Solved

VB script needed: Load the (win7) default profile & add a RunOnce entry for sccm 2012 TS OSD

Posted on 2014-04-04
14
423 Views
Last Modified: 2015-05-25
VB script needed: Load the (win7) default profile & add a RunOnce entry.

Eventually to be used in as task sequence in SCCM 2012 R2 OS-Deployment-if that make any difference in permissions or impersonations, etc.

I have sampled several people's scripts for IE settings, wallpaper, etc. but after editing them down for just what I need, I just can't get any of them to work (errors) when I test them in a command window.  

Don't know much about VB scripting...so instead of posting the different scripts I've tried:

Does anyone have a down and dirty VB script for:
-Loading the default profile's registry hive;
-writing a NEW string value (REG_SZ) entry in the RunOnce key; &
-unloading the hive?
0
Comment
Question by:cencal
  • 7
  • 4
  • 2
  • +1
14 Comments
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 500 total points
ID: 39979481
Hi, this VBScript would load the DEFAULT hive on Windows 7.

Set oShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
If LoadHive("DEFAULT") = True Then
	RegKey = "HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce"
	RegVal = "cmd.exe"
	DoRegChange RegKey, RegVal
	UnloadHive "DEFAULT"
End If

Sub DoRegChange(RegKey, RegVal)
      WScript.Sleep 1000
      oShell.RegWrite RegKey, RegVal
End Sub

Function LoadHive(strUsername)
      If objFSO.FileExists("C:\Users\" & strUsername & "\NTUser.Dat") Then
            oShell.Run "cmd /c Reg load " & "HKU\" & strUsername & " " & """C:\Users\" & strUsername & "\NTUser.Dat""", 0, True
            LoadHive = True
      Else
            LoadHive = False
      End If
End Function

Sub UnloadHive(KeyPath)
      oShell.Run "cmd /c Reg unload " & "HKU\" & KeyPath, 0, True
End Sub

Open in new window


One question though....isn't the HKEY_USERS\.DEFAULT key always loaded, and the one you could modify without having to load any hives?

Also, bare in mind this would only affect new users logging on.  Any existing users would not receive the same keys and values.

Regards,

Rob.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 39979482
No need for vbscript, you can use reg.exe.

Mount HKEY_USERS hive and add the entry, then unmount.
0
 
LVL 16

Expert Comment

by:Mike T
ID: 39980341
Hi,

Can you step back a bit and explain what exactly it is you want to achieve. It may well be you don't need any script. All I'm getting here is you want inject a run-once key in the default user profile which suggests you want new users to run a task once the first time they logon to a machine.

There is a known issue with OSD vs Run-once mind, which is explained and solved here:
http://myitforum.com/myitforumwp/2011/11/09/osd-and-runonce/

Note as Jason says "task-sequences run as System" so hacking the default user profile is unlikely to work during OSD.

Mike
0
 

Author Comment

by:cencal
ID: 39984481
Rob,
".default" is not the same as the 'default' user.  and ".default" does not have a RunOnce key.

So I actually need to load the actual default user profile.....we can temporarily call it whatever we want like 'tempdefault' or something.

Then (A) create a new string value (REG-SZ) and (B) name it something like 'RunCmdFile'....then (C) give it a value ...... which will be a path to the *.cmd file on a network share...for testing we can have it just point to "c:\temp\test.cmd"

Also, a few things about your script:
(1) when I run it without any edits, I get:
   line:      16
   Char:      7
   Error:      Object requred: 'objFSO'
   Code:      800A01A8
(2) Since this is Windows 7...shouldn't line 17 read """C:\users instead of """C:\Documents and Settings?
(3)  See Mike's comment with a concern about a task sequence in SCCM 2012r2 running in the SYSTEM account....would we need to impersonate something like the local administrator?  
strComputer
strComputer = "."
then some line about impersonating???  Sorry, probably not wording this correctly.
0
 

Author Comment

by:cencal
ID: 39984487
Netman66,
I need this to be done when the image is being placed on the PC....too much word to do it manually on each PC....even if I exported a *.reg file it would be too much work with all the PCs in my company.
Thanks for the reply though.
0
 

Author Comment

by:cencal
ID: 39984506
Mike,
Without going into the long explanation, there are a lot of things that I need to happen the first time the user logs onto the PC...and they need to happen transparently to the user.  Attempting to do these all with VBscripts, group policy, etc. just ran us into too many errors...so we decided to go simple for now and figure out the advanced stuff later....like we had a VBscript to create shortcuts to certain network and local folders....sometimes it would create the shortcut but the shortcut thought it was a file shortcut and not a folder shortcut, so didn't work......just once example of many issues.
Also, we are rolling out Win7 ASAP and we don't have time to go back and redo the default profile in the image...will do that later.

Next, I too am concerned about the SCCMr2 OSD task sequence (as opposed to MDT) running the task as "SYSTEM" but had not gotten that far...could not get one to completely work from the command line yet.
I'm wondering if there is some way to impersonate the "local administrator" on the "local machine"?

Any thoughts?
0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 500 total points
ID: 39984638
>> a few things about your script

You are correct, I have fixed a couple of things in  original posted script.
1) Added an objFSO declaration and set it to the FileSystemObject
2) Changed "Documents and Settings" to "Users"...I had modified an XP version of the script
3) I wouldn't think you need to impersonate any accounts.  The local SYSTEM has full rights to the local system, and still has a profile, so loading, writing, and unloading reg keys shouldn't be a problem.

With that code, you should be able to load any NTUser.dat that you need.

Regards,

Rob.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:cencal
ID: 39984646
To All:
this *.cmd works (though I have not tested it in the task sequence yet).
What I'm looking for is a VB script that does the same thing...with any impersonations it may need.

@ECHO OFF
REM Load the default profile hive
SET HKEY=HKU\TempDefault
REG LOAD %HKEY% %SystemDrive%\Users\Default\NTUSER.DAT

REM Add a RunOnce Key
REG ADD "%HKEY%\Software\Microsoft\Windows\CurrentVersion\RunOnce" /v RunCmdFile /t REG_SZ /d c:\temp\test.cmd /f


REM Unload the default profile hive
REG UNLOAD %HKEY%
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 39984652
>> The local SYSTEM has full rights to the local system, and still has a profile, so loading, writing, and unloading reg keys shouldn't be a problem.

That is, unless you need to read files from a network location on which computer accounts do not have read rights....if you must do that, then add Domain Computers to the rights of the folders they need to read.

Rob.
0
 
LVL 65

Assisted Solution

by:RobSampson
RobSampson earned 500 total points
ID: 39984656
To add that value using my script, you can change lines 4 and 5 to this
	RegKey = "HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\RunCmdFile"
	RegVal = "c:\temp\test.cmd /f"

Open in new window


Regards,

Rob.
0
 

Author Comment

by:cencal
ID: 39984663
Thanks Rob....I'll try the edited script....your first reply today came seconds before I pressed the submit on my 'To All' comment.
Lets cross our fingers.
0
 
LVL 16

Expert Comment

by:Mike T
ID: 39984860
Hi,

On a previous project they used sysprepto add a GUIrunonce as below

[GuiRunOnce]
    Command0="c:\yourpath\script.vbs"

This gets around the system context as it runs sysprep as system and puts any script in the registry renounce key. The important thing here is that the TS can do whatever it needs and reboot as needed and the runonce will not trigger. It will only kick in when the TS ends and removes the custom GINA (the progress bar).

In the script I think we set autologon as admin once and then we copied a custom NTuser.dat overwriting the default user and rebooted. It was an XP build that they were too scared to change, but that's another story!

Mike
0
 

Accepted Solution

by:
cencal earned 0 total points
ID: 40787552
As I ran out of time, I just ended up creating a package that ran the *.cmd similar to above but with network shares instead of local shares and put it in a task sequence.
Thanks for all your help and comments.......When I get around to fixing this they will be a big help.
0
 

Author Closing Comment

by:cencal
ID: 40794682
Accepted my solution only because I ran out of time to fully test out the others....but eventually, their comments will lead to the VB solution while mine just used chewing gum to fix it until I learn more.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Welcome to part one of a multi-part tutorial series, VBScript for Windows System Administrators.  The goal of this series is to teach non-programmers how to write useful VBS code to automate their environment, and perform tasks faster, and in a more…
Hello again, all.  For those of you that have been following along, you'll know that this is my third article on this topic (though it is not Part III).  This article is sort of remedial, and probably the topic with which I should have started the s…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now