How to change a registry key on multiple machines via psexec?

Ok, I have looked at multiple other EE threads but thus far had no luck applying what I have seen to my organization. Here is what I am trying to do...

I need to edit a registry value located at HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR on a couple hundred desktops running Windows XP. My instinct was to export a key with the desired values and then use a script to execute the exported .reg file remotely via psexec since I have no way to force users to log off and log back in for a login script to run the file. I can go to a remote computer and execute my script which contains only a single line:

regedit /s \\absolute.path\to\file.reg

Path edited, obviously, but you get the point. If I sit at a remote computer and execute this .bat file, the registry value is changed as desired. However, if I run the same .bat file on the same computer via psexec, psexec returns with an error code 0 (so, no error) but the registry value does not change. The psexec command as I'm running it is thus:

psexec \\computername.my.domain -c mybatfile.bat

I have tried entering other switches into the psexec command, such as -s to run the .bat file in the System account, but the end result remains the same. No change is made to the registry on the remote machine despite no error being produced. The only way I have successfully been able to us psexec to execute this script is when I include the -i switch, running it so that it interacts with the desktop on the remote machine, but that still requires user input which is what I'm trying to avoid.

Can anyone tell me what I'm missing here?
IN_DOEAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
nevesisConnect With a Mentor Commented:
The problem is -s suppresses feedback. It could be any number of problems.

I assume you're trying to block USB removable storage. Try:

psexec -u user -p pass \\remote reg.exe add "HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR" /v "Start" /t REG_DWORD /d 0x04 /f
0
 
Joseph DalyCommented:
Have you tried just running psexec with psexec \\computername.my.domain regedit /s \\absolute.path\to\file.reg

You may not need the batch file at all.
0
 
nappy_dCommented:
Here you go...

PathToPSExec\psexec -d -i -c "@PathToTxtFile\computers.txt" regedit.exe /s "\\UNCPathToRegFile\file.reg"

Open in new window

0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
IN_DOEAuthor Commented:
I have, and I get the same result. It returns with Error Code 0 but no value is changed in the remote computer's registry.
0
 
nappy_dCommented:
Make sure when you are using my command, there is only one computername(or IP) per line...Also, make sure that the user you are running PSExec as has local admin rights on the workstations.
0
 
oBdACommented:
There's actually no need for heavy artillery like psexec here.
You can use reg.exe to do that remotely (btw: a login script wouldn't work because users are not allowed to write to HKLM; you'd need a startup script):
reg.exe add \\<MachineName>\HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v "the Value name" /d "the Data" /f

To do that for a list of machines ("machines.txt", one name per line), you can run it from the command line like this:
for /f %a in ('type machines.txt') do @reg.exe add \\%a\HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v "Value name" /d "Data" /f

Or, as a batch script, double up on the percent signs:
@echo off
for /f %%a in ('type machines.txt') do reg.exe add \\%%a\HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR /v "Value name" /d "Data" /f
0
 
IN_DOEAuthor Commented:
nappy_d: When I try to run it with the switches you've provided I get a response from psexec that "regedit.exe was started on computername.my.domain with process ID 872." but still no love on the change actually occurring.
0
 
Joseph DalyCommented:
If you are trying to disable usb removable devices you can use this ADM file from petri.

http://www.petri.co.il/disable_writing_to_usb_disks_in_xp_sp2_with_gpo.htm
0
 
IN_DOEAuthor Commented:
Awesome. This was exactly what I was looking for
0
 
IN_DOEAuthor Commented:
nevesis provided the first solution that worked for me and that I understood immediately. Marking many other comments as helpful, though. Thanks all!
0
All Courses

From novice to tech pro — start learning today.