IN_DOE
asked on
How to change a registry key on multiple machines via psexec?
Ok, I have looked at multiple other EE threads but thus far had no luck applying what I have seen to my organization. Here is what I am trying to do...
I need to edit a registry value located at HKLM\SYSTEM\CurrentControl
regedit /s \\absolute.path\to\file.re
Path edited, obviously, but you get the point. If I sit at a remote computer and execute this .bat file, the registry value is changed as desired. However, if I run the same .bat file on the same computer via psexec, psexec returns with an error code 0 (so, no error) but the registry value does not change. The psexec command as I'm running it is thus:
psexec \\computername.my.domain -c mybatfile.bat
I have tried entering other switches into the psexec command, such as -s to run the .bat file in the System account, but the end result remains the same. No change is made to the registry on the remote machine despite no error being produced. The only way I have successfully been able to us psexec to execute this script is when I include the -i switch, running it so that it interacts with the desktop on the remote machine, but that still requires user input which is what I'm trying to avoid.
Can anyone tell me what I'm missing here?
I need to edit a registry value located at HKLM\SYSTEM\CurrentControl
regedit /s \\absolute.path\to\file.re
Path edited, obviously, but you get the point. If I sit at a remote computer and execute this .bat file, the registry value is changed as desired. However, if I run the same .bat file on the same computer via psexec, psexec returns with an error code 0 (so, no error) but the registry value does not change. The psexec command as I'm running it is thus:
psexec \\computername.my.domain -c mybatfile.bat
I have tried entering other switches into the psexec command, such as -s to run the .bat file in the System account, but the end result remains the same. No change is made to the registry on the remote machine despite no error being produced. The only way I have successfully been able to us psexec to execute this script is when I include the -i switch, running it so that it interacts with the desktop on the remote machine, but that still requires user input which is what I'm trying to avoid.
Can anyone tell me what I'm missing here?
Here you go...
PathToPSExec\psexec -d -i -c "@PathToTxtFile\computers.txt" regedit.exe /s "\\UNCPathToRegFile\file.reg"
ASKER
I have, and I get the same result. It returns with Error Code 0 but no value is changed in the remote computer's registry.
Make sure when you are using my command, there is only one computername(or IP) per line...Also, make sure that the user you are running PSExec as has local admin rights on the workstations.
There's actually no need for heavy artillery like psexec here.
You can use reg.exe to do that remotely (btw: a login script wouldn't work because users are not allowed to write to HKLM; you'd need a startup script):
reg.exe add \\<MachineName>\HKLM\SYSTE
To do that for a list of machines ("machines.txt", one name per line), you can run it from the command line like this:
for /f %a in ('type machines.txt') do @reg.exe add \\%a\HKLM\SYSTEM\CurrentCo
Or, as a batch script, double up on the percent signs:
@echo off
for /f %%a in ('type machines.txt') do reg.exe add \\%%a\HKLM\SYSTEM\CurrentC
You can use reg.exe to do that remotely (btw: a login script wouldn't work because users are not allowed to write to HKLM; you'd need a startup script):
reg.exe add \\<MachineName>\HKLM\SYSTE
To do that for a list of machines ("machines.txt", one name per line), you can run it from the command line like this:
for /f %a in ('type machines.txt') do @reg.exe add \\%a\HKLM\SYSTEM\CurrentCo
Or, as a batch script, double up on the percent signs:
@echo off
for /f %%a in ('type machines.txt') do reg.exe add \\%%a\HKLM\SYSTEM\CurrentC
ASKER
nappy_d: When I try to run it with the switches you've provided I get a response from psexec that "regedit.exe was started on computername.my.domain with process ID 872." but still no love on the change actually occurring.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you are trying to disable usb removable devices you can use this ADM file from petri.
http://www.petri.co.il/disable_writing_to_usb_disks_in_xp_sp2_with_gpo.htm
http://www.petri.co.il/disable_writing_to_usb_disks_in_xp_sp2_with_gpo.htm
ASKER
Awesome. This was exactly what I was looking for
ASKER
nevesis provided the first solution that worked for me and that I understood immediately. Marking many other comments as helpful, though. Thanks all!
You may not need the batch file at all.