Solved

Importing Registry Settings through Script, Specifiying User Account

Posted on 2007-04-05
5
324 Views
Last Modified: 2010-03-05
I've searched a few of the older posts and have not come up with a solid answer on this one.

We have several Windows 2000 and XP machine scattered on various networks. And we have login scripts in place to map drives, printers, etc.

We want to be able to import registry settings, hopefully using the same process.

Not all workstations have local admin rights though.

So simply using "regedit.exe /S regfile.reg" won't work without generating an error.

I need a way to specify a user account for installation. The administrators account is password protected, so RunAs will not work either without prompting the users for the admin password.


I did come across this solution:

I came across this program here:
http://www.softtreetech.com/24x7/archive/53.htm
And in order to insure that admin passwords were properly setup, this program seemed appropriate:
http://www.microsoft.com/technet/sysinternals/utilities/pspasswd.mspx

So in theory I could execute pspasswd, and then the 3rd party RunAs.
I don't like the idea of being dependent on a third party app though.


Does anyone know how this can be done with the applications Microsoft provides?
All workstations are on a Windows 2000 or Windows 2003 domain, if that information helps.
Admin tools packs can be downloaded and installed if needed.
0
Comment
Question by:ITD_Technician
  • 3
  • 2
5 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 18859010
If you're using AD & Group Policy, create a startup script (not a login script) that runs the regedit command you need.

Startup scripts run in the security context of LocalSystem, and should be able to update whatever registry keys you need - this is how I did the DST registry edits for the remaining 2K machines in my environment.

Otherwise you're embedding an administrative username/password as clear text into a login script, which I don't have to tell you is not the best idea in the world.  :-)

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 

Author Comment

by:ITD_Technician
ID: 18859195
I didn't like the idea either, which is why I created this post.

Can you be more specific on how this would be done?
Our script that I mentioned is distributed through GP (User Config, Windows Settings, Scripts), but runs as the user logs in.
I haven't worked with scripts that run before login. I am guessing they would have to be deployed through GP in some way?

Perhaps your DST code would help me. It sounds like it may have worked better then how we did it.
0
 

Author Comment

by:ITD_Technician
ID: 18859212
Or did you mean executing the script from GP under Computer Configuration --> Windows Settings --> Scripts --> Startup?
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18859234
Bingo (the path under Computer Configuration, that is).  A computer startup script will run in the context of LocalSystem, and will be able to update keys in HKLM that a normal user account can't modify.

For DST I actually just used the syntax that was listed in the KB article for 2000, and then deployed it using this Startup Script.
0
 

Author Comment

by:ITD_Technician
ID: 18859257
Thank you. I didn't realize that it executed under LocalSystem.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now