Forums
Main Category
General (Technical,...
Windows registry Un...
 
Notifications
Clear all

Windows registry UnreadMail?

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Jofre 12 years ago
3 Posts
2 Users
0 Reactions
650 Views
RSS
Jofre
 Jofre
(@jofre)
Active Member
Joined: 13 years ago
Posts: 10
Topic starter 30/05/2013 6:42 pm  

Greetings,

While examining the Windows registry during an ongoing investigation I noticed the subkey HKEY CURRENT USER > Software\Microsoft\Windows\CurrentVersion\UnreadMail\.

It contained a list of interesting mail-addresses, but I'm not quite sure on how \UnreadMail is populated and how it is used. Unfortunately neither a check of my beloved Carvey-books nor some Googling around turned up much information on this particular subject.

I found this for Windows XP though
http//support.microsoft.com/default.aspx?scid=KB;EN-US;q304148&ID=KB;EN-US;q304148

As I understand it some mail programs can be used to populate \UnreadMail which then presents a hyperlink on the logon screen with the number of unread mails. But in this particular case no such hyperlink is presented even though some of the MessageCount value data is greater than zero. Perhaps it is related to the target system running Windows Vista Home Basic?

If anyone could point me to further information on how the \UnreadMail subkey is populated and used I would appreciate it. It would be good to have some basics before going into experimentation.

Regards,

Jofre


   
Quote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
30/05/2013 6:54 pm  

Unfortunately neither a check of my beloved Carvey-books…

I'm not sure why they would…but thanks for checking.

…nor some Googling around turned up much information on this particular subject.

Interesting…I found quite a bit.

If anyone could point me to further information on how the \UnreadMail subkey is populated and used I would appreciate it. It would be good to have some basics before going into experimentation.

Very useful
http//support.microsoft.com/kb/831403

Gives some information about how the value is populated
http//www.msoutlook.info/question/304

Talks about how to disable the message/hyperlink on the Welcome screen
http//marksxp.mvps.org/WindowsXP/emailui.php

HTH


   
ReplyQuote
Jofre
 Jofre
(@jofre)
Active Member
Joined: 13 years ago
Posts: 10
Topic starter 30/05/2013 8:30 pm  

Oh, if it involves the Windows registry I always start by taking a look in the books, it keeps me in the right mindset at the very least. )

While Googling I mostly found information on how to remove the logon notification and how to use it in various applications, but not much real data on the mechanisms behind it. But I'll go back and have another look. I had definitely missed support.microsoft.com/kb/831403 and as you said it was very useful. It probably also explained why I don't see any notification on the logon screen "When the unread e-mail message count is set, the date that the e-mail message is received is stamped also. If the unread e-mail message date stamp is more than three days old, the Windows XP logon screen disregards the entries. You cannot customize this setting.".

A bit strange though that the latest time stamp I could find in it was several months before the computer was taken. Have to look into if the suspect changed mailprogram around then.

Anyway, thanks for your answer!

Best Regards,

/Jofre


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: