+ Post New Thread
Results 1 to 7 of 7
Windows Thread, Changing permissions on a registry key in Technical; Hi. I need to find out how to change permissions on a registry key for a specific software package. It ...
  1. #1

    Join Date
    Sep 2008
    Location
    Massachusetts
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Changing permissions on a registry key

    Hi. I need to find out how to change permissions on a registry key for a specific software package. It requires the following to have FULL Control:

    HKLM\SOFTWARE
    Administrators (%localmachine%\administrators)
    SYSTEM
    Users (%localmachine%\Users)

    If Reg.exe can be used, that would be great. If it needs to be a VB file, I'd need the entire script.

    Thanks!

  2. #2

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,055
    Thank Post
    209
    Thanked 429 Times in 309 Posts
    Rep Power
    144
    You should be able to achieve this using regini.exe

    How to Use Regini.exe to Set Permissions on Registry Keys
    How to change registry values or permissions from a command line or a script

    I think you can call this from machine startup script by sticking the exe on the netlogon share, or using the -m option you can do the changes remotely. I've never tried it, but the MS knowledgebase articles should help you use it.

    Incidently those articles refer to windows 2000 and NT4, I've no idea if the same tool is included or will work with XP/server 2003 but it's the best I can find for what you want to do.

    Mike.
    Last edited by maniac; 12th September 2008 at 08:21 PM.

  3. #3
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    890
    Thank Post
    69
    Thanked 85 Times in 70 Posts
    Rep Power
    32
    Is group policy not an option?

  4. #4
    box_l's Avatar
    Join Date
    May 2007
    Location
    Herefordshire
    Posts
    429
    Thank Post
    68
    Thanked 90 Times in 75 Posts
    Rep Power
    61
    i have used this for an old RM app that needed user access to its own keys

    save this as .vbs and call from your login script

    Code:
    '  VBScript.
    
    '  
    
    set WshShell = CreateObject("WScript.Shell")
    
    ' IN THE NEXT LINE (starting WshShell.Run..)
    
    
    WshShell.Run "runas /user:administrator@domain.sch.uk ""\\server\netlogon\reg\setacl_r_snapshot.bat"""
    
    WScript.Sleep 1000
    
    ' IN THE NEXT LINE (starting WshShell.SendKeys..)
    
    'a) Enter an administrator password and leave the "~"
    
    WshShell.Sendkeys "passwordhere~"
    
    WScript.Quit()

    save this as .bat

    Code:
    'edu-tech solutions Nov 2007
    
    ' install registry key
    
    regedit /s \\2100-fs01\NETLOGON\reg\rm.reg
    
    ' set permissions on key
    call "\\server\NETLOGON\reg\SetACL.exe" -on "HKEY_LOCAL_MACHINE\SOFTWARE\InterActual Technologies" -ot reg -actn ace -ace "n:domain.sch.uk\Domain Users;p:full"
    call "\\server\NETLOGON\reg\SetACL.exe" -on "HKEY_LOCAL_MACHINE\SOFTWARE\Research Machines" -ot reg -actn ace -ace "n:domain.sch.uk\Domain Users;p:full"
    and make sure that setacl.exe is in the same folder.

    replace domain, server iand password in the scripts with the appropriate info

    a bit messy i know, but it works.

    hope this helps.

    BoX

  5. Thanks to box_l from:

    sonofsanta (20th September 2012)

  6. #5

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,156
    Thank Post
    116
    Thanked 529 Times in 452 Posts
    Blog Entries
    2
    Rep Power
    124
    By far the easiest way to do this is with group policy.

    If you can't use group policy then run the batch file used by @Box but as a machine startup script rather than a login script . That way you don't need to use the admin password (which I really wouldn't recommend; the login script, complete with password, can be read by any of your users)

  7. #6
    box_l's Avatar
    Join Date
    May 2007
    Location
    Herefordshire
    Posts
    429
    Thank Post
    68
    Thanked 90 Times in 75 Posts
    Rep Power
    61
    agreed, in its current form.

    i do use microsofts script encoder to obfuscate it enough that most people will not even attempt to read/decode it.

    it also gets removed from its location when not in use.

    BoX

  8. #7

    Join Date
    Sep 2008
    Location
    Massachusetts
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Thanks

    Thanks to everyone for their replies. My AD guy set up a GPO to set the permissions needed.

SHARE:
+ Post New Thread

Similar Threads

  1. logoff script to delete registry key
    By ICMC in forum Scripts
    Replies: 3
    Last Post: 26th January 2009, 10:37 PM
  2. [MS Office - 2007] Error 1406: Setup cannot write the value to the registry key
    By Gatt in forum Office Software
    Replies: 1
    Last Post: 13th September 2008, 03:19 PM
  3. Getting a batch file to react to a registry key
    By Wheelgunr in forum Windows
    Replies: 5
    Last Post: 12th September 2008, 05:23 PM
  4. Deleted a registry key - help!
    By mrcrazy04 in forum Windows
    Replies: 1
    Last Post: 19th July 2007, 07:26 AM
  5. Script To Change A Registry Key
    By DaveP in forum Windows
    Replies: 6
    Last Post: 7th March 2007, 12:57 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •