Import registry key via Group Policy

Hi

I am trying to import two registry key in the Startup selection (Computer Configuration/Windows Settings/Scripts (Startup/Shutdown)) . One of the registry keys import, however the secord does not.I have used the following command in a .cmd and .bat file
regedit /s file.reg
The problem selection is   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders  and adding: credssp.dll. This is to enable Network Level Authentication
To manual  import  this registry key I require local admin . I believe that script executed in the Startup and Shutdown selection of group policy run under the LocalSystem account, which does not have the required privileges. I also created a custom administrative template files.
the "group policy modeling tool" show the script file and custom administrative templete The questions i have is it possiable to execute a startup script using different users for elevated permissions (runas)? Is this registry selection   "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders"  prevented from  been change at startup?
is there anyway to run as the "SYSTEM"?
Do you have any suggustions or other ways to run a startup script with higher privileges?
bradq3232Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Adam BrownConnect With a Mentor Sr Solutions ArchitectCommented:
You would have to use the runas command in the script itself to run the command as a specific user. The difficulty in this is that the password for the account has to be written out in the script, which is not encrypted, so it becomes a bit of a security issue. Setting the registry modification up as an Administrative Template *should* allow the registry setting to bypass the need for permissions. However, if it doesn't work properly, there is another method for deploying registry modifications in Windows 2003. You can do this by properly modifying the sceregvl.inf file, which is used to control the Windows Security Options in Group Policy. http://www.windowsecurity.com/articles/customizing-windows-security-templates.html has some more specific information and instructions on how to do this.
0
 
bradq3232Author Commented:
Also the client OS is Windows XP SP3 and the server operating system is Windows server 2003
0
 
Adam BrownSr Solutions ArchitectCommented:
I should also note that if you use the sceregvl.inf technique, you only need to make the modifications on the system you are making GPO modifications from. Client systems do not need to have these modifications in their sceregvl.inf files to understand a GPO that is written with the modified file.
0
 
kevinhsiehCommented:
First of all, running startup or shutdown scripts happens in the localsystem context, so permissions are there. I run startup and shutdown scripts when I need my scripts to run as an administrator. That said, UAC might cause problems (I don't know either way). A better way to modify the registry is to use group policy preferences.
0
All Courses

From novice to tech pro — start learning today.