Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Cannot launch .reg file with logon batch file

Posted on 2004-10-29
Medium Priority
Last Modified: 2010-04-19
I made a .reg file that blocks what I consider to be the top 5 IM programs, there installs and the Hotbar installer.
I wanted to save myself some time and have it launched when my users log on so I did not following.

I put the .reg file in the sysvol share in its root and added the line below the my logon.bat

regedit /s \\fa1\sysvol\imblock.reg

it tells the users "access denied"

I check out this files properties and it is inheriting from the parent, everyone has read and execute.

I have been screwing with this for a long time!!
I could have just went to my 100 machines and added it manually by now.
I cannot figure it out and I am afraid I have been on it so long I am missing the obvious.
Question by:michaelkirk
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
LVL 85

Accepted Solution

oBdA earned 2000 total points
ID: 12449538
To start with, this would belong into the %Systemroot%\sysvol\sysvol\your.domain.local\scripts folder and then be accessed using %logonserver%\netlogon\...
The other problem is that your reg script very probably tries to write to HKLM\... This won't work in a logon script, since users don't have write permissions to this hive.
Depending on the settings, you can use a group policy with a customized administrative template instead of a regedit script. What is it you're trying to set?

Expert Comment

ID: 12456267

oBdA has the good answer.
But why don't you use a logon script that can be used for every user in the whole domain. Use KixTart it is the easiest way.

There are a lot off things you can do with Kixtart. I use it and it's great.

LVL 18

Expert Comment

ID: 12464857
I say your best bet is to use group policy to set software restriction policies....there are plenty of great resources out there on group policy to learn how to implement it.
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.


Author Comment

ID: 12472698
I am trying to restrict access to a list of .EXE files that pertain to the installation and execution of IM clients I.E "install_aim.exe", "ypager.exe" Etc..

How do I go about customizing an administrative template??
Could I just create one from scratch??
LVL 18

Expert Comment

ID: 12473175
To customize the admin template....create a GPO and change the settings under the computer or user "admin template". For what you're trying to do though, you need to set software restriction policies which is:

Computer Configuration or User Configuration/Windows Settings/Security Settings/Software Restriction Policies



Author Comment

ID: 12473306
It looks like it can restrict file types only and that to do specific executable I have to create a "hash rule".
Is this true??

To create a hash rule it looks like I have to browse to a file and select it to create the rule, if this is true I would have to have the programs I am trying to block installed already.

Do I have this right??

If so that is cool I will just need to prepare to create these rule by getting the executables downloaded.

SORRY this topic went from .reg files to create security restrictions with group policy!

Author Comment

ID: 12473846
When I add my imblock.reg iile to sysvol and add to my logon.bat file the correct path it works almost.

It comes up with a question window from "registry editor" asking if they would like to add the information to the registry, if yes is selected it applies the changes.

This almost works in the sense that it can be applied.
It does not work in the sense that I do not want the users being asked permission.

I have tried an /y and that does not work either.

Any suggestions?
LVL 85

Expert Comment

ID: 12473984
To quietly import a .reg file, you can use "/s" as argument. But if your .reg files contains settings in HKLM, your user will only be able to import this file when they are administrators on their machines.
What exactly are the keys you're trying to set?

Author Comment

ID: 12475179
Thanks obda you where right on.

I discovered that as long as they are administrators on there machines it works out fine as long as I have the /s argument and the .reg in netlogon path.

my users are admins due to various software etc. not running right without admin rights.

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question