스크린 샷
글 수 7,287

제목 : 선우님 보시와요~~ㅋㅋ

OldMaC

 

정리가 되지않아 중복되는 레지들이 있으니 그려러니하면서 넘어가 주세요.

정식으로 포스팅할 때는 정리할테니.... 근데 언제할지 미지수 입니다. ^^;

 

Dism++에서 선우님 Wim 파일을 G:\01 폴더에 마운트한 상태이고,

하이브로드도 Dism++에서 레지들을 추출한 상태이니 하이브경로는 바꾸어 작업하시면됩니다.

 

 

1. 빌드할 때 어드민계정 포함과 미포함 2가지를 만들어 어드민 계정에 부족한 레지들 추출

- 이 부분이 없으면 어드민계정 부팅이 안되니 기본적으로 추가시겨 주어야합니다.

 

하이브 경로...

{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SOFTWARE

 

-------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"DSCAutomationHostEnabled"=dword:00000002
"EnableCursorSuppression"=dword:00000001
"EnableFullTrustStartupTasks"=dword:00000002
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000000
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableUwpStartupTasks"=dword:00000002
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"SupportFullTrustStartupTasks"=dword:00000001
"SupportUwpStartupTasks"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000

;어드민계정으로 가능하게 해주는 레지 부분
;[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
;"DefaultUserName"="Administrator"
;"EnableSIHostIntegration"=dword:00000000
;"Userinit"="X:\\Windows\\system32\\userinit.exe,PECMD.EXE MAIN -user X:\\windows\\System32\\SwitchToAdminLogon.ini,"
;"AutoAdminLogon"=dword:00000001
;"DefaultPassword"=""

;[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts]

;[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
;"Guest"=dword:00000000
 

-------------------------------------

 

하이브 경로....

{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM

 

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\ControlSet001\Services\gpsvc]
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,4d,00,75,00,70,00,\
  00,00,00,00
"Description"="@gpapi.dll,-113"
"DisplayName"="@gpapi.dll,-112"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"Group"="ProfSvc_Group"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
  00
"ObjectName"="LocalSystem"
"PreshutdownTimeout"=dword:000dbba0
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
  00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,00,65,00,4f,00,77,00,\
  6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,\
  73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,\
  50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,\
  65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,\
  4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,50,00,\
  65,00,72,00,6d,00,61,00,6e,00,65,00,6e,00,74,00,50,00,72,00,69,00,76,00,69,\
  00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,\
  6f,00,77,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,\
  50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,\
  00,65,00,73,00,74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,\
  72,00,65,00,61,00,74,00,65,00,50,00,61,00,67,00,65,00,66,00,69,00,6c,00,65,\
  00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\ControlSet001\Services\gpsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  67,00,70,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="GroupPolicyClientServiceMain"

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\ControlSet001\Services\gpsvc\Security]
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,c0,14,00,02,00,0d,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,5c,00,04,00,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,8d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
  00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,01,00,00,00,00,\
  00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\ControlSet001\Services\gpsvc\TriggerInfo]

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\ControlSet001\Services\gpsvc\TriggerInfo\0]
"Action"=dword:00000001
"Data0"=hex:32,00,45,00,42,00,30,00,38,00,45,00,33,00,45,00,2d,00,36,00,33,00,\
  39,00,46,00,2d,00,34,00,66,00,62,00,61,00,2d,00,39,00,37,00,42,00,31,00,2d,\
  00,31,00,34,00,46,00,38,00,37,00,38,00,39,00,36,00,31,00,30,00,37,00,36,00,\
  00,00
"DataType0"=dword:00000002
"GUID"=hex:67,d1,90,bc,70,94,39,41,a9,ba,be,0b,bb,f5,b7,4d
"Type"=dword:00000006

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\ControlSet001\Services\seclogon]
"DisplayName"="@%SystemRoot%\\system32\\seclogon.dll,-7001"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,73,00,\
  79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,\
  00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,\
  74,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000003
"Type"=dword:00000020
"Description"="@%SystemRoot%\\system32\\seclogon.dll,-7000"
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,\
  6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,\
  69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,\
  00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,\
  6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,\
  61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\ControlSet001\Services\seclogon\Parameters]
"ServiceDll"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,73,\
  00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,65,00,63,00,6c,00,\
  6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="SvcEntry_Seclogon"

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\ControlSet001\Services\seclogon\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,70,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,dd,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
  00,14,00,cd,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,dd,01,\
  02,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
  00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\ControlSet001\Services\TrustedInstaller]
"BlockTime"=dword:00002a30
"BlockTimeIncrement"=dword:00000384
"Description"="@%SystemRoot%\\servicing\\TrustedInstaller.exe,-101"
"DisplayName"="@%SystemRoot%\\servicing\\TrustedInstaller.exe,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"Group"="ProfSvc_Group"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,65,00,72,00,76,00,69,00,63,00,69,00,6e,00,67,00,5c,\
  00,54,00,72,00,75,00,73,00,74,00,65,00,64,00,49,00,6e,00,73,00,74,00,61,00,\
  6c,00,6c,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00
"ObjectName"="localSystem"
"PreshutdownTimeout"=dword:0036ee80
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000010

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\ControlSet001\Services\TrustedInstaller\Security]
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\
  00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
  00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\
  00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,02,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\
  00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\
  00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\
  00,20,02,00,00


[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\CurrentControlSet\Services\gpsvc]
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,4d,00,75,00,70,00,\
  00,00,00,00
"Description"="@gpapi.dll,-113"
"DisplayName"="@gpapi.dll,-112"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"Group"="ProfSvc_Group"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,20,00,2d,00,70,00,00,\
  00
"ObjectName"="LocalSystem"
"PreshutdownTimeout"=dword:000dbba0
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
  00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,61,00,6b,00,65,00,4f,00,77,00,\
  6e,00,65,00,72,00,73,00,68,00,69,00,70,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,\
  73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,\
  50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,\
  65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,\
  4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
  00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,50,00,\
  65,00,72,00,6d,00,61,00,6e,00,65,00,6e,00,74,00,50,00,72,00,69,00,76,00,69,\
  00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,68,00,75,00,74,00,64,00,\
  6f,00,77,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,00,69,00,76,00,65,00,72,00,\
  50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,\
  00,65,00,73,00,74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,\
  65,00,67,00,65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,\
  72,00,65,00,61,00,74,00,65,00,50,00,61,00,67,00,65,00,66,00,69,00,6c,00,65,\
  00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\CurrentControlSet\Services\gpsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  67,00,70,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="GroupPolicyClientServiceMain"

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\CurrentControlSet\Services\gpsvc\Security]
"Security"=hex:01,00,14,80,8c,00,00,00,98,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,c0,14,00,02,00,0d,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,5c,00,04,00,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,8d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
  00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,01,00,00,00,00,\
  00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\CurrentControlSet\Services\gpsvc\TriggerInfo]

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\CurrentControlSet\Services\gpsvc\TriggerInfo\0]
"Action"=dword:00000001
"Data0"=hex:32,00,45,00,42,00,30,00,38,00,45,00,33,00,45,00,2d,00,36,00,33,00,\
  39,00,46,00,2d,00,34,00,66,00,62,00,61,00,2d,00,39,00,37,00,42,00,31,00,2d,\
  00,31,00,34,00,46,00,38,00,37,00,38,00,39,00,36,00,31,00,30,00,37,00,36,00,\
  00,00
"DataType0"=dword:00000002
"GUID"=hex:67,d1,90,bc,70,94,39,41,a9,ba,be,0b,bb,f5,b7,4d
"Type"=dword:00000006

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\CurrentControlSet\Services\seclogon]
"DisplayName"="@%SystemRoot%\\system32\\seclogon.dll,-7001"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,73,00,\
  79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,\
  00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,\
  74,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000003
"Type"=dword:00000020
"Description"="@%SystemRoot%\\system32\\seclogon.dll,-7000"
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,74,00,\
  6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,\
  00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,00,76,00,\
  69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,\
  00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,\
  6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,\
  61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,\
  00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,\
  72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\CurrentControlSet\Services\seclogon\Parameters]
"ServiceDll"=hex(2):25,00,77,00,69,00,6e,00,64,00,69,00,72,00,25,00,5c,00,73,\
  00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,65,00,63,00,6c,00,\
  6f,00,67,00,6f,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceMain"="SvcEntry_Seclogon"

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\CurrentControlSet\Services\seclogon\Security]
"Security"=hex:01,00,14,80,a0,00,00,00,ac,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,70,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,dd,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
  00,14,00,cd,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,dd,01,\
  02,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
  00,01,01,00,00,00,00,00,05,12,00,00,00


[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\CurrentControlSet\Services\TrustedInstaller]
"BlockTime"=dword:00002a30
"BlockTimeIncrement"=dword:00000384
"Description"="@%SystemRoot%\\servicing\\TrustedInstaller.exe,-101"
"DisplayName"="@%SystemRoot%\\servicing\\TrustedInstaller.exe,-100"
"ErrorControl"=dword:00000001
"FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
"Group"="ProfSvc_Group"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,65,00,72,00,76,00,69,00,63,00,69,00,6e,00,67,00,5c,\
  00,54,00,72,00,75,00,73,00,74,00,65,00,64,00,49,00,6e,00,73,00,74,00,61,00,\
  6c,00,6c,00,65,00,72,00,2e,00,65,00,78,00,65,00,00,00
"ObjectName"="localSystem"
"PreshutdownTimeout"=dword:0036ee80
"ServiceSidType"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000010

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\CurrentControlSet\Services\TrustedInstaller\Security]
"Security"=hex:01,00,14,80,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\
  00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
  00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\
  00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,02,00,01,02,00,00,00,00,00,05,\
  20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\
  00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\
  00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\
  00,20,02,00,00

 

 

2. 시스템계정에서 어드민계정으로 전환하면 System32 폴더에 "SwitchToAdmin.log" 파일과 "SwitchToAdminLogon.log"이 생길 것입니다.

- 이놈 2가지를 살펴보면 부팅에 필요한 정보가 숨겨져 있어서, 저는 이놈들로 부팅요소를 찾았습니다.

- 하이브 경로들은 바로 알아 볼 수 있죠?

 

시스템계정_부팅영역.png

 

 

- RunOnce.reg 부분 추가.....

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Users/Default/ntuser.dat\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"PinTool"=hex(2):50,00,69,00,6e,00,54,00,6f,00,6f,00,6c,00,2e,00,65,00,78,00,\
  65,00,20,00,2d,00,64,00,65,00,62,00,75,00,67,00,20,00,25,00,57,00,69,00,6e,\
  00,64,00,69,00,72,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
  32,00,5c,00,57,00,69,00,6e,00,31,00,30,00,50,00,45,00,2e,00,63,00,66,00,67,\
  00,00,00
"Autorun"="Autorun.exe"
"PENetwork"=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,44,00,72,00,\
  69,00,76,00,65,00,25,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,\
  00,46,00,69,00,6c,00,65,00,73,00,5c,00,50,00,45,00,4e,00,65,00,74,00,77,00,\
  6f,00,72,00,6b,00,5c,00,50,00,45,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,\
  00,2e,00,65,00,78,00,65,00,22,00,00,00
 

RunOnce.reg부분.png

 

 

- Session Manager.reg 부분 추가.....

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):6c,00,6f,00,61,00,64,00,57,00,6f,00,57,00,36,00,34,00,2e,\
  00,65,00,78,00,65,00,00,00,61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,\
  6b,00,20,00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2f,00,6b,00,3a,\
  00,43,00,20,00,2f,00,6b,00,3a,00,44,00,20,00,2f,00,6b,00,3a,00,44,00,20,00,\
  2f,00,6b,00,3a,00,45,00,20,00,2f,00,6b,00,3a,00,46,00,20,00,2f,00,6b,00,3a,\
  00,47,00,20,00,2f,00,6b,00,3a,00,48,00,20,00,2f,00,6b,00,3a,00,49,00,20,00,\
  2f,00,6b,00,3a,00,4a,00,20,00,2f,00,6b,00,3a,00,4b,00,20,00,2f,00,6b,00,3a,\
  00,4c,00,20,00,2f,00,6b,00,3a,00,4d,00,20,00,2f,00,6b,00,3a,00,4e,00,20,00,\
  2f,00,6b,00,3a,00,4f,00,20,00,2f,00,6b,00,3a,00,50,00,20,00,2f,00,6b,00,3a,\
  00,51,00,20,00,2f,00,6b,00,3a,00,52,00,20,00,2f,00,6b,00,3a,00,53,00,20,00,\
  2f,00,6b,00,3a,00,54,00,20,00,2f,00,6b,00,3a,00,55,00,20,00,2f,00,6b,00,3a,\
  00,56,00,20,00,2f,00,6b,00,3a,00,57,00,20,00,2f,00,6b,00,3a,00,59,00,20,00,\
  2f,00,6b,00,3a,00,5a,00,20,00,2a,00,00,00,00,00
 

Session Manager.reg 부분.png

 

 

- Setup.reg 부분 추가.....

^^; 제가 이 부분을 찾지 못해서 헤매고 있던 부분인데 플라워님이 가르쳐 주셔서 부팅이 가능했습니다.

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\{bf1a281b-ad7b-4476-ac95-f47682990ce7}G:/01/Windows/System32/config/SYSTEM\Setup]
"CmdLine"="Pecmd.exe Main %Windir%\\system32\\SwitchToAdmin.ini"
 

 

---------------------------

 

이렇게 레지를 추가하고 바로 테스트하시면 현재 주신 PE도 바로 어드민계정으로 부팅이 가능합니다.

 

이제 PE에 필요한 부분을 만져야하는데....

 

- 다른 고수님 어드민 PE를 참조해서

- autorun.cmd / pecmd.ini / SwitchToAdminLogon.ini 파일들을 어드민 계정에 맞춰 수정하면 됩니다.

 

그리고 추가된 부팅 시작항목 레지중에 "PinTool" 항목은 수정해 사용하세요.

위 처음 레지부터 살펴보면 Pin 을 설정하는 부분이 한군데 더 나와요...

 

정리해서 글을 써야하는데 제가 다른 공부중이라 잊어버릴 것 같아 급하게 작업합니다.

 

아참.... 이렇게 부팅이 가능한 조건은 빌드 시

Sofeware 레지DB를 체크한 상태가 전제 조건입니다.

이 부분을 체크하지않고 빌드하면 파일들이 부족하고, 또 어드민계정에 레지도 부족합니다.

부족한 레지 부분은 플라워님이 설명했습니다.

https://windowsforum.kr/lecture/10050614

 

그리고 부족한 파일은...
WINDOWS 폴더에....


├─INF
│      wvmic_ext.inf
│      
├─security
│  ├─ApplicationId
│  │  └─PolicyManagement
│  │          AppIdPolicy.xsd
│  │          
│  ├─audit
│  ├─cap
│  └─EDP
├─System32
│  │  activeds.dll
│  │  adsldpc.dll
│  │  apprepapi.dll
│  │  AuthExt.dll
│  │  autorun.cmd
│  │  BCP47mrm.dll
│  │  certca.dll
│  │  certcli.dll
│  │  CredDialogBroker.dll
│  │  CredProv2faHelper.dll
│  │  CredProvDataModel.dll
│  │  credprovhost.dll
│  │  credprovs.dll
│  │  credprovslegacy.dll
│  │  cscdll.dll
│  │  dfscli.dll
│  │  Faultrep.dll
│  │  FontGlyphAnimator.dll
│  │  gpsvc.dll
│  │  hnetcfg.dll
│  │  logoncli.dll
│  │  LogonController.dll
│  │  LogonUI.exe
│  │  msiltcfg.dll
│  │  mtxex.dll
│  │  nlaapi.dll
│  │  pecmd.ini
│  │  profext.dll
│  │  profprov.dll
│  │  profsvc.dll
│  │  profsvcext.dll
│  │  runas.exe
│  │  runonce.exe
│  │  SecEdit.exe
│  │  Sens.dll
│  │  SensApi.dll
│  │  SwitchToAdmin.ini
│  │  SwitchToAdminLogon.ini
│  │  threadpoolwinrt.dll
│  │  tscon.exe
│  │  tsdiscon.exe
│  │  userinit.exe
│  │  usermgr.dll
│  │  usermgrcli.dll
│  │  UserMgrProxy.dll
│  │  weretw.dll
│  │  WerFault.exe
│  │  wersvc.dll
│  │  whoami.exe
│  │  wincorlib.dll
│  │  Windows.Globalization.Fontgroups.dll
│  │  Windows.Internal.UI.Logon.ProxyStub.dll
│  │  Windows.System.RemoteDesktop.dll
│  │  Windows.UI.CredDialogController.dll
│  │  Windows.UI.Logon.dll
│  │  Windows.UI.Xaml.dll
│  │  Windows.UI.Xaml.Resources.rs4.dll
│  │  Windows.UI.XamlHost.dll
│  │  wmiclnt.dll
│  │  
│  ├─en-US
│  │      gpsvc.dll.mui
│  │      runas.exe.mui
│  │      secedit.exe.mui
│  │      tscon.exe.mui
│  │      tsdiscon.exe.mui
│  │      whoami.exe.mui
│  │      windows.ui.xaml.dll.mui
│  │      
│  └─ko-KR
│          activeds.dll.mui
│          AuthExt.dll.mui
│          certca.dll.mui
│          certcli.dll.mui
│          CredDialogBroker.dll.mui
│          CredProv2faHelper.dll.mui
│          credprovhost.dll.mui
│          credprovs.dll.mui
│          credprovslegacy.dll.mui
│          faultrep.dll.mui
│          gpsvc.dll.mui
│          hnetcfg.dll.mui
│          LogonController.dll.mui
│          profext.dll.mui
│          profsvc.dll.mui
│          runas.exe.mui
│          runonce.exe.mui
│          secedit.exe.mui
│          sens.dll.mui
│          tscon.exe.mui
│          tsdiscon.exe.mui
│          userinit.exe.mui
│          usermgr.dll.mui
│          WerFault.exe.mui
│          wersvc.dll.mui
│          whoami.exe.mui
│          Windows.UI.CredDialogController.dll.mui
│          windows.ui.xaml.dll.mui
│          
├─SystemResources
│  ├─Windows.UI.Cred
│  │  │  Windows.UI.Cred.pri
│  │  │  
│  │  └─pris
│  │          Windows.UI.Cred.ko-KR.pri
│  │          
│  ├─Windows.UI.Logon
│  │  │  Windows.UI.Logon.pri
│  │  │  
│  │  └─pris
│  │          Windows.UI.Logon.ko-KR.pri
│  │          
│  └─Windows.UI.ShellCommon
│      │  Windows.UI.ShellCommon.pri
│      │  
│      ├─ActionCenter
│      │  └─Assets
│      │      └─Fonts
│      ├─ClockFlyoutExperience
│      │  └─Assets
│      │      └─Fonts
│      │              CoreMDL2.1.69.ttf
│      │              
│      ├─pris
│      │      Windows.UI.ShellCommon.ko-KR.pri
│      │      
│      ├─SharePickerUI
│      │  └─Assets
│      │      └─Fonts
│      │              SharMDL2.ttf
│      │              
│      └─StartUI
│          └─Assets
│              └─Fonts
│                      BitMDL2.ttf
│                      SkypeUISymbol-Regular.ttf
│                      
└─WinSxS
    ├─amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.17134.1_none_d3691f50bbf5e7a6
    │      defltbase.inf
    │      defltrdsh.inf
    │      defltwk.inf
    │      dwup.inf
    │      puwk.inf
    │      
    └─Manifests
            amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.17134.1_none_d3691f50bbf5e7a6.manifest
            
이렇게 됩니다. ^^;

 

생각나는데로 적습니다. 그래도 고민하고 계신 부분이라 금방 알아보실거예요...ㅋㅋ

설명이 부족한 부분은 댓글로 대신합니다.

 

 

 

 

 

 

첨부 :
시스템계정_부팅영역.png (40.3KB)(3)
RunOnce.reg부분.png (45.8KB)(5)
Session Manager.reg 부분.png (54.4KB)(4)
조회 :
1010
추천 :
9
등록일 :
2018.04.27
23:22:11
게시글 주소 :
https://windowsforum.kr/gallery/10056041
홈으로 위로 목록

댓글 [15]

cungice

2018.04.27
23:38:07

노고가 많으셨습니다. 감사합니다.

미르[龍]

2018.04.27
23:39:55

수고하셨습니다.....

lakeside

2018.04.27
23:53:48

보기만 해도 아찔하네요. 선우님은 알아보시겠죠...

왕초보

2018.04.28
00:22:43

선우님께서 많이 행복하실것 같습니다..

PE를 2개나 빌드하셔서..레지를 자체를 비교를 하여 주셨네요...

덕분에 많은 공부가 될것 같습니다...

 

좋은 정보를 알려주셔서 감사합니다..

선우

2018.04.28
00:26:46

ㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷㄷ 올드맥 사부님의 노고에 머리숙여 감사 드리옵니다

입문자의 눈에는 그저 까만것은 글자요 흰것은 윈포 게시판 으로만 보이고 눈이 뱅글뱅글 돌아갈뿐 뭐가 뭔지

하나도 모르겠사옵니다 사실 flower3 사부님의 포스팅을 보고 열심히 추가하고 고치고 하여 보았는데 부팅시

어드민으로 바로 진입은 하는데 곧장 까아만 화면에 마우스 포인트만 존재할뿐 바탕화면을 허락치 않더군요

미리 모든것을 꿰뚫어 보시는 올드맥 사부님이 존경 스럽습니다 이 많은 공부를 언제나 다 해볼런지요

우선 부랴부랴 캡쳐 해두고 제가 어느 수준에 오르는 그날 큰 도움이 되는 참고서로 삼겠습니다 대단히 감사합니다~~꾸벅

 

OldMaC

2018.04.28
02:03:13

^^; 레지경로로 가셔서 확인을....

그리고 현재 PE에는 2번의 3가지 레지만 추가시키면 바로 부팅이 가능할 것 입니다.

 

 

flower3

2018.04.28
02:20:34

아이구,, 뭐가 잘 안 되시나 보군요... 잘 될 때까지 화이팅~ ^^

 

 

왕초보

2018.04.28
10:14:21

오늘도..좋은 정보와 자료를 챙겨주시네요...

감사합니다....

 

토요일입니다..마음편하신 하루가 되시길 바랍니다..

flower3

2018.04.28
02:10:31

17134 에서 더 필요로 하는 파일이 있는지 비교 좀 해야겠습니다.

지금 파일 항목중에 제 눈에 낯선 wvmic_ext.inf 파일이 어디에 필요한지 살펴봐야겠네요.

고생하셨습니다.

---

금방 열어보니 Microsoft Hyper-V 보이는 것이 가상에서 필요한 파일이나 보군요, 참고되었습니다

 

진이아빠

2018.04.28
05:39:46

고생하셨습니다

Alkong

2018.04.28
08:14:51

수고하셨습니다 !!!

슬이와찬

2018.04.28
09:21:49

와우~ 이렇게 자세히 설명해주시는 친절한 OldMaC님~

복태취업했다

2018.04.28
09:49:15

고생많으셨어요.전  머리가 못따라가요. 버퍼링발생중 덜덜덜 

온데만데

2018.04.28
10:50:58

고수분들껜 실례의 말씀이지만

초보에겐 거의 난수표 수준이랍니다....ㅎ

작품 하나가 탄생하기에 얼마나 어려운 작업이

함께 해야하는지 여실히 보여주는 장면같습니다.

알콩달콩 대화가 멋집니다. 늘 감사한 분들입니다.

갑파니

2018.04.28
12:55:02

공부할게 또 생기네요~
좋은 정보 감사합니다.
주말 잘 보내세요~^^

List of Articles
조회 추천
[공지] 스크린샷 업로드 유의사항 3
홈으로 위로 목록
XE1.11.6 Layout1.4.8