Importing a registry key when the user logs on.

Hi guys,

We are running Windows 2003 AD.

I have a registry key that Id like to import into the HKCU section for every user that logs on to a Citrix 2003 Server.

I went into regedit and exported the key which is:

Windows Registry Editor Version 5.00


What Id like to do is:

When each user logs on to this citrix server, for the above key to be imported into their HKCU, so I think I only need to run this ONCE for every user that logs on.

Can someone help me out here how I might put this into a GPO or logon script?

Thanks in advance.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

My personal experience only extends to using login scripts. In particular I've used the KIX script language. In terms of having a registry key run only once, the way that I've done this in the past is to create two script versions, one with the 'run once' component and one without it.

Have a read about Basic KIX Login Scripting for Citrix:
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Hi Simon336697,

The key you are trying to change is actually controlled by a group policy, so there is no need to explicitly change that key... you just need to apply the appropriate policy and the key will change.

For a full overview of how to control this policy, please see:

Generally you only want to automate changes of registry keys for those items which are not available in GPOs (usually this would only be a 3rd part app which doesn't have a corresponding adm file that can be loaded into the GP schema... as MS covers thousands of items already with GP).

Good Luck!

Actually, you can't import this change using a registry file. Access to the *\policies\* keys in the registry is restricted, so the user won't be able to set this during logon--otherwise he would as well be able to undo any restrictions assigned by a policy ...
You basically have those settings in the standard policies (in system.adm).
The "NoDrives" is in User Configuration\Administrative Templates\Windows Components\Windows Explorer, "Hide this drives ..." (not using an English version).
You're aware that the value you want to set is the default of 0, which means no drives hidden?

Using Group Policy Objects to hide specified drives in My Computer for Windows 2000

The other one is in User Configuration\Administrative Templates\System, "Disable Autorun".
The combination you want to set is invalid; it has the "2" in it which isn't defined.
If you want to use your own combination to hide drives (as described in the article above), or disable autoplay, you can create your own adm template.
Don't change system.adm to do that; this file will probably be updated, and you'll lose your customized settings.
Here's a template with some customized values alread in it that you can adjust to your likings and import into your gp editor:


CATEGORY !!CustomizedSettings
  CATEGORY !!WindowsExplorer
    KEYNAME "Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
    POLICY !!NoDrives
      EXPLAIN !!NoDrives_Help
        VALUENAME "NoDrives"
        NAME !!ABOnly           VALUE NUMERIC      3
        NAME !!COnly            VALUE NUMERIC      4
        NAME !!DOnly            VALUE NUMERIC       8
        NAME !!CDOnly           VALUE NUMERIC       12
        NAME !!ABConly          VALUE NUMERIC       7
        NAME !!ABCDOnly         VALUE NUMERIC      15
        NAME !!AllExceptAE      VALUE NUMERIC      67108846
        NAME !!ALLDrives        VALUE NUMERIC      67108863 DEFAULT
        ; low 26 bits on (1 bit per drive)
        NAME !!RestNoDrives     VALUE NUMERIC      0
      END PART                  

    POLICY !!NoViewOnDrive
      EXPLAIN !!NoViewOnDrive_Help
        VALUENAME "NoViewOnDrive"
        NAME !!ABOnly           VALUE NUMERIC      3
        NAME !!COnly            VALUE NUMERIC      4
        NAME !!DOnly            VALUE NUMERIC       8
        NAME !!CDOnly           VALUE NUMERIC       12
        NAME !!ABConly          VALUE NUMERIC       7
        NAME !!ABCDOnly         VALUE NUMERIC      15
        NAME !!AllExceptAE      VALUE NUMERIC      67108846
        NAME !!ALLDrives        VALUE NUMERIC      67108863 DEFAULT
        ; low 26 bits on (1 bit per drive)
        NAME !!RestNoDrives     VALUE NUMERIC      0
      END PART                  

    POLICY !!Autorun
      EXPLAIN !!Autorun_Help
      PART !!Autorun_Explanation01 TEXT END PART
      PART !!Autorun_Explanation02 TEXT END PART
      PART !!Autorun_Box TEXT END PART
        VALUENAME "NoDriveTypeAutoRun"
        NAME !!Autorun_NoCD        VALUE NUMERIC 181 DEFAULT
        NAME !!Autorun_Customized  VALUE NUMERIC 185
        NAME !!Autorun_None        VALUE NUMERIC 255
      END PART
  END CATEGORY ; !!WindowsExplorer

END CATEGORY ; !!CustomizedSettings

ABCDOnly="Restrict drives A, B, C and D only"
ABConly="Restrict drives A, B and C only"
ABOnly="Restrict drives A and B only"
AllExceptAE="Restrict all drives except A and E"
ALLDrives="Restrict all drives"
COnly="Restrict drive C only"
DOnly="Restrict drive D only"
CDOnly="Restrict drives C and D only"
NoDrives="Hide these drives in Explorer"
NoDrivesDropdown="Choose one of the following combinations:"
NoDrives_Help="Copy and paste this entry from %SYSTEMROOT%\inf\system.adm!"
NoViewOnDrive="Restrict access to these drives"
NoViewOnDrive_Help="Copy and paste this entry from %SYSTEMROOT%\inf\system.adm!"
RestNoDrives="Do not restrict any drives"

Autorun="Disable Autoplay"
Autorun_Explanation01="Note: Leaving this policy to Unconfigured means autorun disabled on:"
Autorun_Explanation02="Unknown, Floppy, Network drives"
Autorun_Box="Deactivate Autoplay on:"
Autorun_NoCD="Unknown, Floppy, Net, CD"
Autorun_None="All drives"
Autorun_Customized="Unknown, Floppy, Net, CD, Removable"
Autorun_Help="Copy and paste this entry from %SYSTEMROOT%\inf\system.adm!"

CustomizedSettings="Customized Settings"
WindowsExplorer="Windows Explorer"

; Pattern to hide drives; convert the binary to decimal:
; zyxwvutsrqponmlkjihgfedcba
; 00000000000000000000001100

; values for the NoDrivesTypeAutorun:
; Unknown drives     1
; Removable drives   4
; Fixed drives       8
; Network drives    16
; CD-ROM drives     32
; RAM drives        64
; Unknown drives   128
; Add the values above to create custom values
; Standard (unconfigured policy) is 149

Note that I didn't include the "Explain" (xxx_Help) strings; one reason is I'm not using an English version, the other is that these are rather long. You can copy and paste them from the original system.adm if you want/need them.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
To elaborate a little bit on the invalid "91" value, let's see how the binary value of 91 splits down (copy and paste that into notepad for proper display):

01011011 = 91 dec.
|||||||+--0x01, Unknown (bit is 1, so autorun disabled)
||||||+---0x02, *** UNDEFINED BIT ENABLED! ***
|||||+----0x04, Removable (bit is 0, so autorun enabled)
||||+-----0x08, Fixed (bit is 1, so autorun disabled)
|||+------0x10, Network (bit is 1, so autorun disabled)
||+-------0x20, CD-ROM (bit is 0, so autorun enabled)
|+--------0x40, RAM (bit is 1, so autorun disabled)
+---------0x80, Unknown (bit is 0, so autorun enabled)

It's probably not dramatic, as the "All Drives" value sets this bit as well, but it indicates that something with your calculation went wrong (and so does that one of the two "Unknown" drives is disabled, the other enabled).
And just so you don't have to fight with the Autorun values anymore, here's a little batch (W2k or later) to calculate the value to use:

@echo off
setlocal enabledelayedexpansion
:: *** Set the default values of drives to disable autorun for:
set Unknown=y
set Removable=y
set Fixed=n
set Network=y
set CD-ROM=n
set RAM=n
set All=n

echo Specify whether or not to disable the Autorun feature for the following
echo drive types. The default settings are specified in square brackets;
echo you can accept them by hitting ^<Enter^>.
echo Disable Autorun for ...
for %%a in (Unknown Removable Fixed Network CD-ROM RAM All) do call :query %%a
set /a NoDrivesTypeAutorun=0
if /i "%Unknown%"=="y" set /a NoDrivesTypeAutorun += 0x81
if /i "%Removable%"=="y" set /a NoDrivesTypeAutorun += 0x4
if /i "%Fixed%"=="y" set /a NoDrivesTypeAutorun += 0x8
if /i "%Network%"=="y" set /a NoDrivesTypeAutorun += 0x10
if /i "%CD-ROM%"=="y" set /a NoDrivesTypeAutorun += 0x20
if /i "%RAM%"=="y" set /a NoDrivesTypeAutorun += 0x40
if /i "%All%"=="y" set /a NoDrivesTypeAutorun = 0xFF
echo NoDrivesTypeAutorun value: %NoDrivesTypeAutorun%
goto leave

set Drive=%1
set Value=
set /p Value=... %Drive% drives ^(y/n^) [!%Drive%!]:
if "%Value%"=="" goto :eof
if /i not "%Value:n=y%"=="y" goto :query
set %Drive%=%Value%
goto :eof
Simon336697Author Commented:
Thanks guys!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.