HKLM registry changes if user is not a local administrator - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » HKLM registry changes if user is not a local administrator

Page 1 of 1

1

Topic Options

#183113 - 2007-11-30 11:13 PM HKLM registry changes if user is not a local administrator
DilipBalsaraf DilipBalsaraf Lurker Registered: 2007-11-16 Posts: 4	I am trying to write into HKLM thru a GPO based domain logon script. But since the user is not a local administrator, the writevalue function does not work. Is there a way to make HKLM based registry changes without requiring the user to be in the local administrators group ? Thanks
Top

#183114 - 2007-11-30 11:16 PM Re: HKLM registry changes if user is not a local administrator [Re: DilipBalsaraf]
DilipBalsaraf DilipBalsaraf Lurker Registered: 2007-11-16 Posts: 4	I am trying to do this writevalue ("HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StorageDevicePolicies", "WriteProtect", 1 , "REG_DWORD")
Top

#183115 - 2007-11-30 11:16 PM Re: HKLM registry changes if user is not a local administrator [Re: DilipBalsaraf]
DilipBalsaraf DilipBalsaraf Lurker Registered: 2007-11-16 Posts: 4	which does not work
Top

#183116 - 2007-11-30 11:27 PM Re: HKLM registry changes if user is not a local administrator [Re: DilipBalsaraf]
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	Have you investigated the Workstation GPO approach ? If there is no "canned/standard" setting for what your trying to set, you can always write a custom template for it. Of course, this would assume that all your "target workstations" are in a single (or a few) Workstation OU's and not scattered all over the place in AD.
Top

#183118 - 2007-12-01 09:37 AM Re: HKLM registry changes if user is not a local administrator [Re: Shawn]
Witto Witto MM club member Registered: 2004-09-29 Posts: 1828 Loc: Belgium	Or create a computer group policy on a ou at a higher level Go in the security of the policy on that ou Remove the "Read" and "Apply Group Policy" for "Authenticated Users" Create your own Global Security Group Add all computers that you want to have this policy applied to this group Add it to the Security for the policy on the ou Give it "Read" and "Apply Group Policy" in Security Now add the modification for the registry to the policy If you do it via a computer startup script, it is only applied when a computer is switched on
Top

#183119 - 2007-12-01 03:59 PM Re: HKLM registry changes if user is not a local administrator [Re: Witto]
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	computer startup script - whats that ? (never heard of)
Top

#183120 - 2007-12-01 04:09 PM Re: HKLM registry changes if user is not a local administrator [Re: Shawn]
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	http://support.microsoft.com/kb/556007/en-us _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#183121 - 2007-12-01 04:26 PM Re: HKLM registry changes if user is not a local administrator [Re: Les]
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	So its possible to stick some script say - in NETLOGON - and have it run when the computer starts up ? And this feature can be configured in AD ?
Top

#183122 - 2007-12-01 04:35 PM Re: HKLM registry changes if user is not a local administrator [Re: Shawn]
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Ja, sure can. I even did one using KiXforms and GUI presented before logon. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#183123 - 2007-12-01 06:05 PM Re: HKLM registry changes if user is not a local administrator [Re: Les]
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	What "context" does this script run under ? ie, what "credentials" ? I would assume its like ... the system credentials (not a real user) ?
Top

#183124 - 2007-12-01 06:14 PM Re: HKLM registry changes if user is not a local administrator [Re: Shawn]
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Yes, local system, not a real user. It can be a bit of a challenge to get network perms to shares but Netlogon works right out of the box. IIRC the old "Everyone" perm won't cut it and you need to give specific rights to "Domain Computers" or some other such thing (at home now, cannot check). _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#183125 - 2007-12-01 06:32 PM Re: HKLM registry changes if user is not a local administrator [Re: Les]
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	Nice. This is like getting a new hammer for christmas, and having something to nail on xmas day. We just got asked to install some software on the workstation via the Login Script ... and you know the challenges faced there (credentials and security). But that was my next question. How would one copy the installation package from like - a network share - via this script. I assume you would have to provide some domain credentials in this script. Anyway - didn't mean to hi-jack this thread sorry - apologies - but gee whiz this sounds sweet. Wish I had twigged on to this years ago.
Top

#183126 - 2007-12-01 06:34 PM Re: HKLM registry changes if user is not a local administrator [Re: Shawn]
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	You said NETLOGON works out of box eh.
Top

#183127 - 2007-12-01 07:30 PM Re: HKLM registry changes if user is not a local administrator [Re: Shawn]
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Well... it does for me. Might have to throw in the YMMV in case your AD is wired different. We allow anonymous, I think what's called pre-Windows 2000 compatibility. Quit hijaaking this thread and start your own, eh. Sheesh. :p _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#183128 - 2007-12-01 07:53 PM Re: HKLM registry changes if user is not a local administrator [Re: Les]
Arend_ Arend_ MM club member Registered: 2005-01-17 Posts: 1896 Loc: Hilversum, The Netherlands	To clarify a bit you have 3 "run" events for scripts. 1. Startup, this is the point in de computer based policies, before the user can login (local system credentials) 2. Logon, commonly used, runs right after the user logs on (so runs on user credentials) 3. Logoff, when a user logs off, is run right after his settings are saved. Startup and Logoff are handled by policies, logon by user AD property.
Top

#183129 - 2007-12-01 08:34 PM Re: HKLM registry changes if user is not a local administrator [Re: Arend_]
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Actually, I think there's more than three. 1-2. GPO logon/logoff 3-4. GPO startup/shutdown 5. Legacy logon _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#183135 - 2007-12-02 08:41 AM Re: HKLM registry changes if user is not a local administrator [Re: Shawn]
Witto Witto MM club member Registered: 2004-09-29 Posts: 1828 Loc: Belgium	Originally Posted By: Shawn We just got asked to install some software on the workstation via the Login Script ... and you know the challenges faced there (credentials and security). I think I already did what you are looking for. I made a script that checks in the uninstall strings of the registry, by "DisplayVersion" , if some software is installed. If it is not, it starts the installation. You should just be able to create a "silent" installation. Like Les said, only the Computer Accounts that need the software (Domain Computers?) need Read access to the software. Group Policy Computer Startup Software Installation Script
Top

#183142 - 2007-12-02 01:30 PM Re: HKLM registry changes if user is not a local administrator [Re: Les]
Arend_ Arend_ MM club member Registered: 2005-01-17 Posts: 1896 Loc: Hilversum, The Netherlands	Originally Posted By: Les Actually, I think there's more than three. 1-2. GPO logon/logoff 3-4. GPO startup/shutdown 5. Legacy logon I stand corrected $\:\)$
Top

#183151 - 2007-12-02 04:07 PM Re: HKLM registry changes if user is not a local administrator [Re: Arend_]
Shawn Shawn Administrator Registered: 1999-08-13 Posts: 8611	Moved this off-topic stuff here. Sorry for hi-jacking.
Top

#183212 - 2007-12-03 04:50 PM Re: HKLM registry changes if user is not a local administrator [Re: Shawn]
DilipBalsaraf DilipBalsaraf Lurker Registered: 2007-11-16 Posts: 4	Thanks for your inputs! I am going to try some of these solutions and let you know.
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

0 registered and 1574 anonymous users online.

Newest Members

BeeEm, min_seow, Audio, Hoschi, Comet
17882 Registered Users

Generated in 0.084 seconds in which 0.036 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking