
hey, its me again – bringing back a functionality that was removed from microsoft since Windows 2012 (or Windows 8), yay. this is not the first time that im coding a tool to recreate a missing feature that was working in older Windows versions (check my blog for volume.exe).
UPDATE 02.10.2018: Version 1.7.1 fixed false positive detections for some AV (incl. Defender)
UPDATE 23.08.2018: Version 1.7 adds get and del parameters, comment char # for config files, EULA
UPDATE 17.06.2018: Version 1.6 adds support for protocols (except http and https) on build 1607 and lower
UPDATE 14.12.2017: Version 1.5 adds support for Windows 8.x and Server 2012/R2
UPDATE 10.12.2017: Version 1.4 adds support for protocols like mailto, https, etc. (only for 1703 and up)
UPDATE 26.11.2017: Version 1.3 can now set multiple file type associations based on a config file.
UPDATE 04.11.2017: Version 1.2 completely rewritten in C to avoid AV false positives.
UPDATE 29.10.2017: Version 1.1.1 includes small changes due AV false positive detections.
UPDATE 28.10.2017: Version 1.1 can now check for Group Memberships.
SetUserFTA sets User File Type Associations per command line or script on Windows 8/10 and Server 2012/2016/2019.
ATTENTION: Windows 1803 and 1809 have an issue with file type associations after the october update. Microsoft is working on a resolution and estimates a solution will be available in late November 2018. UPDATE 06.12.2018: Microsoft has released a fix for 1803 (KB4467682) and (KB4469342) for 1809.
the story:
recently i had to fight a lot with windows file type associations. microsoft changed the way how it works drastically and it is a pain for an administrator to set or to roam FTA’s. if you followed my blog, you noticed that i already have two posts about FTA on server 2016. hopefully this one will be the last – because its the missing piece of the puzzle!
i will just quote microsoft on this issue (or feature?):
In Pre-Win 8, apps could set the default handler for a file type/protocol by manipulating the registry, this means you could easily have a script or a group policy manipulating the registry. However In Win 8, the registry changes are verified by a hash (unique per user and app) that detects tampering by apps. In the absence of a valid hash, we ignore the default in the registry.
Microsoft offers a solution with GPO, but it is Computer-based and not User-based – and rather complicated. this means, you can not associate your Users on the same Server/Client with different file types. for example:
you have a PDF viewer and a PDF editing software on your XenApp server. Now you want that a certain group opens their PDF’s in the editor and the others only in the viewer (for licensing reasons for example). this is NOT possible anymore and Microsoft states “it is by design” and “this is a security measure”.
the hash is secret. Microsoft will not share it with you and obviously doesnt even share it with Citrix – this made me angry and angry me doesnt like a broken system. because i am into reverse engineering and security, i decided to look for the hash algorithm – and yes, i succeeded.
but ever thought about why microsoft is doing this? is it really about malware hijacking or maybe it is all about “setting our defaults and you must accept them”? why not simply display a popup where the user has to confirm an FTA change?
<TL><DR>
a filetype is protected by a hash in the user registry – for example:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice\Hash
if the secret hash doesn’t match, the file type association is not being used and the system default kicks in.
SetUserFTA generates this secret hash for a supplied extension.
</TL></DR>
how to use SetUserFTA:
i made it very easy for you and the only thing you have to supply is the extension and the ProgId (optional since Version 1.1, a groupname). it works just like assoc.exe:
SetUserFTA.exe extension progid (optional:Groupname)
or
SetUserFTA.exe configfile
and since v1.7
SetUserFTA.exe get
will show all protected filetypes, just like GetUserFTA
SetUserFTA.exe del extension
will delete an association from the user registry
Example:
SetUserFTA.exe .pdf AcroExch.Document.DC
this will associate .pdf file with Acrobat Reader for the current user.
SetUserFTA.exe .pdf AcroExch.Document.DC “Adobe Acrobat Users”
this will associate .pdf files with Acrobat Reader only if the current user is member of the “Adobe Acrobat Users” group. if the group contains spaces, you must use quotes.
SetUserFTA.exe \\mydomain.local\fileshare\SetUserFTAconfig.txt
this will read all associations from the config file and set them. the file can be on a share or locally. just add every filetype on a new line like this:
.pdf, AcroExch.Document.DC, GRP_Adobe_Reader
values have to be separated by a comma. the group is optional.
using a config file, group names with spaces must not use quotes (but using SetUserFTA per command line they have to).
Note: you can supply a domain with the group name like “DOMAIN\Adobe Reader” or even in UPN format.
a valid config file could look like this (since v1.7 you can add comments by starting a line with #):
to create such a config file, you can run “SetUserFTA get >config.txt“. since version 1.4 SetUserFTA also supports protocol handlers in the config file (mailto, https, http, etc) – but http and https will be ignored on Windows 1607. use SetDefaultBrowser instead.
you can find the ProgId’s also in the registry or with assoc.exe. the easiest way to get what you need, is to manually associate a software with a filetype and then use “SetUserFTA get” or check this registry key for the values (replace .log with your extension):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\UserChoice
SetUserFTA will get the current users SID, the registry timestamp and calculates the hash. it will write it (including the ProgId and the extension) to the user registry under the subkey referenced above.
how can i deploy this?
here are some ideas (if i missed a good one, please let me know):
- use the logon script feature in a GPO (my favorite way)
- powershell login script in a GPO
- a legacy bat/cmd logonscript
- the Run or RunOnce registry key in HKEY_CURRENT_USER
- the startup folder in the startmenu
- any software deployment solution like SCCM
- a scheduled task
- GPO: User Configuration\Administrative Templates\System\Run These Programs at User Logon
- Citrix WEM (blog post by James Kindon)
- VMware UEM (blog post by Ivan de Mes)
its up to you. be creative 😉
IMPORTANT: SetUserFTA must run in the users context – no administrative or system privileges. sometimes the timing can be important aswell – make sure it runs after the profile of the user is loaded.
Example:
Tips:
here are some tips which can help you to find the associations that you need:
- assoc.exe | find “.txt” – this will list the ProgId for txt files
- ftype.exe | find “txtfile” – will list the executable associated with the ProgId txtfile
- reg.exe query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice /v ProgId – gets the ProgId of the User FTA for your file extension
- if you encounter a ProgId that looks like “Applications\uedit64.exe“, you need to deploy the corresponding entry from “HKEY_CURRENT_USER\SOFTWARE\Classes” aswell. to roam it with UPM in a Citrix environment you can use my workaround.
- you can override HKLM associations (ProgId’s) in HKCU. for example: HKEY_CLASSES_ROOT\.vsdx can be imported to HKEY_CURRENT_USER\SOFTWARE\Classes\.vdx and then it will be prefered. if you do that, you need to roam it properly (UsrClass.dat).
- if you still see the OpenWith dialog (especially after adding new applications: “keep using this app“) you can disable this feature with this registry key:[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer]
“NoNewAppAlert”=dword:00000001
this registry key also works with HKEY_CURRENT_USER!
the GPO Do not show the ‘new application installed’ notification (Windows Components, File Explorer) will only work on HKLM – but its also an option to disable this popup
F.A.Q.
where did you get the hash algorithm from?
i reverse engineered it.
does this mean you did reverse engineer windows itself to recover the algorithm?
exactly.
which tools did you use for that?
which language have you used to code the app?
v1.0 – v1.1.1: assembly. compiled in Tasm (Borland Turbo Assembler) – i know, very oldschool.
v1.2 and up: gcc and Microsoft Macro Assembler (to create an obj file).
v1.4 is now fully coded in C/gcc
v1.7 is compiled in tcc
v1.7.1 is using gcc again, because tcc caused to many antivirus false positives
by assembler you mean machine code?
yes.
which platforms does this work on?
i have tested it on windows 8/10 and server 2012/2016/2019 up to build 1809.
is it 32bit compatible?
yes. x64 and x86 (the binary is 32bit).
can i have the source code?
no.
is unicode supported?
group names can contain unicode characters, but extensions or ProgId’s not. the “get” parameter supports unicode already.
can it also generate hashes for protocols (http, mailto, etc)?
yes, but http and https wont work on 1607 or lower. please use my SetDefaultBrowser instead.
are there any other limitations?
not at the moment. version 1.2 adds verbose output and some basic error handling.
can i break something with your app?
not really. the only thing that can go wrong are the file type associations, but it will only affect the current user and not the machine. the del parameter is destructive, but if you do something wrong, it can be fixed by using SetUserFTA again with proper parameters.
which privileges are needed to run this app?
just plain user privileges.
thats great work, can i donate somehow?
yeah – see below the paypal button.
Download
here you can download SetUserFTA v1.7.1. SHA256 hashes below.
SetUserFTA.zip:d551295c779bdb3750ddba8e781c21a3dd42a55578f818e9c789b2ba1b4dcf47 SetUserFTA.exe:791dc39f7bd059226364bb05cf5f8e1dd7ccfdaa33a1574f9dc821b2620991c2
Version 1.1 – adds support for group membership checking
Version 1.2 – is completely rewritten in C. it also offers now verbose output on errors
Version 1.3 – new funtionality: multiple file type associations with a configuration file
Version 1.4 – support for protocols like mailto, https, http, etc (only for Windows 1703 and newer)
Version 1.5 – support for Windows 8.x and Server 2012/R2
Version 1.6 – added protocols (except http and https) support on 1607 or lower builds
Version 1.7 – get and del parameters added, # char for comments in config files, EULA
Version 1.7.1 – fixes false positive antivirus detections
help to keep this project and this blog alive – consider donating:
if you prefer cryptocurrencies, please contact me for the details.Thank you!
please report issues to bugs @ mydomain. thanks.
Hello, thanks for your work.
I cannot execute your exe, getting this error :
SetUserFTA.exe is not a win32 Valid application.
Unziping the archive also give an error (Data Error)
this is most likely caused by your antivirus software – this version gets a lot of false positives. i am working on a new version that will resolve that issue.
UPDATE: try with version 1.2. its completely rewritten and should work fine now.
This tool is a life saver for anyone that is responsible for an environment that has Windows 10 or Server 2016. Thank you!
Awesome article and this has helped me greatly. I have been able to associate PDF to Adobe reader but it does not look like I have gotten it done completely. When I double click on a PDF file I get an error saying “There was an error opening this document. this file cannot be found”. I get this 5-6 times and then it goes away. With Adobe reader open I then click file, open and choose the exact same file I just double clicked on and it opens perfectly. What am I missing?
did you try that with different pdf files? from where do you open them? network drive? does the same happen from a local drive?
Hello,
i am trying to do it with logo script by gpo and its not working. when i am running it from command line on the user session is it work.
do you have any ideal what is the reason?
have you tried to disable the logon script delay?
https://support.microsoft.com/en-us/help/2895815/logon-scripts-do-not-run-for-five-minutes-after-a-user-logs-on-to-a-wi
can you try to run the exe with: https://support.microsoft.com/en-us/help/240791/how-to-run-programs-automatically-when-a-user-logs-on
How many hours did I spend searching for a solution before finding that tool?
Anyway, thanks a lot, the time saved will be incredible.
For some reason, however, the tool only works for our computers in English. I guess the “experience” string might change according to the language.
the string is hardcoded and cannot change. but maybe the filetype string changes? maybe this is caused by special letters (unicode characters maybe?)
can you give me an example of something that is not working? which filetype and which progid doesnt work?
I tried SetUserFTA.exe .pdf AcroExch.Document.DC
I checked the progID, it doesn’t change with the language.
The Bios ends up unmodified (= on microsoft Edge).
thats fine then. which language are you using? actually microsoft os is always english, they just use language packs, so this can not be an issue. which operating system and which build are you using?
We’re using Windows 10 Enterprise, build 1703, in French.
I will run tests with other software/file types.
are you running SetUserFTA manually or with a script?
I started with a script, which worked on English builds, then noticed it didn’t work on a French build. When I tried it manually, it didn’t work either.
However, on a computer that was installed in English, then swithced to French, I don’t have any issue.
interesting – im pretty sure i tried it on german systems aswell. i have sent you an email 🙂
I see that you have recently added support for server 2012 R2. Does this include protocols? I am specifically looking for a Mailto protocol and to associate it with Office 2013. No matter how I configure it I cannot get it to go to outlook.
SetUserFTA.exe mailto, Outlook.URL.mailto.15 or by pointing it to a config file I pull from GetUserFTA I cannot make it point to Outlook.
no. protocols only work on Windows 1703 and higher. that is because in older versions you need to specify the path of the protocol app aswell. i did only implement this in SetDefaultBrowser, but never for mailto. i might create a SetMailTo in the future, when i find time for it.
but if you want Outlook for all your users, you can of course use the AppAssoc.xml with dism and GPO to set your default mail client.
I was trying to use this tool to associate file extensions in Windows 10, but invoking from InstallShield script doesn’t runs. It seems like this tool doesn’t work with SYSTEM user previliges, since InstallShield script runs the process under SYSTEM user account. At the same time, You also have stated that “just plain user privileges” are needed to run. Any remedies for this situation?
the tool will run with system privileges, but then it will change the association only for the SYSTEM user. you cannot set user associations from a different context. you have to run it with the user that you want to set the associations. if you can apply the settings to all users on the same machine, please use the official microsoft solution: https://blogs.technet.microsoft.com/windowsinternals/2017/10/25/windows-10-how-to-configure-file-associations-for-it-pros/
my tool does exactly what microsoft doesnt offer: you can set associations per user instead of the machine, but for that you must run it in the user context. you can use startup, run, runonce or similar ways to make it run as a user – instead of using InstallShield.
Awesome tool! Is there any setting that can be made to prevent Windows from asking “How do you want to open this file?” So that the user has to tick the “alway use this app to open .xxx files” to prevent this from popping ?
where do you see that? which windows build and which filetype? actually my tool does exactly that – but if windows finds a new handler for a certain filetype, it might show that popup again.
Thank you so much for this amazing tool, after weeks of pulling my hair on how to change the file Assoc. You finally offered us the solution. I am using it with OSD on SCCM. One thing tho as mathias_k mentioned it prompt users with the “Ho do you want to open this file?” menu and has the box at the bottom “Always use this app to open” unticked. I have to mention I have ran it manually using the config.txt file on a running machine and worked fine didn’t get this pop up, but when it was part of the automated deployment the end users getting prompt with the menu I mentioned above. It’s not a big of a deal, just wanted to let you know about this behavior and thanks again for the amazing tool.
can you give me more information about the Windows version and the file type where this happens?
The windows version is Windows 10 1709, and it only did that with the .pdf extension, but worked fine when I assigned the .html to chrome and I didn’t get the prompt. However I have found a work around the issue and created this .reg file that disabled this “How do you want open this file” menu.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer]
“NoNewAppAlert”=dword:00000001
adding this key with your tool is all I needed to finish off my project. Thanks again :).
thanks a lot for this information. this is very helpful! cheers
Really nice work.
And I can at least partly understand why you do not want to release the source code. On the other hand, that unfortunately means I cannot make use of it, since I have some responsibilities towards my employer and my users.
i dont really understand your concern. windows is a closed-source OS and most of the applications on it as well. i have very well documented my work and its completely clean on virustotal. SetUserFTA has been downloaded multiple-thousand times and it has a very good reputation.
in my eyes an administrator has a responsibility yeah – bringing the best possible user experience to the users – and that is what my tools do 🙂
The challenge for me is that while Windows is a closed source system, it is approved. I’m looking to use this on a government owned system. Feel free to reach out to me to discuss options for meeting those guidelines.
sent you an email
WinServer 2016, 1607 not working
SetUserFTA.exe mailto, Outlook.URL.mailto.15
error: protocols are not supported on Windows 1607 and Windows 8/Server 2012
like the error states, my tool does not support protocols on 1607 – but i will release a tool for that soon.
the newest version of SetUserFTA now supports 1607
I have a strange behavior with this tool.
First of all i tried to set filetype .pdfxml / .acrobatsecruitysettings and that does not work. It will be ignored. Maybe filetype to long?
The second one is. I used an Configfile to get .pdf registered. It will be run as a task on logon of the user. Everything is fine. Reader is associated and opens fine. Then a gpupdate runs after some time and .pdf is reverted to Microsoft Edge.
Do you have a clue why?
We do not set the filetype elsewhere. This is on 1709 (16299.492).
the size of the extensions is max 255 chars, therefore it cant be too long. can you check with GetUserFTA if the entry is written? or manually in the registry under HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.extension -> here should be a UserChoice key and the hash should change every time when you run SetUserFTA.
when gpupdate changes a extension, there must be something in a policy. are you sure you dont have the “Configuration\Policies\Administrative Templates\Windows Components\File Explorer\Set a default associations configuration file” configured in a gpo?
Sorry my fault, it was the application\Acrord32.exe for both extensions. They are not very important so this does not matter. Currently it is to much work to put in all classes into each user.
The second one: We do not set default app association via GPO. I have exported and imported them with dism once and only on my computer. Maybe there is some sort of Problem.
Prior to this i deleted OEMDefaultAssociations.xml
I opened CMD
assoc | findstr “.pdf” Output: .pdf=AcroExch.Document.DC
GetUserFTA Output: .pdf, AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723
Then run: SetUserFTA .pdf AcroExch.Document.DC
Assoc | findstr “.pdf” Output: .pdf=AcroExch.Document.DC
GetUserFTA Output: .pdf, AcroExch.Document.DC
Run gpupdate
Assoc | findstr “.pdf” Output: .pdf=AcroExch.Document.DC
GetUserFTA Output: .pdf, AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723
I will check that on a clean system.
sorry for my late response. this comment landed in the spam box. but if the association is getting overwritten by a gpupdate, you most likely have the assoc.xml in a GPO somewhere.
https://blogs.technet.microsoft.com/windowsinternals/2017/10/25/windows-10-how-to-configure-file-associations-for-it-pros/
Great tool, Christoph. You really did a great job! I knew about the hash issue as I monitor registry changes before I try to reproduce them using scripts or batch-files. But I never thought that I would find a tool that can compute this hash.
A few remarks and questions: (Windows 10 Pro en-us 1803)
1) Regarding the config.txt file, I had to save it in ANSI to be able to use it. Otherwise I am getting an error message about a comma.
2) I use many portable apps (in folders on my HDD) – also video/music players.
So, I used SetUserFTA with a config.txt to associate over 100 extensions with ‘Applications\VLCportable.exe’. After that – as a test – I did the same with ‘Applications\SMPlayerPortable.exe’. And then again with ‘Applications\VLCportable.exe’.
But the ProgID ‘Applications\VLCportable.exe’ had been deleted!? How come?
I had to associate one video extension with VLCportable manually once again and then it worked again.
3) In your ‘tips’ it reads:
QUOTE
if you encounter a ProgId that looks like “Applications\uedit64.exe“, you need to deploy the corresponding entry from “HKEY_CURRENT_USER\SOFTWARE\Classes” as well.
UNQUOTE
This would apply to ‘Applications\VLCportable’, too. Can you please explain what exactly you mean here. For me there was no need to write anything else to the config.txt. but this
.3ga, Applications\VLCportable.exe
.669, Applications\VLCportable.exe
.a52, Applications\VLCportable.exe
…
4) Can you tell me the minimum requirements needed, to add e.g. a video player to the list to choose from in ‘Windows Default Apps’ settings? In the selection window for videos you would normally find only these:
– Movies & TV
– Photos
– Windows Media Player
– Look for an app in the Store
However, after I associated over 100 extension with VLCportable, I could find VLCportable there, too. How come?
Hope, these were not too many questions 🙂
Regards
Stefan
sorry for the late response, i was quite busy – that are a lot of questions… let me try to answer them all 🙂
– you are right about ansi. i never tried a different format and never had a request for it. unicode strings are not supported atm, but maybe i can address that in a future update
– i dont know why Applications\VLCportable.exe was deleted. SetUserFTA does only create the UserChoice keys and nothing else. all other registry keys must exist or be created before to have a proper association
– my note about HKEY_CURRENT_USER\SOFTWARE\Classes means exactly that. you must pre-create the key if you automate something with SetUserFTA. it has nothing to do with the config file from SetUserFTA at all
– i never analyzed what exactly is needed to show a program in the openwith dialog, because i dont even want to use it at all. users should not see that dialog at all in the best case and if all registry keys for a file associations match, you can avoid exactly that with SetUserFTA – but ill have a look. that is an interesting question 🙂
Thought I would receive an email notification about the approval of my comment and/or any answers or comments. That’s why it took me so long to realize that you already answered…
Now, thanks a lot for taking the time to answer my questions 🙂
Regarding the ANSI issue, this isn’t really a problem, but the user needs to know that it has to be ANSI. The error message doesn’t give you a clue what’s wrong. So, it might make sense to add a hint to the error message text.
But as far as I am concerned, now I know it 🙂
Thanks again and best regards,
Stefan
turns out, that wordpress does not do that without plugins. installed the corresponding plugins and you should get notified now. thanks for letting me know.
Email Notification:
Yes, now notification works 🙂
Thanks!
However, you cannot send a reply to the sender mail address. That’s why I’m answering here.
Mostly true, but you added some made up items. Why?
“this includes a funny detail – regdate is the timestamp of the UserChoice key in the registry. i didn’t even know that registry keys have timestamps and as soon you modify the key, it will change the timestamp and the hash is not correct anymore.”
Easily disprovable, given that the hash code is the same regardless of when the key and value are created.
“experience = “a microsoft secret string”; a static string (this is a dummy example, not the real string)”
No. Not part of the hash generation algorithm.
you are right when talking about Windows 8, but move on to Windows 10 to confirm that im not making up anything at all.
Interesting tool! But when i download this, Norman Virus Control gives an malware warning (Trojan.Heur.FU.dm0@aK5Dkooi) on the SetUserFTA.exe file. (How) can i safely use this?
this is a false positive – like the name already states its caused by heuristics. please try the older version, wich was compiled with a different compiler: https://kolbi.cz/SetUserFTA_v1.6.zip
Perfect! NVC is quit now 🙂
HI and thanks for a great tool!
Will there be added support for protocols? (http and https)
Do you have any tip on how to best handle these in the best way. Per user, not per machine.
Regards
Fredrik
This is in a Windows Server 2016, Terminal Server, Roaming profile environment.
this is not planned atm – if you want to change those protocols use my SetDefaultBrowser instead. what do you want to achieve exactly?
Hi and thanks for your quick reply.
I have now managed to achieve what I wanted by using a combination of SetDefaultBrowser and SetUserFTA.
I wanted the user to choose what Browser to be Default (IE vs Chrome), and that the browser choice settings will be kept at next login. 2016 Terminal Servers with Roaming Profiles.
I made a small app in PS where users can choose their default browser. This app run both your tools and also writes a Value to the HKCU in registry.
In GPO I have set Item-level targeting which looks for this registry value, and applies the correct browser with in a login script with your tools.
Seems to work perfect!
Thanks again 🙂
Hi Christoph, thank you for this nice tool! We have an issue with setting the file association for .XML. When we apply a config file, the associations for all other file extensions work except the XML that we try to associate with Excel. (.xml, Applications\EXCEL.EXE). If we associate .xml to Excel manually once and then for example assign it to Notepad, and then run SetUserFTA.exe again with the same config file it works. Can you explain this behavior? We have no policies that force xml associations what so ever. Hope to hear from you.
Ronald
most likely this means that Excel is not properly registered under Applications – but did you try to associate the xml with a already known progid like Excel.Sheet.12 (assuming its office 2016)?
SetUserFTA.exe .xml Excel.Sheet.12
Hi Christoph, that worked like a charm, thank you!
Hi Christoph, thank you very much for these nice utilities.
What about completely silent versions without console flashing window? Both Set* utilities.
how do you deploy them? because they are already silent – unless there is an error.
Hi, I’ve followed your documentation; I have a piece of software that uses a .dtd extension, I have added the reg key to HKCU/Software/Classes but running the SetUserFTA doesn’t appear to set the application that I want. It does however set Adobe Reader for .pdf under the same login script.
Is there any form of logging available so I can see where it is going wrong?
you can use “SetUserFTA.exe get” to see which associations are set for the current user. if there is something wrong, you can use “SetUserFTA.exe del” to remove an association.
if you are not sure what you exactly need, you can associate a filetype manually and then use “SetUserFTA.exe get” to see what windows changed. the easiest way to do that is just a right click on a file and select “open with, always use this app”. hope this helps.
That’s exactly what I did; set it manually and then ran the ‘SetUserFTA.exe get’ of which I get an entry like Applications\2ddes.exe. I’m not sure why it’s not applying all the associations I’ve set, it seems to do some such a .PDF but not this one or VLC for .mp4
if you get something like Applications\2ddes.exe then you must also roam or pre-create the entry under HKCU\Classes\Applications before using SetUserFTA.
Assume you mean HKCU/Software/Classes? I have that key applied on login before running SetUserFTA. Very odd. It seems HKEY_Classes_Root seems to be taking precendence still.
yeah sorry, it is HKEY_CURRENT_USER\Software\Classes\Applications. did you run a procmon to see if there is a key missing? also check if you have the file extension under HKEY_CURRENT_USER\Software\Classes too – this will override the file extension from HKEY_CLASSES_ROOT.
hi, i have reverse the hash algorithm too.MS call it some CS64??
but,in 17134(maybe later)?
file type Associations reg has be protect ACL
can not SetValue/delete value Hash or ProgId
so have any solution fix it in r3?
That protection is already in place on Windows 8 and on Windows 10 there is even an additional layer of security. If you managed to reverse the hash, you will also find ways to fix the ACL 🙂
oh yes i found it set acl access
thanks you
Thanks,This is a VERY useful tool, Microsoft are trying too hard to push their shitty browser (EDGE) and this is getting scary.. What will they do Next ? I may not be surprised if one day they decide to uninstall other web browsers (for security or another stupid reason like that).
Running a VirtusTotal scan on the newest version, I´m getting a flag
Ikarus – Trojan-Dropper.Win32.VB
Also tried with version 1.6 and get the same flag. Is there a reason to this?
https://www.virustotal.com/#/file/55b48c9e5b96f3cfd2d67543f08053204377c2355f7bae581f3b30e5281f377e/detection
yeah this is a false positive. Win32.VB is a Visual Basic Dropper and my tools are not even coded in Visual Basic.
Virus false positives:
VirusTotal
URL: http://kolbi.cz/SetUserFTA.zip
Erkennungsrate: 3 / 67
Analyse-Datum: 2018-11-07 09:52:24 UTC ( vor 0 Minuten )
Datei-Scan: Zu der Analyse der heruntergeladenen Datei wechseln
0 0
Analyse
Zusätzliche Informationen
Kommentare
Bewertungen
URL-Scanner Ergebnis
Sophos AV Malicious site
Avira (no cloud) Malware site
Kaspersky Malware site
ADMINUSLabs Clean site
AegisLab WebGuard Clean site
ich weiss, aber ich kann da leider nicht viel machen. die exe selber hat weniger false positives: https://www.virustotal.com/#/file/791dc39f7bd059226364bb05cf5f8e1dd7ccfdaa33a1574f9dc821b2620991c2/detection
witzig ist zwar, wenn man kolbicz.com oder kolbicz.ch benutzt, gibt es keinen hit:
https://www.virustotal.com/#/url/bc8c56e501599fac137d171fe299527c4b6fe01b066190facf8ccce5d028adcd/detection
https://www.virustotal.com/#/url/450e2cc414d8d194f086fc2c97bdded35c3adcbebcd85a4862f88481aeb59d9c/detection
das zeigt ja schonmal wie mies diese services eigentlich sind. pffft.
https://www.virustotal.com/#/url/450e2cc414d8d194f086fc2c97bdded35c3adcbebcd85a4862f88481aeb59d9c/detection
Sophos/Kaspersky stehen hier als unrated!
Die haben wohl meine anderen Domains noch nicht gescannt. Die sind auch nur halboffiziell, da manche Probleme mit der .cz Domain hatten. Aber ist auf jeden Fall mühsam… ich kann gegen diese false positives gar nichts unternehmen.
This tool has saved me so much frustration! Thank you.
Is there a way to set .pdf to open with Chrome? it doesn’t seem to have a progId
yeah sure – just use SetUserFTA.exe .pdf ChromeHTML
Hello. I discovered your software a little while ago, precisely because I started to be interested in the way Windows generated “Hash”. I am bad, if not horrible in reverse enginnering.
After 3 days, I think I have found some good leads.
I come here not to find answers but simply for you to tell me if I am on the right path 😉
So, I will remain discreet but if I tell you: 01d477aa???????? and “ComputeHashFromString” it tells you something ? (A simple yes will be enough for me;))
Please, excuse me for my poor English.
this depends in which shell component you are looking i think. ive seen some strings about function names, but not the one you mentioned. but i think i know what this hex means 🙂
Hi Christoph,
Just encountered a new problem:
I Installed Windows 10 1803 on Nov. 1 on a new test machine, and I cannot assign any “non-windows” program to files that are by default opened with a Windows app, e.g. videos or pictures or a pdf…
Cannot do it via the context menu (it accepts my new association – e.g. *.pdf to PDFXchangeViewer.exe -, but the file is still being opened with the Windows default app Microsoft Edge).
Same happens when I use SetUserFTA.exe which works perfectly on other installations as reported earlier.
Any idea?
Thanks and regards,
Stefan
there are some reports with Windows 10 1803 and FTA issues: https://p0w3rsh3ll.wordpress.com/2018/11/08/about-file-associations/ -> there is a powershell which claims to fix the issue… is this what you are experiencing?
actually this is confirmed by Microsoft after the October update: https://support.microsoft.com/en-us/help/4462919/windows-10-update-kb4462919
After installing this update, some users cannot set Win32 program defaults for certain app and file type combinations using the Open with… command or Settings > Apps > Default apps.
Thanks Christoph!
Didn’t find this myself 🙁
But this seems to be the problem.
So, I will wait for Microsoft’s fix for this one.
Regards,
Stefan
Windows 1809 has the same issue 🙁
Microsoft is working on a resolution and estimates a solution will be available in late November 2018.
Just FYI.
The latest update I performed today causes even more problems:
Even Microsoft apps have problems now 🙂 (((((
when trying to set them as default apps.
i have issues with .iso files on server 2019… it is late november and no sign of a patch from microsoft 🙁
Hi.
One, maybe stupid question. If I run “.\SetUserFTA.exe > .\config.txt” and then (without any changes in the config file) .\SetUserFTA.exe .\config.txt, I’ll get the following error: “error: progid empty. check your file contents – separator is ,”
The content in the file looks like your example:
.3g2, AppX6eg8h5sxqq90pv53845wmnbewywdqq5h
.3gp, AppX6eg8h5sxqq90pv53845wmnbewywdqq5h
.3gp2, AppX6eg8h5sxqq90pv53845wmnbewywdqq5h
.3gpp, AppX6eg8h5sxqq90pv53845wmnbewywdqq5h
.3mf, AppXr0rz9yckydawgnrx5df1t9s57ne60yhn
.aac, AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs
.ac3, AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs
.acrobatsecuritysettings, Applications\AcroRd32.exe
.adt, AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs
.adts, AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs
.amr, AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs
.arv, arv.config
.arw, AppX43hnxtbyyps62jhe9sqpdzxn1790zetc
.asf, AppX6eg8h5sxqq90pv53845wmnbewywdqq5h
.avi, AppX6eg8h5sxqq90pv53845wmnbewywdqq5h
.bmp, AppX43hnxtbyyps62jhe9sqpdzxn1790zetc
.config, Applications\NOTEPAD.EXE
.cr2, AppX43hnxtbyyps62jhe9sqpdzxn1790zetc
….
Whats wrong??
Thx Kai
can you try it with cmd instead of powershell? and could you send me the config.txt so i can check? thanks
With CMD it’s the same. Thx, a lot, I going to send you a message.
Kind regards,
Kai
Sorry, I thought I had tried with CMD, but now I tried again and it works like a charme.
Thx Kai
cmd does not create an output in unicode format and i suspect an error with that – powershell defaults to unicode. i will check that, but could you still send me your file that doesnt work? thanks.
Okay, where can I find a mail address? BTW, I can’t import the empty file with CMD too, it will be nice to figure out what happened.
Thx Kai
you can upload it here: https://kolbicz.sharefile.com/r-rf19a62841134d10a
thanks!
I uploaded the file test.txt to you. I wish you success
Thx Kai
thanks – i have checked it and its in UNICODE format. when you recreate the file in cmd it should work. SetUserFTA does not yet support UNICODE fully – sorry about that. its on my todo list…
Don’t worry, you do a fantastic work. I’ll test an other one. Now I have a solution, that’s enough for me.
Greetings from Germany
thx Kai
danke – hab leider einfach zuwenig zeit im moment, aber update ist geplant 🙂
How do I find an arbitrary ProgId for an application?
Say, sublime text editor 2? Or Notepad++?
the fastest way is to associate it manually (right click a file and select open with, always open with) and then run “SetUserFTA.exe get” – then you will see which ProdId was used.
Hello! We are using SetUserFTA to set PDF associations to Adobe Reader and Adobe Acrobat Pro depending on AD group membership. It works very well, BUT.. Some of the users that has been set to Adobe Acrobat Pro get changed to Adobe Reader during the day in the middle of a session. I have not found any logic in when this happens. We have remove Adobe Acrobat Pro from HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications\ to prevent “Open With..” for users that not has access. Could that be the cause?
Do you got any tip what can cause this?
maybe the plugin in the browser? you can also use applocker or NTFS permissions to disable acrobat32.exe completely for these users – then you maybe also find out when it gets triggered, because it will give an error.
Hi Christoph,
Long time no hear 🙂
This time I have a question which is not related to SetUserFTA, but I thought I can ask you anyway?
It is about “escaping” certain character in Command Prompt or Power Shell. Maybe you can help with a better solution than the one I found.
I am using following commands to extract files from archives, which work fine.
1. unrar x -p”My Password” “My Archive.rar”
and
2. 7za x -p”My Password” “My Archive.zip”
But when my ‘My Password’ contains certain characters, such as ” – e.g. the password is ‘My”Password’…
… then I have to escape this quotation mark with a second quotation mark:
I have to ‘modify’ it to ‘My””Password’, even though the password of my archive file still is ‘My”Password’.
This means Command Prompt interprets ‘My””Password’ as ‘My”Password’.
Do you know any other way?
Thanks and best regards,
Stefan
you should give this a read: https://stackoverflow.com/questions/562038/escaping-double-quotes-in-batch-script/31413730
Hey Christoph,
Thanks for the prompt reply!
But this is exactly what I wrote to you and what I do at the moment: ‘Modifying’ the password string by adding a second quotation mark.
I was asking if you knew a ‘better’ solution, without ‘modifying’ the password string, as this could result in confusion and creating corrupt password lists…
That’s why I’m not happy with that solution 🙁
Best regards,
Stefan
the only other way around that would be to use a variable to hold the password and pass the variable instead of the string: http://steve-jansen.github.io/guides/windows-batch-scripting/part-2-variables.html
C:\>set x=mypass”12
C:\>echo %x%
mypass”12
Ok, thanks. But I’m afraid that I’m not familiar enough with using variables.
Maybe you can help me out a little…
This is the original command
unrar x -p”Password” “Archive.rar”
x stands for ‘use unrar to eXtract”
-p is the switch for password-protected archives to be followed by the password, which now has to be a variable.
Let’s assume my password is the following string:
My Pass”Word
Now, how would that look like as a complete list of commands to be used?
Please note that there is a space (blank) and a quotation mark in that test-password.
Due to the blank: Even as variable, wouldn’t I need to put it in quotation marks, which would require escaping any quotation marks ‘inside’ the password, once again?
Thanks for any efforts taken!
BR
Stefan
something like this should work:
set pass=My Pass”Word
unrar x -p%pass% “Archive.rar”
Thanks again. But as I already expected, this doesn’t work 🙁
Just for your information:
>set pass=My Pass”Word
followed by:
>unrar x -p%pass% “Archive.rar”
results in:
UNRAR 5.60 x64 freeware Copyright (c) 1993-2018 Alexander Roshal
Cannot open PassWord Archive.rar
The system cannot find the file specified.
No files to extract
To me this looks as if ‘My Pass”Word’ is ‘read’ as ‘PassWord’
And if I use this as another example:
set pass=>>>My Pass”Word<< was unexpected at this time.
Anyway, thanks again for all efforts taken. I believe there is no easy way to solve this.
BR
Stefan
can you try:
set pass=My Pass”Word
unrar x -p”%pass%” “Archive.rar”
I give up!!!
I don’t know how to quote lines with > or < here.
What I want to say is, that using such characters in a password results in an error message saying that such a character was unexpected…
you must escape these characters. those are operators in cmd and you must escape them with ^ to use them as a string.
actually i tried to reproduce your issue and following worked:
password=My “Pass
unrar x -p”My “”Pass” protected.rar
just use double quotes where the password includes a quote. if it contains a space, you must quote the whole password.
I just wanted to use this for my deployments but the config file does not work no matter what I try.
Tested with powershell and CMD like mentioned above.
In my txt file is only one simple line for setting adobe reader as default pdf reader:
.pdf, AcroExch.Document.DC
I use setuserfta.exe testconfig.txt
The error I get is:
error: progid empty. check your file contentc – seperator is ,
Any hints would be great!
When I use a bat file with:
.\SetUserFTA .pdf AcroExch.Document.DC
this works like a charm…
your config file is probably in unicode format. this happens when you create it using powershell. when you recreate it using cmd, it will work. im sorry, this is not yet supported and i should update SetUserFTA to handle this properly.
Hello.
I’ve succesfully deployed Your resolution in our envoirment using autostart script and copied fta folder containing nessesary files on each computer. I have a problem. Set fta works on windows 7 machines no problem, but on windows 10 it doesen’t change default pdf viewer. I checked registry – everything looks good – key is with good value in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice but Windows 10 keeps Edge as the default pdf viewer (I’m trying to set it to Foxit – so my key ProgId value is is FoxitReader.Document). Any thoughts?
its actually not supposed to be run on Win7. but does it work when you run the command manually for FoxitReader (on Win10)?
it adds registry key when i run it manually, it even refreshes the desktop – but when i go to control panel –> default programs –> associate program by file types it reads under .pdf EDGE. As I wrote it works well on win7 on about 200 computers :). Still no luck on Win 10. Windows 10 are up to date. Maybe some update cracked it?
i dont think so… but can you run “SetUserFTA get” after you changed the pdf extension and tell me whats the progid for .pdf?
.pdf, FoxitReader.Document
ok that looks ok. what happens if you doubleclick a .pdf file?
it opens in edge without any prompts
are you able to manually assign .pdf to Foxit?
Yes. Then when i change it and run get from setuserfta.exe i end up in having .pdf, pdf_auto_file. I will test some more tomorrow. Any additional suggestions will be appreciated.
ah i see. then Foxit does not register a proper progid and thats why SetUserFTA does not work. you can also export the pdf_auto_file registry keys (probably from here HKEY_CURRENT_USER\Software\Classes) and import them before you run SetUserFTA and use it with .pdf pdf_auto_file then.
I’ve tried exporting pdf_auto_file from clesses. the exported registry is:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Classes\pdf_auto_file]
[HKEY_CURRENT_USER\Software\Classes\pdf_auto_file\shell]
[HKEY_CURRENT_USER\Software\Classes\pdf_auto_file\shell\open]
[HKEY_CURRENT_USER\Software\Classes\pdf_auto_file\shell\open\command]
@=”\”C:\\Program Files (x86)\\Foxit Software\\Foxit Reader\\FoxitReader.exe\” \”%1\””
when i then run command SetUserFTA.exe .pdf, pdf_auto_file
it still doesent change pdf viewer in windows and my get output is:
.pdf, AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723
.pdf,, pdf_auto_file
there is a double comma in your output. maybe you had a type when running SetUserFTA? looks like you ran SetUserFTA .pdf, pdf_auto_file – notice the extra comma.
Yes. I can see that however i put setuserfta.exe .pdf, pdf_auto_file manually so theres no mistake in command. I think Windows some kind of automaticlly adds the second comma.
how do you mean manually? this command is wrong: setuserfta.exe .pdf, pdf_auto_file
setuserfta.exe .pdf pdf_auto_file is correct
Ah You got me:) So this was a mistake. I’ve had some problems with network share also for a while, so i tried to test it manually and then a comma went in. Sorry for trouble and many thanks for pointing this for me. Cheers.