You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » Permission to modify the registry from logon script.
Register User       Forum List       Calendar       FAQ
Page 1 of 1 1
Topic Options
#209288 - 2014-07-28 10:10 PM Permission to modify the registry from logon script.
Villanueva Offline
Just in Town

Registered: 2014-07-25
Posts: 1
Loc: Republica Dominicana, Santiago
hi,

I'm new to the forum and I want to make my case maybe they can help.
First: English is not my first language.

I have a samba PDC server which has about 200 XP users, 150 new computers were purchased, I was testing with W7 and everything satisfactory result. create a standard CD for installation, WPI, joined W7 to the domain, use Kixtart to create policies for the new machines in them intend modify the registry on W7 to block certain functions of the domain users, my problem is not find a way to assign the privileges necessary to do the logon script. only works if I make the user a local administrator of the computer, so all the things I want are blocked. I tried to post called "Step by Step guide to running a script with elevated privileges or admin" but I can not. if you have any suggestions I'll read with pleasure.

 Code:
;---------------------------
; These are my Logon Script
;---------------------------

@ECHO OFF

ver | findstr /i "5\.1\." > nul
IF %ERRORLEVEL% EQU 0 goto ver_XP
ver | findstr /i "6\.1\." > nul
IF %ERRORLEVEL% EQU 0 goto ver_Win7
ver | findstr /i "6\.2\." > nul
IF %ERRORLEVEL% EQU 0 goto ver_Win8

goto end

:ver_Win7
%0\..\kix32.exe NTConfigw7_Generales.kix <----------- These are my policies (W7)
%0\..\kix32.exe NTConfigw7_Grupos.kix <-----------
goto end

:ver_XP
%0\..\initstd.exe <----- this is my policies (XP)
goto end

:ver_Win8
goto end

:end


 Code:
;--------------------------
; This is a fragment of the policies that I use
;--------------------------

BREAK OFF
$ = SETTITLE("Domain Login")
BIG
COLOR G/N
?@DOMAIN
?
SMALL
COLOR W/N
?@TIME " - " @WKSTA " - " @USERID
?"Do not close this window, it will automatically close"
?

/* Ocultar Disco "C" */

$ = WriteValue("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\", "NoDrives", "4", "REG_DWORD")
$ = WriteValue("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer", "NoViewOnDrive", "4", "REG_DWORD")

/* Bloqueo de PC en 2 Mins */

$ = WriteValue("HKEY_CURRENT_USER\Control Panel\Desktop\", "ScreenSaverIsSecure", "1", "REG_SZ")
$ = WriteValue("HKEY_CURRENT_USER\Control Panel\Desktop\", "ScreenSaveActive", "1", "REG_SZ")
$ = WriteValue("HKEY_CURRENT_USER\Control Panel\Desktop\", "ScreenSaveTimeOut", "300", "REG_SZ")

/* Fondo de Pantalla */

$ = WriteValue("HKEY_CURRENT_USER\Control Panel\Desktop", "Wallpaper", "%LOGONSERVER%\netlogon\fondo.bmp", "REG_SZ")

/* Deshabilitar accesso a USB */

$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor", "Type", "1", "REG_DWORD")
$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor", "Start", "4", "REG_DWORD")
$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor", "ErrorControl", "1", "REG_DWORD")
$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor", "DisplayName", "Dispositivo de almacenamiento masivo de datos USB", "REG_SZ")
$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor", "ImagePath", "73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,55,00,53,00,42,00,53,00,54,00,4f,\ 00,52,00,2e,00,53,00,59,00,53,00,00,00", "REG_EXPAND_SZ")
$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor\Enum", "Count", "0", "REG_DWORD")
$ = WriteValue("HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\usbstor\Enum", "NextInstance", "0", "REG_DWORD")


Edited by Mart (2014-07-29 01:17 PM)
Edit Reason: Please use code tags when posting code.
Top
#209301 - 2014-07-29 10:00 PM Re: Permission to modify the registry from logon script. [Re: Villanueva]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11627
Loc: CA
When you say policies a normal user cannot set POLICIES a GPO is typically the accepted means to do so. As far as writing HKCU keys those may not be loaded yet to write to. You can write some debug code to show on screen the error and test on your own before trying to push out to users.

I must ask though why use Samba? A Windows Server 2012 license is only like $800 and will make life so much easier than fighting the square block going into the round hole of
Linux/Windows games.
Top
Page 1 of 1 1


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 739 anonymous users online.
details
Newest Members
M_Moore, BeeEm, min_seow, Audio, Hoschi
17883 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.052 seconds in which 0.025 seconds were spent on a total of 13 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org