Solved

Mandatory Profile registry permissions

Posted on 2009-07-08
2
977 Views
Last Modified: 2013-11-21
Hello,
    I am working with mandatory profiles and have an application that requires registry settings for each user that logs on.  I have added these settings to the mandatory profile, however I am experiencing an issue with permissions on a registry key that is created for each individual user after they log onto the system.  When a user logs onto the system two new keys are created in My Computer\HKEY_USERS.  All of the keys start with S-1-5-21-775529393-4178567583-3039359604, however each of them has a unique four digit number at the end.  While one of these keys corresponds to "My computer\HKEY_CURRENT_USER" the second key doesn't appear to correspond to the HKCU.  The second key is the same as the first key with "_Classes" at the end.  The permissions on the "_Classes" key are still set to the same as they were when I first created the mandatory profile.

My question is, Where are these settings coming from?  I have loaded the mandatory profile hive into the registry and modify the registry permissions for the entire profile to be "Authenticated Users" Full control.  I would like to be able to set the permissions once and know that they will be correct for every user that logs on.  

I am investigating the use of psgetside.exe in a custom script to pipe the user SID into another command to set the permissions but that seems to be a bit complicated for what may be a simple fix.  Thanks for any assistance you can provide.
0
Comment
Question by:jmirsky
2 Comments
 
LVL 19

Accepted Solution

by:
deroode earned 500 total points
ID: 24803184
Keys in \HKEY_USERS aren't just created, they are actual HKEY_CURRENT_USER hives loaded for every user logging in. The key consists of the domain SID with the user "number" appended. The key with the _classes extension is the same as HKEY_CURRENT_USER\Software\Classes for that user. Make sure that that key has the correct permissions in the mandatory profile.
0
 
LVL 2

Author Comment

by:jmirsky
ID: 24804175
deroode,
     Thanks for the quick response and the great explanation.  Your explanation lead me down the correct path.  I had to recreate my mandatory profile with my temp user account, except this time I went into the registry while creating the profile and set "authenticated users" on the HKCU\Software\Classes key and all subkeys and now all is working.  Thank you very much for the assistance.  
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Learn about cloud computing and its benefits for small business owners.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now