[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 812
  • Last Modified:

Pushing Out Registry Settings at Startup

I need to rollout the following registry update to all our client PCs.
I'm guessing the best way is via a GPO Startup script.
However, I've tried without success.
[HKEY_LOCAL_MACHINE\SOFTWARE\SAP\SAPGUI Front\SAP Frontend Server\Security]
"SecurityLevel"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions]
"MaxAllowedZone"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]
"MaxAllowedZone"=dword:00000001

Open in new window

0
mikevr6
Asked:
mikevr6
1 Solution
 
jlar310Commented:
What have you tried without success? The file you attached is a registry export file, not a script.

Here is a sample of using vbscript to update registry values. The example sets the location of the Favorites folder to a UNC path on a file server.
Dim WSHShell, RegFavorites, RegValue
Dim server

' disable error messages
on error resume next

Set WSHShell = WScript.CreateObject("WScript.Shell")

RegFavorites = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Favorites"
RegValue = "\\my\unc\path\UserData\%USERNAME%\Favorites"

WSHShell.RegWrite RegFavorites, RegValue,"REG_EXPAND_SZ"

WScript.Quit

Open in new window

0
 
ThommyCommented:
Run "regedit /s [filename]" in start script of the client PCs to write a .reg file to registry.

regedit /s YourRegFile.Reg

The /s will make the "are you sure" prompt go away.

Regedit Command Line Options Syntax
http://techsupt.winbatch.com/ts/T000001029F18.html

0
 
thomasd04Commented:
Hi Mike. Have you tried doing it this way? What OS and clients do you have on the network?

1. Export this registry value to a file called nameyourfile.reg
2. Create a new Group Policy object and link it to the OU
3. Open it up and edit “User Configuration | Windows Settings | Scripts (Logon/Logoff).
4. Under the Logon node, we add our settings so that regedit.exe calls our nameyourfile.reg file silently (with the /s switch)
5. Click Show Files and drop our SciCalc.reg into SYSVOL

Good luck whichever way you do it.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
mikevr6Author Commented:
Hi Thomas and Thommy. I hadn't tried the login script method. I was using a Computer Configuration\Startup Script.
First version did as Thommy said and popped up with a prompt. Then I tried to run with the regedit /s switch and it didn't work. I'll give your suggestions a try and post back. Thanks!
0
 
jlar310Commented:
As a startup script HKEY_CURRENT_USER has no meaning. The script needs to be run as the user in question. It must be a login script.
0
 
mikevr6Author Commented:
I'm not modifying the HKEY_Current_User keys those. These are all HKLM\Software settings. So computer settings.
0
 
sam0x01Commented:
With only 3 values you could use REG.EXE to avoid needing to copy a .reg file for regedit /s

REG ADD KeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/f]

  KeyName  [\\Machine\]FullKey
           Machine  Name of remote machine - omitting defaults to the current
                    machine Only HKLM and HKU are available on remote machines
           FullKey  ROOTKEY\SubKey
           ROOTKEY  [ HKLM | HKCU | HKCR | HKU | HKCC ]
           SubKey   The full name of a registry key under the selected ROOTKEY

  /v       The value name, under the selected Key, to add

  /ve      adds an empty value name <no name> for the key

  /t       RegKey data types
           [ REG_SZ    | REG_MULTI_SZ  | REG_DWORD_BIG_ENDIAN    |
             REG_DWORD | REG_BINARY    | REG_DWORD_LITTLE_ENDIAN |
             REG_NONE  | REG_EXPAND_SZ ]
           If omitted, REG_SZ is assumed

  /s       Specify one charactor that you use as the separator in your data
           string for REG_MULTI_SZ. If omitted, use "\0" as the separator

  /d       The data to assign to the registry ValueName being added

  /f       Force overwriting the existing registry entry without prompt

Examples:

  REG ADD \\ABC\HKLM\Software\MyCo
    Adds a key HKLM\Software\MyCo on remote machine ABC

  REG ADD HKLM\Software\MyCo /v Data /t REG_BINARY /d fe340ead
    Adds a value (name: Data, type: REG_BINARY, data: fe340ead)

  REG ADD HKLM\Software\MyCo /v MRU /t REG_MULTI_SZ /d fax\0mail
    Adds a value (name: MRU, type: REG_MUTLI_SZ, data: fax\0mail\0\0)

  REG ADD HKLM\Software\MyCo /v Path /t REG_EXPAND_SZ /d %%systemroot%%
    Adds a value (name: Path, type: REG_EXPAND_SZ, data: %systemroot%)
    Notice:  Use the double percentage ( %% ) inside the expand string

0
 
mikevr6Author Commented:
Office has been closed due to local holidays. I'll get back on this today. Thanks!
0
 
mikevr6Author Commented:
Split the points between the Toms
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now