running regedit via batch file
I am running a reg file to edit the users registry so I don't have to go to every computer. It runs on mine via a batch file where it runs this command: regedit.exe /s \\servername\test.reg. I have admin privleges and they don't so I am guessing htat is why they can't run it. How can I have this run with admin rights in order to change the registry. If I can't is there a way to run this through group policy.
You can run it as a script with a GPO.
ASKER
could you tell me more, how to I turn the test.reg into a script and where in gpo do I put it.
I know that if you use the code in the snippet below you can make regedit run as administrator (or whoever the admin user is), but it will prompt for password...
@ runas /user:localhost\administrator regedit
ASKER
I can't use that becuase the users do not have the password and they are going to run this every day.
ASKER
the http://www.desktopstandard.com/PolicyMakerRegistryExtension.aspx link doesn't work anymore
I'm sorry, I spammed you with the wrong link.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/gp/admtgp.mspx
If this is Current User, they should have acces to most of it... Doing it as a RunAs for a HKCU setting runs under the context of the runas'ed HKCU's registry.....
Whats teh keys you are trying to access?
Whats teh keys you are trying to access?
If it's something that you are running everyday on a per-user basis, put it in as a logon script.
ASKER
when I do that it doesn't work. This is what I am trying to run.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.tif]
"Content Type"="image/tiff"
"PerceivedType"="image"
@="MSPaper.Document"
[HKEY_CLASSES_ROOT\.tif\MS
[HKEY_CLASSES_ROOT\.tif\MS
[HKEY_CLASSES_ROOT\.tif\Op
[HKEY_CLASSES_ROOT\.tif\Op
@=""
[HKEY_CLASSES_ROOT\.tif\Op
"TIFImage.Document"=hex(0)
It replaces the tif file assocation that microsoft takes out. We need it for our database program. Everytime I do a secruity update it rips it out.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.tif]
"Content Type"="image/tiff"
"PerceivedType"="image"
@="MSPaper.Document"
[HKEY_CLASSES_ROOT\.tif\MS
[HKEY_CLASSES_ROOT\.tif\MS
[HKEY_CLASSES_ROOT\.tif\Op
[HKEY_CLASSES_ROOT\.tif\Op
@=""
[HKEY_CLASSES_ROOT\.tif\Op
"TIFImage.Document"=hex(0)
It replaces the tif file assocation that microsoft takes out. We need it for our database program. Everytime I do a secruity update it rips it out.
Save this .reg file to a location everyone can hit. Actually, I would not run this as a logon script. Try this as a start up script. I know it has enough security there to write a HKLM.
reg import \\server\folder\change.reg
reg import \\server\folder\change.reg
You can also try creating a policy, go to computer configuration, Windows settings, security settings, right click in Object name, click on new key and add the change from your registry. This is taking fro granted you have these changes in the registry of the machine you make the policy on. Add it to a test OU and see if that does it.
Could you elaborate on "everytime I do a security update, it rips it out"?
ASKER
Microsoft doesn't want tif files to be associated with microsoft office document image. SO it deletes the file assoc when a new security patch or service3 pack comes out. So when it happens I have to go around to all the pc's make them domain admins to change it. its the only way to fix it. But If I can get this into the system that it just replaces it then I don't have to do that to change them.
Here is another article on distributing registry changes.
http://technet.microsoft.com/en-us/library/bb727154.aspx
http://technet.microsoft.com/en-us/library/bb727154.aspx
Hi, as CptnTrips has mentioned, running your command from a batch file as a StartUp script, not a Logon script, should work, because that will run under the SYSTEM account, and can write to the HKCR tree. A Logon script, as you know, runs under the logging in user's security context.
The only thing you need to make sure of, is that the .REG file is actually located in the NetLogon folder of a DC, such as \\DCNAME\NetLogon\Test.reg
The NetLogon folder is the only network location that the SYSTEM account has access to. Therefore, running your existing command as a StartUp script should work.
Regards,
Rob.
The only thing you need to make sure of, is that the .REG file is actually located in the NetLogon folder of a DC, such as \\DCNAME\NetLogon\Test.reg
The NetLogon folder is the only network location that the SYSTEM account has access to. Therefore, running your existing command as a StartUp script should work.
Regards,
Rob.
Good point Rob!
ASKER
rob, I have the .reg file in the netlogon folder. First how do I make it a batch file and then how do I run it as a startup script.
nelslarson, add the following to your startup script in the GPO:
reg import \\server\netlogon\change.r
where \\server\netlogon\change.r
reg import \\server\netlogon\change.r
where \\server\netlogon\change.r
ASKER
where is the startup script. is this the same as a logon script?
Computer configuration> Windows Settings> Scripts (Startup/Shutdown)
ASKER
where to I put the reg import? I am in the startup and it is asking me for script name and script parameters. In the name I have the .reg file. Where do I upt the reg import command?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry, yeah, we forgot to mention that bit.
In the same NetLogon folder where the REG file is, create a VBS file (just a Notepad text file, but save it with a VBS extension) called MyStartUpScript.vbs
Paste this code in there, changing the strRegFile name to match your registry file.
'====================
' Change domain.com in both spots to match your domain name
' You should be able to click Start --> Run, type in
' \\domain.com\sysvol\domain
' press Enter and be taken to the NetLogon folder
strRegFile = "\\domain.com\sysvol\domai
Set objShell = CreateObject("WScript.Shel
objShell.Run "regedit /s """ & strRegFile & """", 0, True
Set objShell = Nothing
'====================
Then, with that VBS file imported the registry file, back in the GPO in
Computer configuration> Windows Settings> Scripts (Startup/Shutdown)
just type
MyStartUpScript.vbs
in the startup script field and you should be right to go.
Regards,
Rob.
In the same NetLogon folder where the REG file is, create a VBS file (just a Notepad text file, but save it with a VBS extension) called MyStartUpScript.vbs
Paste this code in there, changing the strRegFile name to match your registry file.
'====================
' Change domain.com in both spots to match your domain name
' You should be able to click Start --> Run, type in
' \\domain.com\sysvol\domain
' press Enter and be taken to the NetLogon folder
strRegFile = "\\domain.com\sysvol\domai
Set objShell = CreateObject("WScript.Shel
objShell.Run "regedit /s """ & strRegFile & """", 0, True
Set objShell = Nothing
'====================
Then, with that VBS file imported the registry file, back in the GPO in
Computer configuration> Windows Settings> Scripts (Startup/Shutdown)
just type
MyStartUpScript.vbs
in the startup script field and you should be right to go.
Regards,
Rob.