How to allow access to the registry when it ias locked down through group policy.

Does any one know of a way to allow a user access to the registry temporarily. We have deployed Adobe Photoshop 7 by creating a deployment package (msi file) and assigning it through group policy. The package installs properly to the computer (as that is what the policy is applied to). An administrator can open Photoshop fine with no problems, but if a regular user tries they get the error "cannot import photoshop.reg, not all data was sucessfully written to the registry. Some keys are open by the system or other processes."

I have come to the conclusion that the above error states that the user does not have access to the registry. If I launch the program as the administrator first then it will work, but we will potentially be deploying this to hundreds of workstations and we just do not have the manpower to go around to each site and  perform this. I need to automate this install so that it is ready to be launched as soon as the user logs in. Any thoughts?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I think it is a problem with permissions on the key that Photoshop is using.

Try this

Start > run regedt32
Locate the key and then right click on it and set permissions for it for that user. You may have to set permissions for all the sub keys also.
If you are using Win2000 then the set permission thing is on the menu bar.
Menu bar
Security > Permissions
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

could the users kill system processes running on their workstations? if they have sufficient permission to do that, you may want to suspend those running processes that access the registry key, install the program, and then reboot to normal operation mode.

you may also want to find out what registry keys photoshop uses and manually edit your registry key permissions by using regedit, but remember to do a registry back up or system check point (back up) before changing their permissions [just in case].
chaddupuisAuthor Commented:
They are student machines in a school computer lab, so they have zero permissions to do anything. We cannot give them access to the registry. I need a way to incorporate the registry or permissions changes to the software deployment package (msi file). I am drawing the conclusion that this cannot be done, but I need a second opinion.
chaddupuisAuthor Commented:
Also, going to each workstation is not an option, there are far too many.
you can allow just a particular group or user to access that particular part of registry which photoshop is using.

Example....for pagemaker from Adobe knowledege base.

1) Choose Start > Run, type Regedt32 in the Open text box, and then click OK.
2) Click HKEY_LOCAL_MACHINE on Local Machine.
3) In the HKEY_LOCAL_MACHINE on Local Machine window, select the  HKEY_LOCAL_MACHINE\Software\Adobe\Pagemaker65 registry key.
4) Choose Security > Permissions.
5) In the Registry Key Permissions dialog box, select Everyone. (If there is no Everyone icon, create one: Click Add, select Everyone in the Add Users and Groups dialog box, and then click OK.)
6) Choose Full Control from the Type of Access pop-up menu.
7) Select Replace Permissions on Existing Subkeys, then click OK.
8) Click Yes when Registry Editor asks whether you want to replace the permissions on all existing sub keys within the PageMaker65 key.
9)  Choose Registry > Exit, and then restart the computer.

cheers .... hope this helps
I've run in to this problem when I was creating my own MSI files and didn't want to have to touch every machine.  I ended up using the regini.exe command from the resource kit to modify the registry acl in a startup script.  I used regmon from sysinternals to determine what parts I needed to modify the ACLS on but you may find the specifics on  Either one will get you.  This website lists how to use regini.exe to set registry ACLs.

You can get regmon here.

Let me know if this helps or you need more info.

Jon Lewis

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
If you're running XP consider importing the compatibility template. I have a couple of CALL programs that won't run in normal user mode in XP, but run fine with the compatibility template.
There are 2 ways that I can think that you could deal with it.

- Change the permisions on the relavant registry keys.  The method I have done this in the past is use some software called WinBatch from WillsonWare (  It is a very easy scripting language that ,among other things, can connect to remote registrys and change the permisions or settings.  So you could easly write a script to get a list of all PC's on the domain and connect to each one changeing the settings.

- Or... Use the RunAsUser function of windows.  Again I'd mostlikly do this with Winbatch.  As it can run a new program (regedit import) as a different user than the one running the Winbatch script, then add the winbatch script to the logon script.

If you want more info or help with winbatch the Support BBS on the Winbatch site is the best support I have every found for any software.
There are other methods of changing the registry of multiple machines without giving the users access. You can find and modify the portion of the registry you wish to change on all of the machines then export that portion of the registry. Then remotely manage the registries of your machines by connecting to them through regedit on your admin machine and import the items you wish to change and do it over the network.
chaddupuisAuthor Commented:
Thanks all of you for your help. As far as writing a simple batch file...that is out of the question, we already use a 2600 line kix startup script for our student domain.

-->Nurho83<-- Looks like you are the only one who actually read my question and understood it. Thanks, I will try your suggestions, but you get points regardless if it works or not because what you suggested is what I have been looking for but could not find.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.