• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2139
  • Last Modified:

How to allow access to the registry when it ias locked down through group policy.

Does any one know of a way to allow a user access to the registry temporarily. We have deployed Adobe Photoshop 7 by creating a deployment package (msi file) and assigning it through group policy. The package installs properly to the computer (as that is what the policy is applied to). An administrator can open Photoshop fine with no problems, but if a regular user tries they get the error "cannot import photoshop.reg, not all data was sucessfully written to the registry. Some keys are open by the system or other processes."

I have come to the conclusion that the above error states that the user does not have access to the registry. If I launch the program as the administrator first then it will work, but we will potentially be deploying this to hundreds of workstations and we just do not have the manpower to go around to each site and  perform this. I need to automate this install so that it is ready to be launched as soon as the user logs in. Any thoughts?
1 Solution
I think it is a problem with permissions on the key that Photoshop is using.

Try this

Start > run regedt32
Locate the key and then right click on it and set permissions for it for that user. You may have to set permissions for all the sub keys also.
If you are using Win2000 then the set permission thing is on the menu bar.
Menu bar
Security > Permissions

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

could the users kill system processes running on their workstations? if they have sufficient permission to do that, you may want to suspend those running processes that access the registry key, install the program, and then reboot to normal operation mode.

you may also want to find out what registry keys photoshop uses and manually edit your registry key permissions by using regedit, but remember to do a registry back up or system check point (back up) before changing their permissions [just in case].
chaddupuisAuthor Commented:
They are student machines in a school computer lab, so they have zero permissions to do anything. We cannot give them access to the registry. I need a way to incorporate the registry or permissions changes to the software deployment package (msi file). I am drawing the conclusion that this cannot be done, but I need a second opinion.
chaddupuisAuthor Commented:
Also, going to each workstation is not an option, there are far too many.
you can allow just a particular group or user to access that particular part of registry which photoshop is using.

Example....for pagemaker from Adobe knowledege base.

1) Choose Start > Run, type Regedt32 in the Open text box, and then click OK.
2) Click HKEY_LOCAL_MACHINE on Local Machine.
3) In the HKEY_LOCAL_MACHINE on Local Machine window, select the  HKEY_LOCAL_MACHINE\Software\Adobe\Pagemaker65 registry key.
4) Choose Security > Permissions.
5) In the Registry Key Permissions dialog box, select Everyone. (If there is no Everyone icon, create one: Click Add, select Everyone in the Add Users and Groups dialog box, and then click OK.)
6) Choose Full Control from the Type of Access pop-up menu.
7) Select Replace Permissions on Existing Subkeys, then click OK.
8) Click Yes when Registry Editor asks whether you want to replace the permissions on all existing sub keys within the PageMaker65 key.
9)  Choose Registry > Exit, and then restart the computer.

cheers .... hope this helps
I've run in to this problem when I was creating my own MSI files and didn't want to have to touch every machine.  I ended up using the regini.exe command from the resource kit to modify the registry acl in a startup script.  I used regmon from sysinternals to determine what parts I needed to modify the ACLS on but you may find the specifics on adobe.com.  Either one will get you.  This website lists how to use regini.exe to set registry ACLs.

You can get regmon here.

Let me know if this helps or you need more info.

Jon Lewis
If you're running XP consider importing the compatibility template. I have a couple of CALL programs that won't run in normal user mode in XP, but run fine with the compatibility template.
There are 2 ways that I can think that you could deal with it.

- Change the permisions on the relavant registry keys.  The method I have done this in the past is use some software called WinBatch from WillsonWare (www.winbatch.com).  It is a very easy scripting language that ,among other things, can connect to remote registrys and change the permisions or settings.  So you could easly write a script to get a list of all PC's on the domain and connect to each one changeing the settings.

- Or... Use the RunAsUser function of windows.  Again I'd mostlikly do this with Winbatch.  As it can run a new program (regedit import) as a different user than the one running the Winbatch script, then add the winbatch script to the logon script.

If you want more info or help with winbatch the Support BBS on the Winbatch site is the best support I have every found for any software.
There are other methods of changing the registry of multiple machines without giving the users access. You can find and modify the portion of the registry you wish to change on all of the machines then export that portion of the registry. Then remotely manage the registries of your machines by connecting to them through regedit on your admin machine and import the items you wish to change and do it over the network.
chaddupuisAuthor Commented:
Thanks all of you for your help. As far as writing a simple batch file...that is out of the question, we already use a 2600 line kix startup script for our student domain.

-->Nurho83<-- Looks like you are the only one who actually read my question and understood it. Thanks, I will try your suggestions, but you get points regardless if it works or not because what you suggested is what I have been looking for but could not find.

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now