True Silent Mode for Lollipop – XDA Xposed Tuesday

The post True Silent Mode for Lollipop XDA Xposed Tuesday appeared first on … more

List of Edge Panel Compatible Apps

more

Google Announces Plans for Projects Titan, Loon and Link

The post Google Announces Plans for Projects Titan, Loon and Link appeared first on … more

Here’s What the HTC One M9 Camera Can Do

more
Post Reply

Playing with Produtct Policy - My XPS10 just joined AD domain

OP kitor

14th August 2014, 11:18 PM   |  #1  
kitor's Avatar
OP Senior Member
Flag Wieluń
Thanks Meter: 28
 
149 posts
Join Date:Joined: Apr 2007
More
Inspired by this post:
http://forum.xda-developers.com/show...885399&page=22

I wanted to play a bit to join my XPS10 to my home domain. But
Quote:

Check that the process is working on RT - a provided .NET program obviously would not work, so you should do the same manually

Well... it's for .net 4.0, AFAIR we have only 4.5, yep (?) And I was to lazy to read sourcecode.
So I loaded project into Visual Studio, changed target to 4.5 Any CPU. After that:
1. Took ownership of c:\windows\system32\sppsvc.exe and removed all rights (so noone, even system can execute it)
2. Created a copy of runJailbreak.bat and removed all exit commands in it (as a workaround for closing cmd - that will be needed later)
3. Added in registry:
HKEY_LOCAL_MACHINE\SYSTEM\Setup
SetupType=1
CmdLine="cmd.exe"
4. Reboot

After reboot I got cmd window on bootscreen background. Somehow, mouse cursor disappeared even with USB mouse.
5. Started jailbreak by running modified .bat
6. Started attached ProductPolicyEditor, enabled WorkstationService-DomainJoinEnabled policy, wrote changes to registry
7. Closed PPE, cmd, system self restarted in normal mode
8. Connected to domain as usual.

Proof - screenshots attached

After this RT went to not activated state. But when already connected to domain, I reverted changes I done (changed policy to 0, restored sppsvc rights), activated it again - everything works, computer is still in domain, only change is that in system properties I can only leave it, not change to another one.
This method may be used to exploit more hidden RT features.
Attached Images
File Type: jpg 1.jpg - [Click for QR Code] (218.0 KB, 288 views)
File Type: jpg 2.jpg - [Click for QR Code] (213.5 KB, 226 views)
File Type: jpg 3.jpg - [Click for QR Code] (192.2 KB, 237 views)
Attached Files
File Type: zip ProductPolicyEditor.zip - [Click for QR Code] (12.4 KB, 45 views)
Last edited by kitor; 15th August 2014 at 09:20 AM.
The Following User Says Thank You to kitor For This Useful Post: [ View ]
15th August 2014, 04:56 PM   |  #2  
Quote:
Originally Posted by kitor

Inspired by this post:
http://forum.xda-developers.com/show...885399&page=22

I wanted to play a bit to join my XPS10 to my home domain. But

Well... it's for .net 4.0, AFAIR we have only 4.5, yep (?) And I was to lazy to read sourcecode.
So I loaded project into Visual Studio, changed target to 4.5 Any CPU. After that:
1. Took ownership of c:\windows\system32\sppsvc.exe and removed all rights (so noone, even system can execute it)
2. Created a copy of runJailbreak.bat and removed all exit commands in it (as a workaround for closing cmd - that will be needed later)
3. Added in registry:
HKEY_LOCAL_MACHINE\SYSTEM\Setup
SetupType=1
CmdLine="cmd.exe"
4. Reboot

After reboot I got cmd window on bootscreen background. Somehow, mouse cursor disappeared even with USB mouse.
5. Started jailbreak by running modified .bat
6. Started attached ProductPolicyEditor, enabled WorkstationService-DomainJoinEnabled policy, wrote changes to registry
7. Closed PPE, cmd, system self restarted in normal mode
8. Connected to domain as usual.

Proof - screenshots attached

After this RT went to not activated state. But when already connected to domain, I reverted changes I done (changed policy to 0, restored sppsvc rights), activated it again - everything works, computer is still in domain, only change is that in system properties I can only leave it, not change to another one.
This method may be used to exploit more hidden RT features.

Confirmed working on Surface RT
29th September 2014, 07:42 PM   |  #3  
Senior Member
Pearland, TX
Thanks Meter: 17
 
126 posts
Join Date:Joined: Sep 2006
Wonder what happens if you then upgrade the device to win rt 8.1...
1st October 2014, 05:02 AM   |  #4  
Member
Flag Sydney
Thanks Meter: 19
 
53 posts
Join Date:Joined: Aug 2011
More
I did this on my Surface RT running 8.1 the other day, Nil issues..

Quote:
Originally Posted by jordanmills

Wonder what happens if you then upgrade the device to win rt 8.1...

24th November 2014, 04:59 PM   |  #5  
Myriachan's Avatar
Senior Member
Thanks Meter: 155
 
116 posts
Join Date:Joined: Feb 2013
I wonder whether this technique could also be used to allow incoming Remote Desktop sessions in Windows RT...

Melissa
25th November 2014, 05:21 AM   |  #6  
Recognized Developer
Flag Denver
Thanks Meter: 545
 
873 posts
Join Date:Joined: Jun 2009
Donate to Me
More
Quote:
Originally Posted by Myriachan

I wonder whether this technique could also be used to allow incoming Remote Desktop sessions in Windows RT...

Melissa

I spent quite a while trying to get that back when this first came out for 8.0, never had any luck with RDP. The Windows Help remote assistant works alright, though.
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes