[RESOLVED] Registry and changing security rights to edit registry for users
Results 1 to 5 of 5

Thread: [RESOLVED] Registry and changing security rights to edit registry for users

  1. #1
    Raveman
    Guest

    Post Registry and changing security rights to edit registry for users

    The company I worked for asked me to write a script to do an automated update on certain shortcuts. Meaning all profiles needed to be updated so the actual change had to be done under an administrat0r account.

    So I had to write the program to edit the registry to enable the AutoAdminLogon and the RunOnce so the 2nd part of the program could run.

    The problem is however that the program is run from a normal user account that can't edit the registry (atleast not that parts that need to be edited). So automating the update will not work unless a normal users get rights to edit certain parts of the registry.

    So here goes my first question.
    Is it possible to initiate an AutoAdminLogon without editing the registry? (I think but now maybe some of you know)

    Now, I didn't leave it by that. I talked to my boss and we will grant administrator rights to all users for this update (keeping it silent) but this isn't something we can do for each automated update. So what I wanted to do was togheter with the profile update I wrote is to do an update of permissions in the registry that normal users can change certain keys in certain sections of the registry so AdminAutologon and RunOnce can be edited by users.

    I know that I can manually update permission when using regedit or regedt32 by clicking the section/key and going to permissions. But that would mean I have to go to each PC and do the changes manually. I would like to know if I can do with a script or by just changing a few registry keys? Or can I apply a registry security template to the registry that defines the permissions of the users?

    I did some searches in the Technet and Microsoft site and the closed I could as an answer to my questions was article Q153183 How to Restrict Access to NT Registry from a Remote Computer. This goes about the HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeSe rvers\winreg\AllowedPaths\Machine or Users keys. I tried to add the registry paths to Machine and/or Users key. But even after that a normal users get Access Denied when try to edit keys into those paths I added.

    For you information, the paths I want the user to have edit rights to are:
    Software\Microsoft\Windows\CurrentVersion
    Software\Microsoft\Windows NT\CurrentVersion\Winlogon

    Any help of clues to finding the answer are appreciated.

  2. #2
    jay015
    Guest

    Lightbulb

    Just a thought! Did you try using policies to enforce what you wish to do?

  3. #3
    Raveman
    Guest

    Post

    Haven't tried policies yet but don't require an intervention on the computer itself to apply?

    I think it's time for me to read something more about policies, don't know much about them.

  4. #4
    jay015
    Guest

    Post

    Here's some good info on group policies! Good luck!


    http://www.labmice.net/grpolicy.htm

    [This message has been edited by jay015 (edited September 26, 2001).]

  5. #5
    Raveman
    Guest

    Post

    thx, but still looking for other solutions since the solution should work for both Win NT and Win2000. And group policies is only for 2000. Or maybe I should post this same question in the NT Forum.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •