Solved

Cannot launch .reg file with logon batch file

Posted on 2004-10-29
494 Views
Last Modified: 2010-04-19
I made a .reg file that blocks what I consider to be the top 5 IM programs, there installs and the Hotbar installer.
I wanted to save myself some time and have it launched when my users log on so I did not following.

I put the .reg file in the sysvol share in its root and added the line below the my logon.bat

regedit /s \\fa1\sysvol\imblock.reg

it tells the users "access denied"

I check out this files properties and it is inheriting from the parent, everyone has read and execute.

I have been screwing with this for a long time!!
I could have just went to my 100 machines and added it manually by now.
I cannot figure it out and I am afraid I have been on it so long I am missing the obvious.
0
Question by:michaelkirk
    9 Comments
     
    LVL 82

    Accepted Solution

    by:
    To start with, this would belong into the %Systemroot%\sysvol\sysvol\your.domain.local\scripts folder and then be accessed using %logonserver%\netlogon\...
    The other problem is that your reg script very probably tries to write to HKLM\... This won't work in a logon script, since users don't have write permissions to this hive.
    Depending on the settings, you can use a group policy with a customized administrative template instead of a regedit script. What is it you're trying to set?
    0
     
    LVL 1

    Expert Comment

    by:Mijnals
    Hi,


    oBdA has the good answer.
    But why don't you use a logon script that can be used for every user in the whole domain. Use KixTart it is the easiest way.

    Note.
    There are a lot off things you can do with Kixtart. I use it and it's great.


    GOOD LUCK
    0
     
    LVL 18

    Expert Comment

    by:luv2smile
    I say your best bet is to use group policy to set software restriction policies....there are plenty of great resources out there on group policy to learn how to implement it.
    0
     
    LVL 1

    Author Comment

    by:michaelkirk
    I am trying to restrict access to a list of .EXE files that pertain to the installation and execution of IM clients I.E "install_aim.exe", "ypager.exe" Etc..


    How do I go about customizing an administrative template??
    Could I just create one from scratch??
    0
     
    LVL 18

    Expert Comment

    by:luv2smile
    To customize the admin template....create a GPO and change the settings under the computer or user "admin template". For what you're trying to do though, you need to set software restriction policies which is:

    Computer Configuration or User Configuration/Windows Settings/Security Settings/Software Restriction Policies

    See:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;324036#5
    0
     
    LVL 1

    Author Comment

    by:michaelkirk
    It looks like it can restrict file types only and that to do specific executable I have to create a "hash rule".
    Is this true??

    To create a hash rule it looks like I have to browse to a file and select it to create the rule, if this is true I would have to have the programs I am trying to block installed already.

    Do I have this right??

    If so that is cool I will just need to prepare to create these rule by getting the executables downloaded.

    SORRY this topic went from .reg files to create security restrictions with group policy!
    0
     
    LVL 1

    Author Comment

    by:michaelkirk
    When I add my imblock.reg iile to sysvol and add to my logon.bat file the correct path it works almost.

    It comes up with a question window from "registry editor" asking if they would like to add the information to the registry, if yes is selected it applies the changes.

    This almost works in the sense that it can be applied.
    It does not work in the sense that I do not want the users being asked permission.

    I have tried an /y and that does not work either.

    Any suggestions?
    0
     
    LVL 82

    Expert Comment

    by:oBdA
    To quietly import a .reg file, you can use "/s" as argument. But if your .reg files contains settings in HKLM, your user will only be able to import this file when they are administrators on their machines.
    What exactly are the keys you're trying to set?
    0
     
    LVL 1

    Author Comment

    by:michaelkirk
    Thanks obda you where right on.

    I discovered that as long as they are administrators on there machines it works out fine as long as I have the /s argument and the .reg in netlogon path.

    my users are admins due to various software etc. not running right without admin rights.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Lean Six Sigma Project Manager Certification

    There are many schools of thought around successful project management, but few as highly regarded as the Six Sigma and Lean methods. With 37 hours of learning, this training will explain concrete processes for increasing efficiency and limiting wasted time and effort.

    So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
    Learn about cloud computing and its benefits for small business owners.
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    913 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now