Hacker News new | past | comments | ask | show | jobs | submit login

2 points:

1 - article has wrong info. Under Windows 10 the name is ATMLIB.DLL. ATMFD.DLL is the name for older version of Windows

2 - rename it. Here is the script to be used under an elevated command prompt (change name accordingly if Win10):

cd "%windir%\system32"

takeown.exe /f atmfd.dll

icacls.exe atmfd.dll /save atmfd.dll.acl

icacls.exe atmfd.dll /grant Administrators:(F)

rename atmfd.dll x-atmfd.dll

cd "%windir%\syswow64"

takeown.exe /f atmfd.dll

icacls.exe atmfd.dll /save atmfd.dll.acl

icacls.exe atmfd.dll /grant Administrators:(F)

rename atmfd.dll x-atmfd.dll




Please keep in mind that you need to localize 'Administrators' to make this work on non english systems. When deploying this, it would be better to replace the name with the groups sid. I am on mobile right now but some fellow hacker can surely provide them.


Looking up your local Administrator name:

wmic path win32_group where (LocalAccount=true AND SID="S-1-5-32-544") get Name

edit: that's just the name of the local Administrators group, here's how to get the Admin-accountname:

wmic useraccount where (domain='localhostname' and sid like 'S-1-5-21-%%-500') get sid /value

wmic useraccount where (domain='localhostname' and sid='sidfromfirstcommandhere') get name /value


Hmmmm,

That will just return the name of the built-in Administrators account. If you wanted to find all user accounts in the administrators group you could do:

powershell -c "$([ADSI]'WinNT://YOUR_MACHINE_NAME/Administrators,group').psbase.Invoke('Members') | foreach { $_.GetType().InvokeMember('ADspath', 'GetProperty', $null, $_, $null)}"


> 1 - article has wrong info. Under Windows 10 the name is ATMLIB.DLL. ATMFD.DLL is the name for older version of Windows

I don't think they have the wrong info. According to the MS advisory they linked (https://portal.msrc.microsoft.com/en-us/security-guidance/ad...) it would appear that ATMLIB.dll is not actually affected as there is no mention of it at all, only ATMFD.dll. Also implied by the advisroy is that ATMFD.dll is present on Windows 10 but only versions prior to 1709:

> Rename ATMFD.DLL

> Please note: ATMFD.DLL is not present in Windows 10 installalations starting with Windows 10, version 1709. Newer versions do not have this DLL.


As someone with no knowledge of windows, what’s with their naming scheme? Is this some DOS remnant? Without context the name alone would be reason to fail code review.



[flagged]


Personal attacks will get you banned here. If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting, we'd appreciate it.

Edit: We've had to ask you this several times before. Please don't do it again.


Really? You telling me he was not trolling me? Look up his comments, he's definitely not without "no knowledge of Windows".

Perhaps I should stop giving good advice and help here in comments, as I tried with my comments, and just do what seems to be the norm instead, namely use throwaway accounts and just messing with people instead.


I have no idea, but it doesn't matter, in the sense that it's simpler than that. You can't post the way you did, even if you were being trolled. This is in the site guidelines: "Don't feed egregious comments by replying; flag them instead." That's an indirect phrasing of "please don't feed the trolls".

Commenters here need to follow the rules regardless of what others are doing. It always feels like the other person started it and did worse, which is to say: it always feels like we're justified in breaking the rules. If we go with that feeling, we're guaranteed a downward spiral. The only solution is to inhibit that feeling and hold yourself to a higher standard. Maybe the other person doesn't deserve better (certainly not if they were trolling), but that's not why we do it. You do it because the community deserves better and it's in your interest to have a functioning community here.

(I can tell you from experience, though, that most of the time that it seems like someone is trolling, that's a misperception, in the sense that they had no such conscious intention.)

https://news.ycombinator.com/newsguidelines.html


I am actually looking if this is cultural or technical because it's not clear. If I'm trolling, this has got to be the most pathetic case of it on the internet. I mean this alone would be interpreted as a joke in other contexts:

> Under Windows 10 the name is ATMLIB.DLL. ATMFD.DLL is the name for older version of Windows

..without even touching the rest of it.


ATMLIB is just a client library, it doesn't process any fonts itself, it's not the same thing as ATMFD.

In Windows 10, they changed it so the ATMFD code runs sandboxed in fontdrvhost.exe, and eventually removed it completely from the kernel, that's why atmfd.dll is not there on later editions.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: