+ Post New Thread
Results 1 to 8 of 8
Scripts Thread, HKEY_CURRENT_USER Permissions Script in Coding and Web Development; Hey, I'm trying to write a script that will add permissions to the HKEY_CURRENT_USER hive so that the Interactive User ...
  1. #1
    RobFuller's Avatar
    Join Date
    Feb 2007
    Location
    Chelmsford
    Posts
    312
    Thank Post
    82
    Thanked 39 Times in 29 Posts
    Rep Power
    22

    HKEY_CURRENT_USER Permissions Script

    Hey,

    I'm trying to write a script that will add permissions to the HKEY_CURRENT_USER hive so that the Interactive User has Full Control. What has happened here is when we created staff user profiles the profile they were created from had this missing. Meaning when the logged onto a machine it couldn’t write to there personal registry!!
    So to fix this program I’m hoping to write a script which will run at logon to fix this problem. But I’m having trouble getting the script to run and was hoping someone here to help me please!


    Set wshNetwork = CreateObject("WScript.Network")
    strUser = wshNetwork.Username

    strComputer = "."

    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set objAccount = objWMIService.Get _
    ("Win32_UserAccount.Name="""& strUser &""",Domain=""dnt1""")

    strSID = objAccount.SID

    Set objShell = CreateObject("WScript.Shell")
    objShell.Run "E:\regini\regini '\Registry\User\' & strSID & '\ [1 5 13 17 21]'"




    I'm not brilliant at scripts to please don’t slaughter me!! lol.
    Any help would be appreciated!!

    Rob

  2. #2

    Join Date
    Jan 2007
    Location
    Enfield, London
    Posts
    159
    Thank Post
    7
    Thanked 3 Times in 3 Posts
    Rep Power
    17

    Re: HKEY_CURRENT_USER Permissions Script

    Are you talking about registry permissions or registry keys?

    If it's permissions then the most straight forward thing to do would be to call a command line utitlity such as SetACL or SubInAcl

    SetACL is availible from sourceforge.net and SubInAcl should abe availible from Microsoft or the setups folder if you run SIMS.net

  3. #3
    User3204's Avatar
    Join Date
    Aug 2006
    Location
    Wirral
    Posts
    769
    Thank Post
    55
    Thanked 66 Times in 62 Posts
    Rep Power
    34

    Re: HKEY_CURRENT_USER Permissions Script

    If you use Group Policies, there is an option to change permissions on stuff in there....

    You should be able to set permissions to a user group.... I have done this for some wierdly crappy software in the past.

  4. #4
    RobFuller's Avatar
    Join Date
    Feb 2007
    Location
    Chelmsford
    Posts
    312
    Thank Post
    82
    Thanked 39 Times in 29 Posts
    Rep Power
    22

    Re: HKEY_CURRENT_USER Permissions Script

    We are trying to change USER permissions in the registry which GPO doesn’t have an option for!
    Does this SetACL change USER Hive registry?

    Thanks for your help guys!

  5. #5
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: HKEY_CURRENT_USER Permissions Script

    Yes, SetACL can change the permissions inside the registry. It can do this on the local machine or on remote machines.

    Have a look at examples 17 to 19 here -> SetAcl Examples

  6. #6
    RobFuller's Avatar
    Join Date
    Feb 2007
    Location
    Chelmsford
    Posts
    312
    Thank Post
    82
    Thanked 39 Times in 29 Posts
    Rep Power
    22

    Re: HKEY_CURRENT_USER Permissions Script

    That looks good; problem is the user won’t have permissions to change their CURRENT_USER permissions in the registry! Any ideas what I could do to get around this, was hoping to put it in there Logon script.

  7. #7
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: HKEY_CURRENT_USER Permissions Script

    That's not going to work. Anything in the user's logon script will run in the user's security context.

    If you need to elevate the permissions, you will need to hard code a username and password into a script which has higher permissions. If you do this, you need to make sure the script is not readable by users.

  8. #8
    RobFuller's Avatar
    Join Date
    Feb 2007
    Location
    Chelmsford
    Posts
    312
    Thank Post
    82
    Thanked 39 Times in 29 Posts
    Rep Power
    22

    Re: HKEY_CURRENT_USER Permissions Script

    Just to update:

    I did start using SetACL which is very good in conjuction with a special runas program which you can set permissions to run as elevated users.
    But after more investigation I found that most of the users have such corrupt and messy profiles that I’m going to reset them all with a clean from scratch profile. To wipe the slate so to speak.

    Thanks for you suggestions, very useful!

    Thanks
    Rob

SHARE:
+ Post New Thread

Similar Threads

  1. Logon script & Printer script question.
    By Galway in forum Windows
    Replies: 3
    Last Post: 29th August 2007, 11:00 AM
  2. script to change permissions on Reg Key
    By e_g_r in forum Windows
    Replies: 4
    Last Post: 16th February 2007, 05:48 PM
  3. Replies: 4
    Last Post: 23rd November 2006, 09:33 PM
  4. Run script with elevated permissions
    By ajbritton in forum Windows
    Replies: 3
    Last Post: 9th August 2006, 02:04 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •