We have policies in our environment so that non-admin users cannot write to the regkeys like HKLM\software\Microsoft\windows\Currentversion\Run

How do I bypass this to create a windows\currentversion\run key?

Here is what I need to do when the package gets deployed via SMS:
1) copy file b.exe to C:\mydir\
2) Create a run key in HKLM\Software\Microsoft\Windows\CurrentVersion\Run\

To achieve:
When any user logs on, the file b.exe will get executed. Note: I am not allowed to add the file in startup for each user, and thus I need something in the run key to trigger this file b.exe, everytime a user logs on.

Question:
When I run this script on a test machine (even while logged as admin), I get an error that the registry modification can only be made by admin privileges.

What have I done:
Ceated 2 wse files (a and b) - compiled as a.exe and b.exe
when the script runs, it calls a.exe (this copies b.exe locally [works fine] and tries to create the regkey in 'run' and that is where I see the error.

What am I missing? How do I add the 'run' regkey on the user's machine?

thanks
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Almost certainly, your problem is due to the policy-based restriction. I think you need to create an override group and policy, but don't quote me.

Post a question on GPTalk. You need to subscribe first http://www.freelists.org/list/gptalk. You'll then get an activation link, after which you can pose your question.
Answered 07/17/2008 by: VBScab
Red Belt

Please log in to comment
0
That policy might be bypass with a vbsscript or exe or the reg.exe tool.
That GPO is not strong.
Answered 07/17/2008 by: Francoisracine
Third Degree Blue Belt

Please log in to comment
0
I assume your "package" is an MSI ?
Why are you using wise scripts to copy files and create reg keys when the MSi can do that ?
SMS can set elevated permissions for installs, so even though the user is logged in, it installs as an administrator, which should by-pass the global policy that prevents changing the registry.
Answered 07/17/2008 by: reds4eva
Second Degree Blue Belt

Please log in to comment
0
seems to me like this is overengineered to start with

why have A.exe and B.exe ? are they both just delivering reg keys ? what do they actually do ? are the EXE's files standalone or hosted in an msi ?
Answered 07/20/2008 by: jmcfadyen
Fifth Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity