The company I worked for asked me to write a script to do an automated update on certain shortcuts. Meaning all profiles needed to be updated so the actual change had to be done under an administrat0r account.

So I had to write the program to edit the registry to enable the AutoAdminLogon and the RunOnce so the 2nd part of the program could run.

The problem is however that the program is run from a normal user account that can't edit the registry (atleast not that parts that need to be edited). So automating the update will not work unless a normal users get rights to edit certain parts of the registry.

So here goes my first question.
Is it possible to initiate an AutoAdminLogon without editing the registry? (I think but now maybe some of you know)

Now, I didn't leave it by that. I talked to my boss and we will grant administrator rights to all users for this update (keeping it silent) but this isn't something we can do for each automated update. So what I wanted to do was togheter with the profile update I wrote is to do an update of permissions in the registry that normal users can change certain keys in certain sections of the registry so AdminAutologon and RunOnce can be edited by users.

I know that I can manually update permission when using regedit or regedt32 by clicking the section/key and going to permissions. But that would mean I have to go to each PC and do the changes manually. I would like to know if I can do with a script or by just changing a few registry keys? Or can I apply a registry security template to the registry that defines the permissions of the users?

I did some searches in the Technet and Microsoft site and the closed I could as an answer to my questions was article Q153183 How to Restrict Access to NT Registry from a Remote Computer. This goes about the HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeSe rvers\winreg\AllowedPaths\Machine or Users keys. I tried to add the registry paths to Machine and/or Users key. But even after that a normal users get Access Denied when try to edit keys into those paths I added.

For you information, the paths I want the user to have edit rights to are:
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Any help of clues to finding the answer are appreciated.