Import registry changes via logon script when registry editing is disabled with group policy

Posted on 2005-03-14
Medium Priority
Last Modified: 2008-01-09
I am running a Win 2K Domain with W2K and XPP clients. I have registry editing disabled with GP but want to import SUS registry values and settings via a logon script. These changes are being ignored due to the GP restrictions. I know I can use GP to set the SUS settings but not all of them, so I need to use the logon script.
Question by:Jay_Jay70
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 13541777
>>>I have registry editing disabled with GP but want to import SUS registry values and settings via a logon script. These changes are being ignored due to the GP restrictions.

You have disabled Registry yourself and now you want to import something in it then why you disabled it. You could disable it after importing the SUS settings in registry using login script. To import anything in registry you need to enable it from group policy because Microsoft has designed it for security purpose and you are trying to break the security. Isn't it? If you disable it using Group Policy no one can access or do anything in it.

A Friendly Talk.

>>>I know I can use GP to set the SUS settings but not all of them, so I need to use the logon script.

But you can use Group to filter Group Policy settings. Suppose you have five machines in your domain and you want three computers to have SUS settings from Group Policy then you can apply the permission for these three computers. The Group Policy settings for SUS will apply to them only.

There is a way to import data in registry even if you have enabled it but first you have to be clear here.

LVL 48

Author Comment

ID: 13541972

I have registry editing disabled to prevent users from making unwanted changes, but this prevents various administrative tasks that need to be implemented by way of a logon script. Surely I am not the first person to have this problem. To put the problem another way - can a logon script be "run as" a different user, such as "administrator" that is exempt from the GP, even though the "regular" user is logging on?  Changes to our SOE are on going and need to be rolled out to over 600 PC's in over 100 sites in an automated process. We can't be modifying the GP to allow registry editing, and then change it back once the script has run.

Thank You
LVL 35

Accepted Solution

Nirmal Sharma earned 1000 total points
ID: 13544258
So I think you are disabling registry for users only. Right?

If you are trying to run this from a script, whether VB or a bat file, you can't exceed the permissions of the user running the script.  The simple solution to this is to add your users into the "Power Users" group.  They won't have full admin right, but they should be able to add this in registry.

Another method is to use the RUNAS command when running your script, but this presents several security flaws (such as having the local admin password in a batch file or script).  Many people get around this problem by creating a batch file that does what you want and includes the admin password, and then converting it to a .com or .exe file using one of the free utils available:




Expert Comment

ID: 13547759

Please tell me you didn't just cut-and-paste my comment from here:

That is just pitiful!!!

LVL 35

Expert Comment

by:Nirmal Sharma
ID: 15615874
I'm sorry, Andrew.

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month9 days, 11 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question