Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Import registry changes via logon script when registry editing is disabled with group policy

Posted on 2005-03-14
5
Medium Priority
?
2,653 Views
Last Modified: 2008-01-09
I am running a Win 2K Domain with W2K and XPP clients. I have registry editing disabled with GP but want to import SUS registry values and settings via a logon script. These changes are being ignored due to the GP restrictions. I know I can use GP to set the SUS settings but not all of them, so I need to use the logon script.
0
Comment
Question by:Jay_Jay70
  • 3
5 Comments
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13541777
>>>I have registry editing disabled with GP but want to import SUS registry values and settings via a logon script. These changes are being ignored due to the GP restrictions.

You have disabled Registry yourself and now you want to import something in it then why you disabled it. You could disable it after importing the SUS settings in registry using login script. To import anything in registry you need to enable it from group policy because Microsoft has designed it for security purpose and you are trying to break the security. Isn't it? If you disable it using Group Policy no one can access or do anything in it.

A Friendly Talk.

>>>I know I can use GP to set the SUS settings but not all of them, so I need to use the logon script.

But you can use Group to filter Group Policy settings. Suppose you have five machines in your domain and you want three computers to have SUS settings from Group Policy then you can apply the permission for these three computers. The Group Policy settings for SUS will apply to them only.

There is a way to import data in registry even if you have enabled it but first you have to be clear here.

Thanks
SystmProg
0
 
LVL 48

Author Comment

by:Jay_Jay70
ID: 13541972
SystemProg

I have registry editing disabled to prevent users from making unwanted changes, but this prevents various administrative tasks that need to be implemented by way of a logon script. Surely I am not the first person to have this problem. To put the problem another way - can a logon script be "run as" a different user, such as "administrator" that is exempt from the GP, even though the "regular" user is logging on?  Changes to our SOE are on going and need to be rolled out to over 600 PC's in over 100 sites in an automated process. We can't be modifying the GP to allow registry editing, and then change it back once the script has run.

Thank You
0
 
LVL 35

Accepted Solution

by:
Nirmal Sharma earned 1000 total points
ID: 13544258
So I think you are disabling registry for users only. Right?

If you are trying to run this from a script, whether VB or a bat file, you can't exceed the permissions of the user running the script.  The simple solution to this is to add your users into the "Power Users" group.  They won't have full admin right, but they should be able to add this in registry.

Another method is to use the RUNAS command when running your script, but this presents several security flaws (such as having the local admin password in a batch file or script).  Many people get around this problem by creating a batch file that does what you want and includes the admin password, and then converting it to a .com or .exe file using one of the free utils available:

http://www.computerhope.com/download/utility/bat2exe.com

http://www.subnetonline.com/cgi-bin/download/download2.pl?cat=none&name=bat2com

Thanks
0
 
LVL 3

Expert Comment

by:arausch
ID: 13547759
SystmProg,

Please tell me you didn't just cut-and-paste my comment from here:
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21350286.html

That is just pitiful!!!

Andrew
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 15615874
I'm sorry, Andrew.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
How do you create a user-centered user experience on your website? And what are some things you should consider in the process?
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…
Suggested Courses
Course of the Month12 days, 8 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question