Solved

HKEY_CURRENT USER ... how to add a key

Posted on 2004-08-18
11
976 Views
Last Modified: 2008-01-16
Hello,

I have a problem here. After applying  new Custom Outlook Security Settings, I am told by this documentation that I need to add a new registry key to the HKEY_CURRENT_USER subkey.

The Current User cannot add it in, if I export it - as they don't have permissions - they are standard users.

What is the way around this ?

Thanks

S.S.

1.      Start the registry editor and expand the following subkey:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Security
2.      From the Edit menu, choose New, then click DWORD value to add a new registry key.
The value name for the key must be CheckAdminSettings.
0
Comment
Question by:SpencerSteel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
11 Comments
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11832444
Hi

You could run this as part of a login script - just apply to logon script of gpo containing users or to users in script through netlogon -

On outlook machine, set the registry change correctly - then export the key only to a reg file. Edit the reg file so it only contains the key you want to change, save it as outlook.reg and copy it to the share you specify below:

then in the logon script
add the following line
regedit.exe /s \\yourdc\share\outlook.reg
ie
regedit.exe /s \\yourdc\netlogon\outlook.reg

Or you could use a more elegant (and speedy) solution using a vb script as illustrated in this PAQ:

http:Q_21080418.html

Deb :))
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11833208
So your vb script would be something like: The 0 is just an example of the value assigned to your new key,

Dim WshShell
Set WshShell = WScript.CreateObject("WScript.Shell")

WshShell.RegWrite "HKEY_CURRENT_USER\Software\Policies\Microsoft\Security\CheckAdminSettings", 0, "REG_DWORD"

Deb :))
0
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 11835011
Debsyl99,
the *\policies\* keys are (for good reasons) not writable for regular users, as SpencerSteel already pointed out. The logon script runs in the user's security context, so the user will not be able to change any of those settings in it.

SpencerSteel,
you need a Group Policy for that. Save this as "OutlookAdmin.adm" (or whatever.adm), import it into the proper GPO in the group policy editor, and configure away:

====8<----[OutlookAdmin.adm]----
CLASS USER

CATEGORY !!AdditionalSettings

  CATEGORY !!Outlook

    POLICY !!CheckAdminSettings
      KEYNAME "Software\Policies\Microsoft\Security"
      VALUENAME "CheckAdminSettings"
      VALUEON NUMERIC 1
      VALUEOFF DELETE
    END POLICY ; !!CheckAdminSettings

  END CATEGORY ; !!Outlook

END CATEGORY ; !!AdditionalSettings

[strings]
AdditionalSettings=Additional Settings
Outlook=Microsoft Outlook
CheckAdminSettings=Look for custom administrative settings
====8<----[OutlookAdmin.adm]----
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 20

Expert Comment

by:Debsyl99
ID: 11835159
Sorry - SpencerSteel too much scripting ideas and not enough consideration of the question :((
Thanks for that oBdA  - I stand corrected (But why if I get it wrong which isn't really that often believe it or not - is it always you?)

Deb :))
0
 

Author Comment

by:SpencerSteel
ID: 11839258
oBDa,

Thanks for all your help so far - you realise the main problem here.

However, I am a novice with your scripting ... however, I've done what you said and saved the file, and imported it into the Scripts (Logon/Logoff) of the User Configuration in the GPO. Is this right?

Sorry to be an idiot - i'm still not very up with the GPO settings ... slowly getting there.

Thanks again

S.S.
0
 

Author Comment

by:SpencerSteel
ID: 11839474
Well - after a bit of investigation, that seems to be in ... it's gone into the USERS (as opposed to CurrentUser) Subkey - which I assume is like ALL USERS or something ...

The damn thing I'm trying to get to work still doesn't - but you've solved the Reg issue (I'm 99% sure)

So thanks - have some points.

Sorry Debs :)

S.S.
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11839561
Hi Spencer, Hopefully I'll get this bit right at least ;)

Obda is on a different time zone I think, and as you're obviously working on this right now I thought I should respond - ObDa has given you a custom admin template that you can import into your the relevant group policy object for your ou - as I think you've already done, paste oBda's text into a text file and save it as described with a .adm extension.

Then edit your relevant group policy and add it as a template - right click administrative templates under user configuration and click add/remove templates - Then add the custom template you just created. You can then enable this reg entry as a policy which will apply to the users in the ou -

Deb :))

**********Do not accept as answer - oBdA was correct*******************************
0
 

Author Comment

by:SpencerSteel
ID: 11839608
Wow ! I get it ... now that is impressive.

Never seen that before. Makes a lot more sense now - thanks for clearing that up Deb ... you're on my Christmas list.

S.S.x
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 11839621
No probs - Some redemption at least - (I'd like a porsche please ;))

Deb :))
0
 

Author Comment

by:SpencerSteel
ID: 11839645
Actually - I have to add to this ... this has just totally sorted everything.

So, full marks to oDdA for his template thing ... and full marks for Debs for seeing my complete lack of understanding as to what to do with the damn thing.

Thank you both ... I have just finally got rid of those hugely irratating 'outlook warnings' when my application uses Automation to access it.

You will both go to heaven.

S.S.
www.spencersteel.co.uk
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12237795
What no assist?
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question