• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 415
  • Last Modified:

Help with AD Login script

Im having a little trouble getting a login script working.  What I need to do is allow read/write access to the following Touchstar registry key and its child keys

[HKEY_LOCAL_MACHINE\SOFTWARE\TRG\TSAgent]

Do you any of you guys have a script or software that will allow this?  Here is my current login script that im working off.


;Maps E: to Proteldata share for Pinnacle

net use e: \\ordentry\pi-2000

;Sets user desktop to deafult values upon login
rmdir /s /q "%userprofile%\desktop"

mkdir "%userprofile%\desktop"

;Runs batch job to clear Pinnacle cache directory
\\ansa_nas\admin\it\dave\util\lsrunas /user:batch_run /password:xxxxxxxxx /domain:abc123.local /command:\\192.168.25.42\admin\it\dave\util\Del_cache.bat /runpath:c:\

;Add read/write permissions to registry key for Touchstar users  (part of the script that keeps failing)
cd "D:\Program Files\Support Tools"

setacl -on "hklm\software\microsoft\" -ot reg -actn ace -ace n:%computername%\everyone;p:full

;Copies folder to users desktop with utilites needed to take calls
xcopy \\192.168.25.42\admin\Pinnacle_Inbound "%userprofile%\desktop\Pinnacle_Inbound" /I /Y

;Pause is included for testing.  It will be removed once the login script is finalized
pause
0
DGCREST
Asked:
DGCREST
  • 2
1 Solution
 
TheCapedPlodderCommented:
The only way I know of how to do this is using regini from the Windows Server Support Tools.

You would place regini.exe in a suitable location accessible to all machines (e.g. Netlogon).

You would then create a text file the reg key in and the necessary ACL e.g.:

\Registry\hive\key [permissions]

The permissions can be as follows:

1  - Administrators Full Access
2  - Administrators Read Access
3  - Administrators Read and Write Access
4  - Administrators Read, Write and Delete Access
5  - Creator Full Access
6  - Creator Read and Write Access
7  - World Full Access
8  - World Read Access
9  - World Read and Write Access
10 - World Read, Write and Delete Access
11 - Power Users Full Access
12 - Power Users Read and Write Access
13 - Power Users Read, Write and Delete Access
14 - System Operators Full Access
15 - System Operators Read and Write Access
16 - System Operators Read, Write and Delete Access
17 - System Full Access
18 - System Read and Write Access
19 - System Read Access
20 - Administrators Read, Write and Execute Access
21 - Interactive User Full Access
22 - Interactive User Read and Write Access
23 - Interactive User Read, Write and Delete Access

Once you have your text file you would run:

regini textfilename.txt

Full syntax is available from regini.exe /?

Also see the following MS article:

http://support.microsoft.com/kb/245031

Cheers,

TCP
0
 
cagadaCommented:
You can use subinacl.exe
(http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en)

The syntax can be a bit confusing - but you can use the following /KEYREG and /SUBKEYREG as the object type and the actions can be /grant /deny.

use 'subinacl.exe /help /full' to get all the documantion.  You may need to dump that into a text file ' >sub.txt'

0
 
DGCRESTAuthor Commented:
Thanks, I will give this a try, I looks like it will resolve my issue. I will let you know my results.
Thx
0
 
cagadaCommented:
In reading further into your question, you will probably have difficulties running this in a user login script.  A user will need to have permissions to apply the permissions.  So, if the user already has permissions...

You can run this as a computer startup script where it runs as local system.  But better yet, if you have Active Directory, you can use Group Policy to set permissions on registry keys.
\Computer Configuration\Windows Settings\Security Settings\Registry

Using group policy - you can probably save some time.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now