Solved

Logon Script to set registry key.

Posted on 2008-06-25
6
1,873 Views
Last Modified: 2008-11-11
Windows 2000 Domain
1500 Windows 2000 desktops

What I need to do is change the following registry keys on all PCs on the network. When i run the .reg file the correct settings are applied no problem so I know they are correct.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"LegalNoticeCaption"="XXXXXX Data Network"
"LegalNoticeText"="A criminal offence may be commited by accessing this computer or modifying any data in this computer without authorisation and persons doing so may be liable to prosecution"
"LogonPrompt"="XXXXXX authorised staff may enter a user name and password"
"DontDisplayLastUsername"="1"

ADM EFFORT
I have tried to create a .ADM file but it says there is an error in line 16. When i import other ADM files the atributes appear but have no settings underneath them.

To do this I used an app called ADM2REG.exe which converts .reg files into .ADM. I have now given up on this as i am aware that our AD is a bit sketchy some of the time and don't have any previous experience to know if this is correct behaviour or not. (Can't wait until we upgrade to 2003).
Here is the ADM file if anyone wants to comment. Fails to import on line 16 whic is the END POLICY line? Unfortunately I don't have a test domain just now so can't try to import it on another domain to see if it functions.
CLASS MACHINE
CATEGORY "SOFTWARE\Microsoft\Windows NT\CurrentVersion"
  POLICY Winlogon
  KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
    PART LegalNoticeCaption EDITTEXT
    VALUENAME "LegalNoticeCaption"
    END PART
    PART LegalNoticeText EDITTEXT
    VALUENAME "LegalNoticeText"
    END PART
    PART LogonPrompt EDITTEXT
    VALUENAME "LogonPrompt"
    END PART
    PART DontDisplayLastUserName EDITTEXT
    END PART
  END POLICY
END CATEGORY

WHAT I WANT:

I would now like to make these changes using the Startup script but am unsure of what syntax to add in. The security would be ok as it would run as system.
Have spent some time trying to find good articles but they all mention .ADM files or reg.ini.

My scripting is pretty limited hence I am asking here.

Thanks in advance for your help.
0
Comment
Question by:AWGMorrison
  • 2
  • 2
6 Comments
 
LVL 38

Expert Comment

by:Shift-3
ID: 21868534
Just place the .reg file in the script directory and use the command REGEDIT /S filename.reg.
0
 

Author Comment

by:AWGMorrison
ID: 21868580
I tried that and without the /S it asks the user to accept. I found the /S and it doesn't seem to work?

I assumed it was because the users don't have permission to modify the registry? Is that not correct. As I said before we do have some issues with AD here and there so wouldn't be a total shock if it wasn't working as expected.
0
 
LVL 38

Accepted Solution

by:
Shift-3 earned 400 total points
ID: 21869045
If you're using it in a startup script (under Computer Configuration\Windows Settings\Scripts\Startup) rather than a logon script then it should run under the computer's SYSTEM account.  By default this account has full control of HKEY_LOCAL_MACHINE, so permissions shouldn't be a problem.
0
 

Author Comment

by:AWGMorrison
ID: 21870486
What is the syntax for setting a regsitry key in the Startup script?

Apologies but I can't find a guide to this anywhere.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Find out what the Office 365 disclaimer function is, why you would use it and its limited ability to create Office 365 signatures.
This video discusses moving either the default database or any database to a new volume.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now