We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

How to change a registry key on multiple machines via psexec?

Medium Priority
24,449 Views
Last Modified: 2013-11-13
Ok, I have looked at multiple other EE threads but thus far had no luck applying what I have seen to my organization. Here is what I am trying to do...

I need to edit a registry value located at HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR on a couple hundred desktops running Windows XP. My instinct was to export a key with the desired values and then use a script to execute the exported .reg file remotely via psexec since I have no way to force users to log off and log back in for a login script to run the file. I can go to a remote computer and execute my script which contains only a single line:

regedit /s \\absolute.path\to\file.reg

Path edited, obviously, but you get the point. If I sit at a remote computer and execute this .bat file, the registry value is changed as desired. However, if I run the same .bat file on the same computer via psexec, psexec returns with an error code 0 (so, no error) but the registry value does not change. The psexec command as I'm running it is thus:

psexec \\computername.my.domain -c mybatfile.bat

I have tried entering other switches into the psexec command, such as -s to run the .bat file in the System account, but the end result remains the same. No change is made to the registry on the remote machine despite no error being produced. The only way I have successfully been able to us psexec to execute this script is when I include the -i switch, running it so that it interacts with the desktop on the remote machine, but that still requires user input which is what I'm trying to avoid.

Can anyone tell me what I'm missing here?
Comment
Watch Question

CERTIFIED EXPERT

Commented:
Have you tried just running psexec with psexec \\computername.my.domain regedit /s \\absolute.path\to\file.reg

You may not need the batch file at all.
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
Here you go...

PathToPSExec\psexec -d -i -c "@PathToTxtFile\computers.txt" regedit.exe /s "\\UNCPathToRegFile\file.reg"

Open in new window

Author

Commented:
I have, and I get the same result. It returns with Error Code 0 but no value is changed in the remote computer's registry.
Irwin W.There are a 1000 ways to skin the technology cat.
CERTIFIED EXPERT

Commented:
Make sure when you are using my command, there is only one computername(or IP) per line...Also, make sure that the user you are running PSExec as has local admin rights on the workstations.
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
There's actually no need for heavy artillery like psexec here.
You can use reg.exe to do that remotely (btw: a login script wouldn't work because users are not allowed to write to HKLM; you'd need a startup script):
reg.exe add \\<MachineName>\HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v "the Value name" /d "the Data" /f

To do that for a list of machines ("machines.txt", one name per line), you can run it from the command line like this:
for /f %a in ('type machines.txt') do @reg.exe add \\%a\HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v "Value name" /d "Data" /f

Or, as a batch script, double up on the percent signs:
@echo off
for /f %%a in ('type machines.txt') do reg.exe add \\%%a\HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v "Value name" /d "Data" /f

Author

Commented:
nappy_d: When I try to run it with the switches you've provided I get a response from psexec that "regedit.exe was started on computername.my.domain with process ID 872." but still no love on the change actually occurring.
Commented:
The problem is -s suppresses feedback. It could be any number of problems.

I assume you're trying to block USB removable storage. Try:

psexec -u user -p pass \\remote reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR" /v "Start" /t REG_DWORD /d 0x04 /f

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT

Commented:
If you are trying to disable usb removable devices you can use this ADM file from petri.

http://www.petri.co.il/disable_writing_to_usb_disks_in_xp_sp2_with_gpo.htm

Author

Commented:
Awesome. This was exactly what I was looking for

Author

Commented:
nevesis provided the first solution that worked for me and that I understood immediately. Marking many other comments as helpful, though. Thanks all!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.