• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 875
  • Last Modified:

Import registry key through Group Policy

I want to import a registry key to all users on my network (approx. 130 PCS/Notebooks).
I have created a TEST OU, I added the registry file under User configuration | Windows Settings | scripts (logon/logoff) | Logon

The script parameter is: regedit /s XXXXXX.reg

This works fine...

My problem is that when the user logs onto the PC, it prompts them to add the key to registry. The have the option of Yes/No.
I don't want this to happen. I want the process to be automatic, with no user interaction.
I don't want the user to know that this is happening in the background.

How can I achieve this from GP?

Thanks
Priscilla

 
0
Priscilla_Hora
Asked:
Priscilla_Hora
  • 9
  • 5
  • 2
  • +1
2 Solutions
 
MPSiddallCommented:
Try adding the registry entries with a script

create a file called script.vbs and execute this through the Group Policy. The example below resets DCOM permissions but you can add any other type of regitry key.

Set WshShell = WScript.CreateObject("WScript.Shell")

      
call Writelog("MESSAGE INTO EVENT LOG",0)
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM", "Y"
WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous", 2 ,"REG_DWORD"


Function WriteLog(strMsg,strType)
      'Types can be
      '0 - Information
      '1 - Error
      '2 - Warning
      
      Set WshLOG = CreateObject("WScript.Shell")
      WshLOG.LogEvent strType, strMsg
      Set WshLOG = Nothing
end Function

OR if the registry file is complicated you may want to try


Dim txtStream
Set oFS = CreateObject("Scripting.FileSystemObject")
Set txtStream = oFS.CreateTextFile("C:\winnt\temp\VNC.fil",true)
Set WshShell = WScript.CreateObject("WScript.Shell")
call Writelog("Setting VNC Settings",0)


'emulate the registry file here

txtStream.WriteLine("REGEDIT4")
txtStream.WriteLine("[HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4]")
txtStream.WriteLine(Chr(34) & "Password" & chr(34) &"=hex:87,1b,f9,95,32,46,48,2a")
txtStream.Close

WshShell.Run "regedit /s c:\winnt\temp\VNC.fil", 1, true



Function WriteLog(strMsg,strType)
      'Types can be
      '0 - Information
      '1 - Error
      '2 - Warning
      
      Set WshLOG = CreateObject("WScript.Shell")
      WshLOG.LogEvent strType, strMsg
      Set WshLOG = Nothing
end Function


Both solutions work, but the choice is yours. The only problem with the first method is you can't write HEX values , well I can't anyway.

HTH

Martin
0
 
jmacmickingCommented:
If you have access to the domain controllers you can create a custom .adm template; see MS KB816662 (http://support.microsoft.com/?kbid=816662) for starters.  Also, when using that particular section of GPEdit make sure you put the program on the first line (Script Name) and the parameters on the second line (Script Parameters).  It doesn't appear to pass properly if you put everything on the program line.  

Having said that though, the simplest way to do this is probably to put a .CMD file in the same folder as the reg file.  Just run the regedit from the .cmd file.  This has the added advantage of allowing you to check to see if the file has already run (so you don't keep adding the key every time the login).  I've included a sample script at the end of this post.  Try pasting this text into notepad and saving it with a .cmd extension (make sure notepad doesn't append .txt to the end).  Just replace the X's with the name of your registry file.  This script is designed to run once per machine; if you want it run once per user (or if the people in your organization don't have write access to the Windows folder) change the file location to %Temp% (for instance, line 2 would read "IF EXIST "%Temp%\XXXXXX" GOTO Skip"

@ECHO OFF
IF EXIST "C:\Windows\XXXXXX" GOTO Skip
REGEDIT /S "XXXXXX.reg"
ECHO Registry file XXXXXX added > "C:\Windows\XXXXXX"
Date /t >> "C:\Windows\XXXXXX"

:Skip

0
 
harleyjdCommented:
reg import \\server\share\keys.reg

add that to the login script.
0
Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

 
Priscilla_HoraAuthor Commented:
Oh wow.. Thanks for all the replies. But this all seems too complex.
There must be an easier way.

I ended up using KiXtart (a logon script)... Until I figure out an easier way to do the same thing using GP.

Here is the code -

; Open word document outside of IE

WriteValue ("HKEY_CLASSES_ROOT\Word.Document.8", "BrowserFlags", "00000008", REG_DWORD)

      if @ERROR = 0
              ?" Successfully patched for IE Open word document in new window. "
      ELSE
              ?" Failed to patch IE Open word document in new window. "
      endif

I would love to hear from others. Have you achieved this through GP?  Using a simple script parameter? Or something simpler than the other replies?

Thanks

0
 
harleyjdCommented:
what can be more simple than "reg import <regfile name>"

It's exaclty what you were doing in the first place, but doesn't prompt y/n


0
 
Priscilla_HoraAuthor Commented:
Harleyjb

It doesn't work. The message "Are you sure you want to add the information in "\\server\share\WordNewWindow.reg" to the registry?" still pops up.

My Script name is: \\server\sahre\WordNewWindow.reg
Script Parameter is: reg import WordNewWindow.reg

What am I doing wrong?

If I run the reg import command from the command promt it completes sucessfully. But when run from GP/Logon It prompts the user..

Any ideas?
0
 
harleyjdCommented:
well you got me scratching my head now .

have you tried it through the user login script as opposed to the GP script?
0
 
harleyjdCommented:
Are the users local admins on the workstations?

Does it happen when you log in as an administrative user?

Is this something you want to happen once off, or is it ongoing?

0
 
Priscilla_HoraAuthor Commented:
Yes. All my users are local admins.
I would like the key to be changed once only.
0
 
harleyjdCommented:
Ok - one Q you didn't answer - have you tried it through the user login script as opposed to the GP script?

I realise that's not the point of what you are doing - but I have that exact same command running in user login scripts as well as from the command line *without* the prompt, so I'm trying to see if it's your Group Policy or any scripting that fails...

0
 
harleyjdCommented:
While you're at it - post up some of the .reg file - maybe there's something there that's worth a look.
0
 
Priscilla_HoraAuthor Commented:
It works fine under the user logon script (kix)
Im using: WriteValue ("HKEY_CLASSES_ROOT\Word.Document.8", "BrowserFlags", "00000008", REG_DWORD)

My .reg file looks like:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Word.Document.8]
@="Microsoft Word Document"
"EditFlags"=dword:00010000
"BrowserFlags"=dword:00000008

So in your case you have the *.reg file saved on a network share.
Under GP, User configuration | Windows Settings | Scripts (Logon/Logoof) | Logon
What is your script name? script parameter?




0
 
harleyjdCommented:
in the script try:

cmd /c reg merge regfile.reg

or

cmd /c regedit /s regfile.reg

I doubt it will help, but it's worth a shot. :)

0
 
harleyjdCommented:
I'm using a standard login script, there's no special entries or settings, it just works for me...

0
 
MPSiddallCommented:
Arrrrrrgggggghhhh !! not kikstart .

I have taken your reg entries and added to a .vbs script which can be run directly from the GPO.

Dim txtStream,tmpFile,strInput

tmpFile = "c:\winnt\temp\word.fil"

Set oFS = CreateObject("Scripting.FileSystemObject")
Set txtStream = oFS.CreateTextFile(tmpFile,true)
Set WshShell = WScript.CreateObject("WScript.Shell")

'Read param that should have been set

strInput = WshShell.RegRead ("HKEY_CLASSES_ROOT\Word.Document.8\BrowserFlags")

' If param different from what it should be then insert the reg file

If strInput <> 8 then

      call Writelog("Setting Word Document Settings",0)

      txtStream.WriteLine("REGEDIT4")
      txtStream.WriteLine("[HKEY_CLASSES_ROOT\Word.Document.8]")
      txtStream.WriteLine("@=" & chr(34) & "Microsoft Word Document" & chr(34))
      txtStream.WriteLine(chr(34) & "EditFlags" & chr(34) & "=dword:00010000")
      txtStream.WriteLine(chr(34) & "BrowserFlags" & chr(34) & "=dword:00000008")
      txtStream.Close

      WshShell.Run "regedit /s " & tmpFile, 1, true
else
      call Writelog("Word Document Settings Allready Set",0)

end if

Function WriteLog(strMsg,strType)
      'Types can be
      '0 - Information
      '1 - Error
      '2 - Warning
      
      Set WshLOG = CreateObject("WScript.Shell")
      WshLOG.LogEvent strType, strMsg
      Set WshLOG = Nothing
end Function

HTH

Martin


0
 
harleyjdCommented:
heh, give a man a fish... :)

0
 
Priscilla_HoraAuthor Commented:
Arggh forget it..

Nothing seems to work as I want it to!

Nevermind... Thank You soo much for you help. I really appreciate it.

0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 9
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now