Windows 7 (and possibly even Vista) has the ability to mount a VHD. The VHD could have been created from Virtual PC or Virtual Server, or it could be a System Image backup created by Windows Backup.

To mount the VHD, open the Computer Management console (Start -> “Computer Management”). Right-click the Disk Management option in the tree and select Attach VHD.

Awesome.

In the last few OS rebuilds of my machine, i’ve preferred to relocate my user profile to a different partition, and leave my C: as small and light as possible. The added benefit is that I can then backup an entire partition in a snap and be guaranteed i haven’t lost any major user-data.

To do this (under Windows 7), follow the steps below. This assumes you have formatted your machine and have a clean install of Win7 with your user account (with admin access) created.

Enable the Administrator account

This account is disabled by default and you will need to enable it in order to move your profile around.

  1. Press Start, and type “Computer Management” and run the first program
  2. Under Local Users and GroupsUsers, you will see the Administrator account. Right-click the Administrator, select Properties. In the General tab, uncheck “Account is disabled”. Apply. Ok.
  3. If you don’t know the password for the Admin account, I suggest right-clicking the Administrator and Reset Password
  4. Log out of your current user account and log in as the Administrator
Enabling the Administrator account

Enabling the Administrator account

 

Copy The Profile To Its New Location

Logged in as Administrator, open Windows Explorer and navigate to C:Users. You will see your account folder there. **Move (dont copy!)** your account folder to the new location you want. In my case, I moved it to D:home.

Update The Profile’s Home Folder Path

You now need to update the user account to tell it that the profile exists in a different location.

  1. Press Start, and type “Computer Management” and run the first program
  2. Under Local Users and GroupsUsers, you will see your user account. Right-click the account, select Properties. In the Profile tab, select “Local path”, and type in the new path of the profile. (eg: D:homexerxes). Apply. Ok.
Profile Home Path

Profile Home Path

 

Update Registry To Find New Profile

I probably should have mentioned this before, but if you’re not comfortable modifying your Windows Registry, you probably shouldn’t attempt this. Moreover, you probably shouldn’t be reading my blog.

  1. Start -> Run, “Regedit”, Enter
  2. Find the key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList. There will be a string value called Profiles Directory. Update the value to be your new profile home directory. (eg: D:home)
  3. Within the ProfileList key, there are a bunch of sub-keys, one for each user profile registered on the system. Scroll through them and look at the value ProfileImagePath, and find the one which mentions your username. Update the value of the ProfileImagePath to be the new path to your user profile (eg: D:homexerxes)
Updating User Profile Location In Registry

Updating User Profile Location In Registry

 

Fin//

You’re all done. Log out of the administrator account and try logging back into your own profile. If you did everything right, this should just work. If you want to disable the Administrator account again, you can do so after logging back into yours.

To run any command under the credentials of a different user, *nix systems have the sudo command. For example:

$> sudo pico /etc/hostname

To run a program under the credentials of a different user under Windows, you can use the runas command.

runas /user:administrator notepad

i use this command to quickly create batch files which i can drop into my c:windowssystem32 folder for immediate path happiness

In Windows 2000/XP you can add/remove content from your Send-To menu just by navigating to the SendTo directory of your profile (eg: C:Documents and SettingsXerxesSendTo

In Vista they changed the location of the SendTo directory and I never found out where until now! If you navigate to the shell extension “sendto” (eg: Start –> Run –> “shell:sendto”), it opens up the list of items in the send-to menu when you right-click a file in Explorer.

I normally like to add a shortcut Notepad so no matter what file type i’m opening, I can have quick access to drop it in Notepad if necessary.

I have just uncovered a way to perform root priviledge escalation under Windows (tested using Server 2003 SP2)…so easy, with no addons or anything – all you need is a console.

  1. Open up a command prompt (cmd.exe)
  2. Type whoami. This should return your username – lowly peon user.
  3. In the command prompt, enter the following: at <current time + 1 min> /interactive “cmd.exe”
    The point of this step is to set up a scheduled task to execute in one minute of the current time. This scheduled task will launch a command prompt under the credentials of Local System.
    For example: at 11:05 /interactive “cmd.exe” will launch the cmd window at 11:05am.
  4. Type whoami into the new cmd window…..Voila!

Once escalated, you can use taskmgr to kill explorer and then re-run it from the new command prompt with the escalated priviledge.