Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to allow access to the registry when it ias locked down through group policy.

Posted on 2003-11-07
12
Medium Priority
?
2,137 Views
Last Modified: 2012-06-27
Does any one know of a way to allow a user access to the registry temporarily. We have deployed Adobe Photoshop 7 by creating a deployment package (msi file) and assigning it through group policy. The package installs properly to the computer (as that is what the policy is applied to). An administrator can open Photoshop fine with no problems, but if a regular user tries they get the error "cannot import photoshop.reg, not all data was sucessfully written to the registry. Some keys are open by the system or other processes."

I have come to the conclusion that the above error states that the user does not have access to the registry. If I launch the program as the administrator first then it will work, but we will potentially be deploying this to hundreds of workstations and we just do not have the manpower to go around to each site and  perform this. I need to automate this install so that it is ready to be launched as soon as the user logs in. Any thoughts?
0
Comment
Question by:chaddupuis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9704985
I think it is a problem with permissions on the key that Photoshop is using.

Try this

Start > run regedt32
Locate the key and then right click on it and set permissions for it for that user. You may have to set permissions for all the sub keys also.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9704993
If you are using Win2000 then the set permission thing is on the menu bar.
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 9705000
Win2000
Menu bar
Security > Permissions
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:freshair
ID: 9705030
could the users kill system processes running on their workstations? if they have sufficient permission to do that, you may want to suspend those running processes that access the registry key, install the program, and then reboot to normal operation mode.

you may also want to find out what registry keys photoshop uses and manually edit your registry key permissions by using regedit, but remember to do a registry back up or system check point (back up) before changing their permissions [just in case].
0
 
LVL 4

Author Comment

by:chaddupuis
ID: 9706019
They are student machines in a school computer lab, so they have zero permissions to do anything. We cannot give them access to the registry. I need a way to incorporate the registry or permissions changes to the software deployment package (msi file). I am drawing the conclusion that this cannot be done, but I need a second opinion.
0
 
LVL 4

Author Comment

by:chaddupuis
ID: 9706023
Also, going to each workstation is not an option, there are far too many.
0
 
LVL 2

Expert Comment

by:patrick24
ID: 9706464
you can allow just a particular group or user to access that particular part of registry which photoshop is using.

Example....for pagemaker from Adobe knowledege base.

1) Choose Start > Run, type Regedt32 in the Open text box, and then click OK.
2) Click HKEY_LOCAL_MACHINE on Local Machine.
3) In the HKEY_LOCAL_MACHINE on Local Machine window, select the  HKEY_LOCAL_MACHINE\Software\Adobe\Pagemaker65 registry key.
4) Choose Security > Permissions.
5) In the Registry Key Permissions dialog box, select Everyone. (If there is no Everyone icon, create one: Click Add, select Everyone in the Add Users and Groups dialog box, and then click OK.)
6) Choose Full Control from the Type of Access pop-up menu.
7) Select Replace Permissions on Existing Subkeys, then click OK.
8) Click Yes when Registry Editor asks whether you want to replace the permissions on all existing sub keys within the PageMaker65 key.
9)  Choose Registry > Exit, and then restart the computer.


cheers .... hope this helps
0
 
LVL 1

Accepted Solution

by:
nurho83 earned 1500 total points
ID: 9707806
I've run in to this problem when I was creating my own MSI files and didn't want to have to touch every machine.  I ended up using the regini.exe command from the resource kit to modify the registry acl in a startup script.  I used regmon from sysinternals to determine what parts I needed to modify the ACLS on but you may find the specifics on adobe.com.  Either one will get you.  This website lists how to use regini.exe to set registry ACLs.
http://support.microsoft.com/?kbid=237607

You can get regmon here.
http://www.sysinternals.com/ntw2k/source/regmon.shtml

Let me know if this helps or you need more info.

Jon Lewis
0
 
LVL 2

Expert Comment

by:Stevejones123
ID: 9707951
If you're running XP consider importing the compatibility template. I have a couple of CALL programs that won't run in normal user mode in XP, but run fine with the compatibility template.
0
 
LVL 1

Expert Comment

by:iaind
ID: 9708007
There are 2 ways that I can think that you could deal with it.

- Change the permisions on the relavant registry keys.  The method I have done this in the past is use some software called WinBatch from WillsonWare (www.winbatch.com).  It is a very easy scripting language that ,among other things, can connect to remote registrys and change the permisions or settings.  So you could easly write a script to get a list of all PC's on the domain and connect to each one changeing the settings.

- Or... Use the RunAsUser function of windows.  Again I'd mostlikly do this with Winbatch.  As it can run a new program (regedit import) as a different user than the one running the Winbatch script, then add the winbatch script to the logon script.

If you want more info or help with winbatch the Support BBS on the Winbatch site is the best support I have every found for any software.
0
 
LVL 2

Expert Comment

by:mcmurrick
ID: 9708087
There are other methods of changing the registry of multiple machines without giving the users access. You can find and modify the portion of the registry you wish to change on all of the machines then export that portion of the registry. Then remotely manage the registries of your machines by connecting to them through regedit on your admin machine and import the items you wish to change and do it over the network.
0
 
LVL 4

Author Comment

by:chaddupuis
ID: 9708401
Thanks all of you for your help. As far as writing a simple batch file...that is out of the question, we already use a 2600 line kix startup script for our student domain.

-->Nurho83<-- Looks like you are the only one who actually read my question and understood it. Thanks, I will try your suggestions, but you get points regardless if it works or not because what you suggested is what I have been looking for but could not find.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question