Solved

Import registry key through Group Policy

Posted on 2004-09-12
17
858 Views
Last Modified: 2008-02-26
I want to import a registry key to all users on my network (approx. 130 PCS/Notebooks).
I have created a TEST OU, I added the registry file under User configuration | Windows Settings | scripts (logon/logoff) | Logon

The script parameter is: regedit /s XXXXXX.reg

This works fine...

My problem is that when the user logs onto the PC, it prompts them to add the key to registry. The have the option of Yes/No.
I don't want this to happen. I want the process to be automatic, with no user interaction.
I don't want the user to know that this is happening in the background.

How can I achieve this from GP?

Thanks
Priscilla

 
0
Comment
Question by:Priscilla_Hora
  • 9
  • 5
  • 2
  • +1
17 Comments
 

Expert Comment

by:MPSiddall
Comment Utility
Try adding the registry entries with a script

create a file called script.vbs and execute this through the Group Policy. The example below resets DCOM permissions but you can add any other type of regitry key.

Set WshShell = WScript.CreateObject("WScript.Shell")

      
call Writelog("MESSAGE INTO EVENT LOG",0)
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM", "Y"
WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous", 2 ,"REG_DWORD"


Function WriteLog(strMsg,strType)
      'Types can be
      '0 - Information
      '1 - Error
      '2 - Warning
      
      Set WshLOG = CreateObject("WScript.Shell")
      WshLOG.LogEvent strType, strMsg
      Set WshLOG = Nothing
end Function

OR if the registry file is complicated you may want to try


Dim txtStream
Set oFS = CreateObject("Scripting.FileSystemObject")
Set txtStream = oFS.CreateTextFile("C:\winnt\temp\VNC.fil",true)
Set WshShell = WScript.CreateObject("WScript.Shell")
call Writelog("Setting VNC Settings",0)


'emulate the registry file here

txtStream.WriteLine("REGEDIT4")
txtStream.WriteLine("[HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4]")
txtStream.WriteLine(Chr(34) & "Password" & chr(34) &"=hex:87,1b,f9,95,32,46,48,2a")
txtStream.Close

WshShell.Run "regedit /s c:\winnt\temp\VNC.fil", 1, true



Function WriteLog(strMsg,strType)
      'Types can be
      '0 - Information
      '1 - Error
      '2 - Warning
      
      Set WshLOG = CreateObject("WScript.Shell")
      WshLOG.LogEvent strType, strMsg
      Set WshLOG = Nothing
end Function


Both solutions work, but the choice is yours. The only problem with the first method is you can't write HEX values , well I can't anyway.

HTH

Martin
0
 
LVL 5

Expert Comment

by:jmacmicking
Comment Utility
If you have access to the domain controllers you can create a custom .adm template; see MS KB816662 (http://support.microsoft.com/?kbid=816662) for starters.  Also, when using that particular section of GPEdit make sure you put the program on the first line (Script Name) and the parameters on the second line (Script Parameters).  It doesn't appear to pass properly if you put everything on the program line.  

Having said that though, the simplest way to do this is probably to put a .CMD file in the same folder as the reg file.  Just run the regedit from the .cmd file.  This has the added advantage of allowing you to check to see if the file has already run (so you don't keep adding the key every time the login).  I've included a sample script at the end of this post.  Try pasting this text into notepad and saving it with a .cmd extension (make sure notepad doesn't append .txt to the end).  Just replace the X's with the name of your registry file.  This script is designed to run once per machine; if you want it run once per user (or if the people in your organization don't have write access to the Windows folder) change the file location to %Temp% (for instance, line 2 would read "IF EXIST "%Temp%\XXXXXX" GOTO Skip"

@ECHO OFF
IF EXIST "C:\Windows\XXXXXX" GOTO Skip
REGEDIT /S "XXXXXX.reg"
ECHO Registry file XXXXXX added > "C:\Windows\XXXXXX"
Date /t >> "C:\Windows\XXXXXX"

:Skip

0
 
LVL 15

Accepted Solution

by:
harleyjd earned 300 total points
Comment Utility
reg import \\server\share\keys.reg

add that to the login script.
0
 

Author Comment

by:Priscilla_Hora
Comment Utility
Oh wow.. Thanks for all the replies. But this all seems too complex.
There must be an easier way.

I ended up using KiXtart (a logon script)... Until I figure out an easier way to do the same thing using GP.

Here is the code -

; Open word document outside of IE

WriteValue ("HKEY_CLASSES_ROOT\Word.Document.8", "BrowserFlags", "00000008", REG_DWORD)

      if @ERROR = 0
              ?" Successfully patched for IE Open word document in new window. "
      ELSE
              ?" Failed to patch IE Open word document in new window. "
      endif

I would love to hear from others. Have you achieved this through GP?  Using a simple script parameter? Or something simpler than the other replies?

Thanks

0
 
LVL 15

Expert Comment

by:harleyjd
Comment Utility
what can be more simple than "reg import <regfile name>"

It's exaclty what you were doing in the first place, but doesn't prompt y/n


0
 

Author Comment

by:Priscilla_Hora
Comment Utility
Harleyjb

It doesn't work. The message "Are you sure you want to add the information in "\\server\share\WordNewWindow.reg" to the registry?" still pops up.

My Script name is: \\server\sahre\WordNewWindow.reg
Script Parameter is: reg import WordNewWindow.reg

What am I doing wrong?

If I run the reg import command from the command promt it completes sucessfully. But when run from GP/Logon It prompts the user..

Any ideas?
0
 
LVL 15

Expert Comment

by:harleyjd
Comment Utility
well you got me scratching my head now .

have you tried it through the user login script as opposed to the GP script?
0
 
LVL 15

Expert Comment

by:harleyjd
Comment Utility
Are the users local admins on the workstations?

Does it happen when you log in as an administrative user?

Is this something you want to happen once off, or is it ongoing?

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Priscilla_Hora
Comment Utility
Yes. All my users are local admins.
I would like the key to be changed once only.
0
 
LVL 15

Expert Comment

by:harleyjd
Comment Utility
Ok - one Q you didn't answer - have you tried it through the user login script as opposed to the GP script?

I realise that's not the point of what you are doing - but I have that exact same command running in user login scripts as well as from the command line *without* the prompt, so I'm trying to see if it's your Group Policy or any scripting that fails...

0
 
LVL 15

Expert Comment

by:harleyjd
Comment Utility
While you're at it - post up some of the .reg file - maybe there's something there that's worth a look.
0
 

Author Comment

by:Priscilla_Hora
Comment Utility
It works fine under the user logon script (kix)
Im using: WriteValue ("HKEY_CLASSES_ROOT\Word.Document.8", "BrowserFlags", "00000008", REG_DWORD)

My .reg file looks like:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Word.Document.8]
@="Microsoft Word Document"
"EditFlags"=dword:00010000
"BrowserFlags"=dword:00000008

So in your case you have the *.reg file saved on a network share.
Under GP, User configuration | Windows Settings | Scripts (Logon/Logoof) | Logon
What is your script name? script parameter?




0
 
LVL 15

Expert Comment

by:harleyjd
Comment Utility
in the script try:

cmd /c reg merge regfile.reg

or

cmd /c regedit /s regfile.reg

I doubt it will help, but it's worth a shot. :)

0
 
LVL 15

Expert Comment

by:harleyjd
Comment Utility
I'm using a standard login script, there's no special entries or settings, it just works for me...

0
 

Assisted Solution

by:MPSiddall
MPSiddall earned 20 total points
Comment Utility
Arrrrrrgggggghhhh !! not kikstart .

I have taken your reg entries and added to a .vbs script which can be run directly from the GPO.

Dim txtStream,tmpFile,strInput

tmpFile = "c:\winnt\temp\word.fil"

Set oFS = CreateObject("Scripting.FileSystemObject")
Set txtStream = oFS.CreateTextFile(tmpFile,true)
Set WshShell = WScript.CreateObject("WScript.Shell")

'Read param that should have been set

strInput = WshShell.RegRead ("HKEY_CLASSES_ROOT\Word.Document.8\BrowserFlags")

' If param different from what it should be then insert the reg file

If strInput <> 8 then

      call Writelog("Setting Word Document Settings",0)

      txtStream.WriteLine("REGEDIT4")
      txtStream.WriteLine("[HKEY_CLASSES_ROOT\Word.Document.8]")
      txtStream.WriteLine("@=" & chr(34) & "Microsoft Word Document" & chr(34))
      txtStream.WriteLine(chr(34) & "EditFlags" & chr(34) & "=dword:00010000")
      txtStream.WriteLine(chr(34) & "BrowserFlags" & chr(34) & "=dword:00000008")
      txtStream.Close

      WshShell.Run "regedit /s " & tmpFile, 1, true
else
      call Writelog("Word Document Settings Allready Set",0)

end if

Function WriteLog(strMsg,strType)
      'Types can be
      '0 - Information
      '1 - Error
      '2 - Warning
      
      Set WshLOG = CreateObject("WScript.Shell")
      WshLOG.LogEvent strType, strMsg
      Set WshLOG = Nothing
end Function

HTH

Martin


0
 
LVL 15

Expert Comment

by:harleyjd
Comment Utility
heh, give a man a fish... :)

0
 

Author Comment

by:Priscilla_Hora
Comment Utility
Arggh forget it..

Nothing seems to work as I want it to!

Nevermind... Thank You soo much for you help. I really appreciate it.

0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now