?
Solved

Mandatory Profile registry permissions

Posted on 2009-07-08
2
Medium Priority
?
1,005 Views
Last Modified: 2013-11-21
Hello,
    I am working with mandatory profiles and have an application that requires registry settings for each user that logs on.  I have added these settings to the mandatory profile, however I am experiencing an issue with permissions on a registry key that is created for each individual user after they log onto the system.  When a user logs onto the system two new keys are created in My Computer\HKEY_USERS.  All of the keys start with S-1-5-21-775529393-4178567583-3039359604, however each of them has a unique four digit number at the end.  While one of these keys corresponds to "My computer\HKEY_CURRENT_USER" the second key doesn't appear to correspond to the HKCU.  The second key is the same as the first key with "_Classes" at the end.  The permissions on the "_Classes" key are still set to the same as they were when I first created the mandatory profile.

My question is, Where are these settings coming from?  I have loaded the mandatory profile hive into the registry and modify the registry permissions for the entire profile to be "Authenticated Users" Full control.  I would like to be able to set the permissions once and know that they will be correct for every user that logs on.  

I am investigating the use of psgetside.exe in a custom script to pipe the user SID into another command to set the permissions but that seems to be a bit complicated for what may be a simple fix.  Thanks for any assistance you can provide.
0
Comment
Question by:jmirsky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Accepted Solution

by:
deroode earned 2000 total points
ID: 24803184
Keys in \HKEY_USERS aren't just created, they are actual HKEY_CURRENT_USER hives loaded for every user logging in. The key consists of the domain SID with the user "number" appended. The key with the _classes extension is the same as HKEY_CURRENT_USER\Software\Classes for that user. Make sure that that key has the correct permissions in the mandatory profile.
0
 
LVL 2

Author Comment

by:jmirsky
ID: 24804175
deroode,
     Thanks for the quick response and the great explanation.  Your explanation lead me down the correct path.  I had to recreate my mandatory profile with my temp user account, except this time I went into the registry while creating the profile and set "authenticated users" on the HKCU\Software\Classes key and all subkeys and now all is working.  Thank you very much for the assistance.  
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses
Course of the Month12 days, 19 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question