runas.vbs is executing "runas" without an extension, so could cause a loop. xcopy is copying to "c:" with a " which escapes the quote. remove those quotes. the destination, the root of the C: drive, is also usually protected so unless the initial "main" process has rights to write there it'll choke on those lines which will leave you in limbo later. you're not removing the autologin options or disabling the administrator account in file2. using sendkeys is terrifying for security, since it would insert the password into any app that had focus.

    – shawn
    Feb 15 at 18:48











  • vbs might not be associated with anything, so using cscript or wscript to call it would be safer. if you're running these across the network, then the initial setup would be safer if called via psexec.

    – shawn
    Feb 15 at 18:49











  • @shawn thank you for your reply & advice!!!

    – Davida M
    Feb 15 at 20:55











  • @shawn thank you for your reply and advice!!!

    – Davida M
    Feb 15 at 20:58



















  • I see a few issues - runas.vbs is executing "runas" without an extension, so could cause a loop. xcopy is copying to "c:" with a " which escapes the quote. remove those quotes. the destination, the root of the C: drive, is also usually protected so unless the initial "main" process has rights to write there it'll choke on those lines which will leave you in limbo later. you're not removing the autologin options or disabling the administrator account in file2. using sendkeys is terrifying for security, since it would insert the password into any app that had focus.

    – shawn
    Feb 15 at 18:48











  • vbs might not be associated with anything, so using cscript or wscript to call it would be safer. if you're running these across the network, then the initial setup would be safer if called via psexec.

    – shawn
    Feb 15 at 18:49











  • @shawn thank you for your reply & advice!!!

    – Davida M
    Feb 15 at 20:55











  • @shawn thank you for your reply and advice!!!

    – Davida M
    Feb 15 at 20:58

















I see a few issues - runas.vbs is executing "runas" without an extension, so could cause a loop. xcopy is copying to "c:" with a " which escapes the quote. remove those quotes. the destination, the root of the C: drive, is also usually protected so unless the initial "main" process has rights to write there it'll choke on those lines which will leave you in limbo later. you're not removing the autologin options or disabling the administrator account in file2. using sendkeys is terrifying for security, since it would insert the password into any app that had focus.

– shawn
Feb 15 at 18:48





I see a few issues - runas.vbs is executing "runas" without an extension, so could cause a loop. xcopy is copying to "c:" with a " which escapes the quote. remove those quotes. the destination, the root of the C: drive, is also usually protected so unless the initial "main" process has rights to write there it'll choke on those lines which will leave you in limbo later. you're not removing the autologin options or disabling the administrator account in file2. using sendkeys is terrifying for security, since it would insert the password into any app that had focus.

– shawn
Feb 15 at 18:48













vbs might not be associated with anything, so using cscript or wscript to call it would be safer. if you're running these across the network, then the initial setup would be safer if called via psexec.

– shawn
Feb 15 at 18:49





vbs might not be associated with anything, so using cscript or wscript to call it would be safer. if you're running these across the network, then the initial setup would be safer if called via psexec.

– shawn
Feb 15 at 18:49













@shawn thank you for your reply & advice!!!

– Davida M
Feb 15 at 20:55





@shawn thank you for your reply & advice!!!

– Davida M
Feb 15 at 20:55













@shawn thank you for your reply and advice!!!

– Davida M
Feb 15 at 20:58





@shawn thank you for your reply and advice!!!

– Davida M
Feb 15 at 20:58










0






active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1404565%2fhow-to-restart-pc-in-safe-mode-and-do-some-stuff%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1404565%2fhow-to-restart-pc-in-safe-mode-and-do-some-stuff%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

Mangá

Eduardo VII do Reino Unido