Cannot launch .reg file with logon batch file

I made a .reg file that blocks what I consider to be the top 5 IM programs, there installs and the Hotbar installer.
I wanted to save myself some time and have it launched when my users log on so I did not following.

I put the .reg file in the sysvol share in its root and added the line below the my logon.bat

regedit /s \\fa1\sysvol\imblock.reg

it tells the users "access denied"

I check out this files properties and it is inheriting from the parent, everyone has read and execute.

I have been screwing with this for a long time!!
I could have just went to my 100 machines and added it manually by now.
I cannot figure it out and I am afraid I have been on it so long I am missing the obvious.
LVL 1
michaelkirkAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
To start with, this would belong into the %Systemroot%\sysvol\sysvol\your.domain.local\scripts folder and then be accessed using %logonserver%\netlogon\...
The other problem is that your reg script very probably tries to write to HKLM\... This won't work in a logon script, since users don't have write permissions to this hive.
Depending on the settings, you can use a group policy with a customized administrative template instead of a regedit script. What is it you're trying to set?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MijnalsCommented:
Hi,


oBdA has the good answer.
But why don't you use a logon script that can be used for every user in the whole domain. Use KixTart it is the easiest way.

Note.
There are a lot off things you can do with Kixtart. I use it and it's great.


GOOD LUCK
0
luv2smileCommented:
I say your best bet is to use group policy to set software restriction policies....there are plenty of great resources out there on group policy to learn how to implement it.
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

michaelkirkAuthor Commented:
I am trying to restrict access to a list of .EXE files that pertain to the installation and execution of IM clients I.E "install_aim.exe", "ypager.exe" Etc..


How do I go about customizing an administrative template??
Could I just create one from scratch??
0
luv2smileCommented:
To customize the admin template....create a GPO and change the settings under the computer or user "admin template". For what you're trying to do though, you need to set software restriction policies which is:

Computer Configuration or User Configuration/Windows Settings/Security Settings/Software Restriction Policies

See:

http://support.microsoft.com/default.aspx?scid=kb;en-us;324036#5
0
michaelkirkAuthor Commented:
It looks like it can restrict file types only and that to do specific executable I have to create a "hash rule".
Is this true??

To create a hash rule it looks like I have to browse to a file and select it to create the rule, if this is true I would have to have the programs I am trying to block installed already.

Do I have this right??

If so that is cool I will just need to prepare to create these rule by getting the executables downloaded.

SORRY this topic went from .reg files to create security restrictions with group policy!
0
michaelkirkAuthor Commented:
When I add my imblock.reg iile to sysvol and add to my logon.bat file the correct path it works almost.

It comes up with a question window from "registry editor" asking if they would like to add the information to the registry, if yes is selected it applies the changes.

This almost works in the sense that it can be applied.
It does not work in the sense that I do not want the users being asked permission.

I have tried an /y and that does not work either.

Any suggestions?
0
oBdACommented:
To quietly import a .reg file, you can use "/s" as argument. But if your .reg files contains settings in HKLM, your user will only be able to import this file when they are administrators on their machines.
What exactly are the keys you're trying to set?
0
michaelkirkAuthor Commented:
Thanks obda you where right on.

I discovered that as long as they are administrators on there machines it works out fine as long as I have the /s argument and the .reg in netlogon path.

my users are admins due to various software etc. not running right without admin rights.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.