Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 339
  • Last Modified:

Importing Registry Settings through Script, Specifiying User Account

I've searched a few of the older posts and have not come up with a solid answer on this one.

We have several Windows 2000 and XP machine scattered on various networks. And we have login scripts in place to map drives, printers, etc.

We want to be able to import registry settings, hopefully using the same process.

Not all workstations have local admin rights though.

So simply using "regedit.exe /S regfile.reg" won't work without generating an error.

I need a way to specify a user account for installation. The administrators account is password protected, so RunAs will not work either without prompting the users for the admin password.


I did come across this solution:

I came across this program here:
http://www.softtreetech.com/24x7/archive/53.htm
And in order to insure that admin passwords were properly setup, this program seemed appropriate:
http://www.microsoft.com/technet/sysinternals/utilities/pspasswd.mspx

So in theory I could execute pspasswd, and then the 3rd party RunAs.
I don't like the idea of being dependent on a third party app though.


Does anyone know how this can be done with the applications Microsoft provides?
All workstations are on a Windows 2000 or Windows 2003 domain, if that information helps.
Admin tools packs can be downloaded and installed if needed.
0
ITD_Technician
Asked:
ITD_Technician
  • 3
  • 2
1 Solution
 
LauraEHunterMVPCommented:
If you're using AD & Group Policy, create a startup script (not a login script) that runs the regedit command you need.

Startup scripts run in the security context of LocalSystem, and should be able to update whatever registry keys you need - this is how I did the DST registry edits for the remaining 2K machines in my environment.

Otherwise you're embedding an administrative username/password as clear text into a login script, which I don't have to tell you is not the best idea in the world.  :-)

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0
 
ITD_TechnicianAuthor Commented:
I didn't like the idea either, which is why I created this post.

Can you be more specific on how this would be done?
Our script that I mentioned is distributed through GP (User Config, Windows Settings, Scripts), but runs as the user logs in.
I haven't worked with scripts that run before login. I am guessing they would have to be deployed through GP in some way?

Perhaps your DST code would help me. It sounds like it may have worked better then how we did it.
0
 
ITD_TechnicianAuthor Commented:
Or did you mean executing the script from GP under Computer Configuration --> Windows Settings --> Scripts --> Startup?
0
 
LauraEHunterMVPCommented:
Bingo (the path under Computer Configuration, that is).  A computer startup script will run in the context of LocalSystem, and will be able to update keys in HKLM that a normal user account can't modify.

For DST I actually just used the syntax that was listed in the KB article for 2000, and then deployed it using this Startup Script.
0
 
ITD_TechnicianAuthor Commented:
Thank you. I didn't realize that it executed under LocalSystem.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now