We have policies in our environment so that non-admin users cannot write to the regkeys like HKLM\software\Microsoft\windows\Currentversion\Run

How do I bypass this to create a windows\currentversion\run key?

Here is what I need to do when the package gets deployed via SMS:
1) copy file b.exe to C:\mydir\
2) Create a run key in HKLM\Software\Microsoft\Windows\CurrentVersion\Run\

To achieve:
When any user logs on, the file b.exe will get executed. Note: I am not allowed to add the file in startup for each user, and thus I need something in the run key to trigger this file b.exe, everytime a user logs on.

When I run this script on a test machine (even while logged as admin), I get an error that the registry modification can only be made by admin privileges.

What have I done:
Ceated 2 wse files (a and b) - compiled as a.exe and b.exe
when the script runs, it calls a.exe (this copies b.exe locally [works fine] and tries to create the regkey in 'run' and that is where I see the error.

What am I missing? How do I add the 'run' regkey on the user's machine?

0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


Almost certainly, your problem is due to the policy-based restriction. I think you need to create an override group and policy, but don't quote me.

Post a question on GPTalk. You need to subscribe first http://www.freelists.org/list/gptalk. You'll then get an activation link, after which you can pose your question.
Answered 07/17/2008 by: VBScab
Red Belt

Please log in to comment
That policy might be bypass with a vbsscript or exe or the reg.exe tool.
That GPO is not strong.
Answered 07/17/2008 by: Francoisracine
Third Degree Blue Belt

Please log in to comment
I assume your "package" is an MSI ?
Why are you using wise scripts to copy files and create reg keys when the MSi can do that ?
SMS can set elevated permissions for installs, so even though the user is logged in, it installs as an administrator, which should by-pass the global policy that prevents changing the registry.
Answered 07/17/2008 by: reds4eva
Second Degree Blue Belt

Please log in to comment
seems to me like this is overengineered to start with

why have A.exe and B.exe ? are they both just delivering reg keys ? what do they actually do ? are the EXE's files standalone or hosted in an msi ?
Answered 07/20/2008 by: jmcfadyen
Fifth Degree Black Belt

Please log in to comment