Forum Discussion

Jay_Libove_HM's avatar
Jay_Libove_HM
Copper Contributor
Mar 10, 2021

CMD.EXE run as administrator hijacks "L" key to switch to that window

The weirdest thing happens, on just one of my computers (hostname AVClientXB1):
If I start an elevated CMD.EXE window (from the shortcut:
C:\Users\libove\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk, which I think is the normal place, for a user called "libove", to have a CMD.EXE Start Menu shortcut),
Then the (lower-case only) "L" key jumps to that window. That is, no matter what window has focus, simply tapping the lower case "L" key will cause that elevated CMD.EXE window to take focus. It is impossible to type an "l".
Upper case "L", no problem.
Close that CMD.EXE and "l", "L", whatever, no problem.
Open a regular (NON-elevated) CMD.EXE, no problem.
An elevated CMD.EXE started by going directly to C:\Windows\System32\ and right-clicking on the real CMD.EXE and selecting Run as Administrator, no problem.
But if an elevated CMD.EXE is open, "l" switches straight to that window.
The content of the C:\Users\libove\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk shortcut looks uncorrupted (viewed both by simply right-clicking on it and selecting Properties, and with NirSoft ShortcutsManager), and I'm fairly sure the computer isn't infected with anything.
I also removed that shortcut and replaced it with a copy of the same file from another computer (on which this problem does not occur), and the problem still occurs.
I'm not even aware of any setting or add-on, other than keyboard remapping which is not in use on this computer, which could enable a single character to become a hotkey to switch to a window.
I've run multiple virus (Kaspersky and Microsoft Defender) scans, and corruption (SFC, DISM) scans; nothing is found. And I have no reason to believe that this computer has ever been infected, nor does anything (other than the weird "l" behaviour) change while such an elevated CMD.EXE is open and "l" is hijacked.
What could be causing this? How to fix it?
many thanks,
 
    • Jay_Libove_Fe's avatar
      Jay_Libove_Fe
      Copper Contributor

      ascurfy No, no solution, and the problem persists. I am glad to hear that there is someone else out there with the same problem.

      Please get in touch with me privately, and I'll open a support case with Microsoft, and include both of us in it. Since I only have one affected machine, but you have several, we ought to be able to get Microsoft to solve it.

      You can reach me at LIBOVE at FELINES dot ORG

      Do you have any software installed - on all of those affected laptop computers, but NOT on other computers which you have which are NOT affected - that might conceivably be "interesting" from the point of view of having keyboard intercept functions which might interact oddly? I doubt that it's third party software, as nothing on my one affected computer is not also installed somewhere else in my environment, but I imagine that Microsoft support will ask...

       

      thanks,

      Jay

       

      • ascurfy's avatar
        ascurfy
        Copper Contributor

        Jay_Libove_Fe 

        I have solved the issue. Well it works for me anyway.

         

        We use redirected folders for users both for onsite with desktops and offsite on laptops over DirectAccess. We are in transition from Windows 7 to Windows 10. An existing users shortcut to cmd.exe was created on a Windows 7 computer at some point in the past. I think the issue lies with the shortcut. I deleted the shortcuts to Windows PowerShell (CMD underneath) in the redirected Start menu and recreated them from the actual executable from the computer and this fixed the issue.

        I guess those shortcuts created on a Windows 7 computer have some issue when run on a Windows 10 computer.

Resources