Scripts Thread, HKEY_CURRENT_USER Permissions Script in Coding and Web Development; Hey,
I'm trying to write a script that will add permissions to the HKEY_CURRENT_USER hive so that the Interactive User ...
I'm trying to write a script that will add permissions to the HKEY_CURRENT_USER hive so that the Interactive User has Full Control. What has happened here is when we created staff user profiles the profile they were created from had this missing. Meaning when the logged onto a machine it couldn’t write to there personal registry!!
So to fix this program I’m hoping to write a script which will run at logon to fix this problem. But I’m having trouble getting the script to run and was hoping someone here to help me please!
Set wshNetwork = CreateObject("WScript.Network")
strUser = wshNetwork.Username
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objAccount = objWMIService.Get _
("Win32_UserAccount.Name="""& strUser &""",Domain=""dnt1""")
That looks good; problem is the user won’t have permissions to change their CURRENT_USER permissions in the registry! Any ideas what I could do to get around this, was hoping to put it in there Logon script.
That's not going to work. Anything in the user's logon script will run in the user's security context.
If you need to elevate the permissions, you will need to hard code a username and password into a script which has higher permissions. If you do this, you need to make sure the script is not readable by users.
I did start using SetACL which is very good in conjuction with a special runas program which you can set permissions to run as elevated users.
But after more investigation I found that most of the users have such corrupt and messy profiles that I’m going to reset them all with a clean from scratch profile. To wipe the slate so to speak.