Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Mandatory Profile registry permissions

Posted on 2009-07-08
2
988 Views
Last Modified: 2013-11-21
Hello,
    I am working with mandatory profiles and have an application that requires registry settings for each user that logs on.  I have added these settings to the mandatory profile, however I am experiencing an issue with permissions on a registry key that is created for each individual user after they log onto the system.  When a user logs onto the system two new keys are created in My Computer\HKEY_USERS.  All of the keys start with S-1-5-21-775529393-4178567583-3039359604, however each of them has a unique four digit number at the end.  While one of these keys corresponds to "My computer\HKEY_CURRENT_USER" the second key doesn't appear to correspond to the HKCU.  The second key is the same as the first key with "_Classes" at the end.  The permissions on the "_Classes" key are still set to the same as they were when I first created the mandatory profile.

My question is, Where are these settings coming from?  I have loaded the mandatory profile hive into the registry and modify the registry permissions for the entire profile to be "Authenticated Users" Full control.  I would like to be able to set the permissions once and know that they will be correct for every user that logs on.  

I am investigating the use of psgetside.exe in a custom script to pipe the user SID into another command to set the permissions but that seems to be a bit complicated for what may be a simple fix.  Thanks for any assistance you can provide.
0
Comment
Question by:jmirsky
2 Comments
 
LVL 19

Accepted Solution

by:
deroode earned 500 total points
ID: 24803184
Keys in \HKEY_USERS aren't just created, they are actual HKEY_CURRENT_USER hives loaded for every user logging in. The key consists of the domain SID with the user "number" appended. The key with the _classes extension is the same as HKEY_CURRENT_USER\Software\Classes for that user. Make sure that that key has the correct permissions in the mandatory profile.
0
 
LVL 2

Author Comment

by:jmirsky
ID: 24804175
deroode,
     Thanks for the quick response and the great explanation.  Your explanation lead me down the correct path.  I had to recreate my mandatory profile with my temp user account, except this time I went into the registry while creating the profile and set "authenticated users" on the HKCU\Software\Classes key and all subkeys and now all is working.  Thank you very much for the assistance.  
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question