Change registry permissions via GPO
Alright, I've got some applications here that I need to install. Instead of installing them on each individual staff machine that needs the software and have to worry about which one has it so when I re-image the staff machines they all get the software they used to have back, I've been creating an application network drive. I have a script that maps the appropriate desktop icon from each program within the network drive to the user's desktop. So far, this works great. I'm just in the testing phase.
However, we have some of these smaller applications that need to activate the first time the application is ran on each computer, or every time the application is ran for the first time that day [if the machines have Deep Freeze]. So I found out that if I export the key[s] from one machine's registry that I need for the application to work [like my own desktop in my office, the one I used to install the software on \\server\applicationshare], I can push that registry file down and install it into the systems registry with a startup script. That's great, and it works for some apps. However we have one application that needs to write back to the registry and edit the key that I push down when the computer starts up, to say the activation completed successfully on that particular machine. [This is all allowed by the way, it's a site license]. I get an error along the lines of "your key was sent [the key I pushed down in the registry] and was successfully verified, but the application cannot write to the registry". Obviously the user is a standard "user" and not an administrator, so my question is, how can I push down a registry key AND set it's permissions so users can write?
I found this:
Does that work? If so, I'm confused. What exactly does that do? If I were to follow that on my desktop here, the way I see it is that I would choose a registry key that's already on my system [like the keys from the activated software I installed to the application drive], and I'd set permissions for who can access MY key...is that how it works? Or does that extract my key and embed it in the policy somewhere and then deploy the key with those permissions? Or does it take the permissions only, and apply it to the identical keys if they exist on the machines that the gpo runs on?
Originally Posted by Windows IT Pro Article
I may in fact be very close to my end goal if those instructions are correct and that's all I have to do. I just want to make sure I understand what's going on completely and that I'm doing things right.
Thanks in advance :D