[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 547
  • Last Modified:

Cannot launch .reg file with logon batch file

I made a .reg file that blocks what I consider to be the top 5 IM programs, there installs and the Hotbar installer.
I wanted to save myself some time and have it launched when my users log on so I did not following.

I put the .reg file in the sysvol share in its root and added the line below the my logon.bat

regedit /s \\fa1\sysvol\imblock.reg

it tells the users "access denied"

I check out this files properties and it is inheriting from the parent, everyone has read and execute.

I have been screwing with this for a long time!!
I could have just went to my 100 machines and added it manually by now.
I cannot figure it out and I am afraid I have been on it so long I am missing the obvious.
0
michaelkirk
Asked:
michaelkirk
  • 4
  • 2
  • 2
  • +1
1 Solution
 
oBdACommented:
To start with, this would belong into the %Systemroot%\sysvol\sysvol\your.domain.local\scripts folder and then be accessed using %logonserver%\netlogon\...
The other problem is that your reg script very probably tries to write to HKLM\... This won't work in a logon script, since users don't have write permissions to this hive.
Depending on the settings, you can use a group policy with a customized administrative template instead of a regedit script. What is it you're trying to set?
0
 
MijnalsCommented:
Hi,


oBdA has the good answer.
But why don't you use a logon script that can be used for every user in the whole domain. Use KixTart it is the easiest way.

Note.
There are a lot off things you can do with Kixtart. I use it and it's great.


GOOD LUCK
0
 
luv2smileCommented:
I say your best bet is to use group policy to set software restriction policies....there are plenty of great resources out there on group policy to learn how to implement it.
0
[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

 
michaelkirkAuthor Commented:
I am trying to restrict access to a list of .EXE files that pertain to the installation and execution of IM clients I.E "install_aim.exe", "ypager.exe" Etc..


How do I go about customizing an administrative template??
Could I just create one from scratch??
0
 
luv2smileCommented:
To customize the admin template....create a GPO and change the settings under the computer or user "admin template". For what you're trying to do though, you need to set software restriction policies which is:

Computer Configuration or User Configuration/Windows Settings/Security Settings/Software Restriction Policies

See:

http://support.microsoft.com/default.aspx?scid=kb;en-us;324036#5
0
 
michaelkirkAuthor Commented:
It looks like it can restrict file types only and that to do specific executable I have to create a "hash rule".
Is this true??

To create a hash rule it looks like I have to browse to a file and select it to create the rule, if this is true I would have to have the programs I am trying to block installed already.

Do I have this right??

If so that is cool I will just need to prepare to create these rule by getting the executables downloaded.

SORRY this topic went from .reg files to create security restrictions with group policy!
0
 
michaelkirkAuthor Commented:
When I add my imblock.reg iile to sysvol and add to my logon.bat file the correct path it works almost.

It comes up with a question window from "registry editor" asking if they would like to add the information to the registry, if yes is selected it applies the changes.

This almost works in the sense that it can be applied.
It does not work in the sense that I do not want the users being asked permission.

I have tried an /y and that does not work either.

Any suggestions?
0
 
oBdACommented:
To quietly import a .reg file, you can use "/s" as argument. But if your .reg files contains settings in HKLM, your user will only be able to import this file when they are administrators on their machines.
What exactly are the keys you're trying to set?
0
 
michaelkirkAuthor Commented:
Thanks obda you where right on.

I discovered that as long as they are administrators on there machines it works out fine as long as I have the /s argument and the .reg in netlogon path.

my users are admins due to various software etc. not running right without admin rights.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now