[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Regedit Tool

Posted on 2012-08-23
10
Medium Priority
?
912 Views
Last Modified: 2012-08-24
Hi all,

Can anyone suggest a resonable way to bake into my Production environment a regedit file? The registry edit file consist of a lot of keys & values, so I can't just use GPO, under user config - preferences - windows settings - registry and create all the registry keys & values. Its messy when you have a lot of keys/values.

Again using GPO, using the registry wizard, I browse to all the keys/values required in HKLM\Software\Wow6432Node\Citrix\ICA Client\Client Selective Trust and select them. The wizard picks up all the keys, but misses out values even though they are selected. Very buggy.

I've tried rolling in via a login script (GPO again) running a batch file:

regedit /s %logonserver%\netlogon\KN-Test\SsonRegUpx64.reg

Windows 7 seems to have issues with UAC when calling a reg edit file. My environment is all Windows 7 FAT clients. Anyone any ideas?

Thanks
0
Comment
Question by:mce-man-it
  • 5
  • 5
10 Comments
 
LVL 85

Expert Comment

by:oBdA
ID: 38324224
You can't implement changes to HKLM in a logon script, unless your users are (local) administrators on their machines; write access to HKLM requires administrative permissions.
In other words: you need to implement this as a computer startup script applied to the machines in question.
Then don't use the GUI tool regedit.exe, but the command line tool reg.exe:
reg.exe import "%logonserver%\netlogon\KN-Test\SsonRegUpx64.reg"

Open in new window

0
 

Author Comment

by:mce-man-it
ID: 38324942
So as a startup script the user doesn't need to be a local administrator for this to work on a Windows 7 client?
0
 
LVL 85

Expert Comment

by:oBdA
ID: 38325022
Nope; the startup script runs with local System privileges (access to network resources is based on the AD computer account!)
Note that you can NOT change anything under HKCU this way; this will need to be done in a logon script (but reg.exe doesn't require administrative permissions).
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:mce-man-it
ID: 38325049
Ok, so running as a startup script will work?

Attempting to run:

reg.exe import "%logonserver%\netlogon\KN-Test\SsonRegUpx64.reg

Logged in as a non-administrative user does not work.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 38325319
If the Sson settings contain changes to HKCU, then yes, this will not work as a regular user. As a startup script, it should apply once the machine is rebooted.
0
 

Author Comment

by:mce-man-it
ID: 38328283
Ah ok, Sson makes changes to HKLM, not HCKU. Any suggestions?
0
 

Author Comment

by:mce-man-it
ID: 38328702
Runas perhaps?
0
 
LVL 85

Expert Comment

by:oBdA
ID: 38328716
Sorry, typo above; the HKCU in 38325319 should of course have been HKLM.
So if your reg file only contains changes to HKLM, just use a startup script.
If it contains changes to both HKLM and HKCU, you need to split it and deploy the HKLM using a startup script, the HKCU part using a logon script.
0
 

Author Comment

by:mce-man-it
ID: 38328883
Ok thanks. I have setup a GPO and linked to a test OU. Moved a computer account into that OU that I'm testing with.

GPO is set to run:

Tessregadd.bat as a startup script. Testregadd.bat contains:

reg.exe import "%logonserver%\netlogon\KN-Test\SsonRegUpx64.reg"

Rebooting the desktop in the Test OUT, and I don't get keys & values in SsonRegUpx64.reg added to [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Client Selective Trust]
0
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 38328910
Sorry, my error; %logonserver% doesn't exist as a System environment variable.
Use "\\your.domain.local\netlogon\KN-Test\SsonRegUpx64.reg" instead.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question