-
September 26th, 2001, 06:50 AM
#1
Registry and changing security rights to edit registry for users
The company I worked for asked me to write a script to do an automated update on certain shortcuts. Meaning all profiles needed to be updated so the actual change had to be done under an administrat0r account.
So I had to write the program to edit the registry to enable the AutoAdminLogon and the RunOnce so the 2nd part of the program could run.
The problem is however that the program is run from a normal user account that can't edit the registry (atleast not that parts that need to be edited). So automating the update will not work unless a normal users get rights to edit certain parts of the registry.
So here goes my first question.
Is it possible to initiate an AutoAdminLogon without editing the registry? (I think but now maybe some of you know)
Now, I didn't leave it by that. I talked to my boss and we will grant administrator rights to all users for this update (keeping it silent) but this isn't something we can do for each automated update. So what I wanted to do was togheter with the profile update I wrote is to do an update of permissions in the registry that normal users can change certain keys in certain sections of the registry so AdminAutologon and RunOnce can be edited by users.
I know that I can manually update permission when using regedit or regedt32 by clicking the section/key and going to permissions. But that would mean I have to go to each PC and do the changes manually. I would like to know if I can do with a script or by just changing a few registry keys? Or can I apply a registry security template to the registry that defines the permissions of the users?
I did some searches in the Technet and Microsoft site and the closed I could as an answer to my questions was article Q153183 How to Restrict Access to NT Registry from a Remote Computer. This goes about the HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeSe rvers\winreg\AllowedPaths\Machine or Users keys. I tried to add the registry paths to Machine and/or Users key. But even after that a normal users get Access Denied when try to edit keys into those paths I added.
For you information, the paths I want the user to have edit rights to are:
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Any help of clues to finding the answer are appreciated.
-
September 26th, 2001, 07:04 AM
#2
Just a thought! Did you try using policies to enforce what you wish to do?
-
September 26th, 2001, 07:20 AM
#3
Haven't tried policies yet but don't require an intervention on the computer itself to apply?
I think it's time for me to read something more about policies, don't know much about them.
-
September 26th, 2001, 07:46 AM
#4
Here's some good info on group policies! Good luck!
http://www.labmice.net/grpolicy.htm
[This message has been edited by jay015 (edited September 26, 2001).]
-
September 26th, 2001, 08:39 AM
#5
thx, but still looking for other solutions since the solution should work for both Win NT and Win2000. And group policies is only for 2000. Or maybe I should post this same question in the NT Forum.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks