Creating run key with admin privileges
We have policies in our environment so that non-admin users cannot write to the regkeys like HKLM\software\Microsoft\windows\Currentversion\Run
How do I bypass this to create a windows\currentversion\run key?
Here is what I need to do when the package gets deployed via SMS:
1) copy file b.exe to C:\mydir\
2) Create a run key in HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
To achieve:
When any user logs on, the file b.exe will get executed. Note: I am not allowed to add the file in startup for each user, and thus I need something in the run key to trigger this file b.exe, everytime a user logs on.
Question:
When I run this script on a test machine (even while logged as admin), I get an error that the registry modification can only be made by admin privileges.
What have I done:
Ceated 2 wse files (a and b) - compiled as a.exe and b.exe
when the script runs, it calls a.exe (this copies b.exe locally [works fine] and tries to create the regkey in 'run' and that is where I see the error.
What am I missing? How do I add the 'run' regkey on the user's machine?
thanks
How do I bypass this to create a windows\currentversion\run key?
Here is what I need to do when the package gets deployed via SMS:
1) copy file b.exe to C:\mydir\
2) Create a run key in HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
To achieve:
When any user logs on, the file b.exe will get executed. Note: I am not allowed to add the file in startup for each user, and thus I need something in the run key to trigger this file b.exe, everytime a user logs on.
Question:
When I run this script on a test machine (even while logged as admin), I get an error that the registry modification can only be made by admin privileges.
What have I done:
Ceated 2 wse files (a and b) - compiled as a.exe and b.exe
when the script runs, it calls a.exe (this copies b.exe locally [works fine] and tries to create the regkey in 'run' and that is where I see the error.
What am I missing? How do I add the 'run' regkey on the user's machine?
thanks
0 Comments
[ + ] Show comments
Answers (4)
Please log in to answer
Posted by:
anonymous_9363
15 years ago
Almost certainly, your problem is due to the policy-based restriction. I think you need to create an override group and policy, but don't quote me.
Post a question on GPTalk. You need to subscribe first http://www.freelists.org/list/gptalk. You'll then get an activation link, after which you can pose your question.
Post a question on GPTalk. You need to subscribe first http://www.freelists.org/list/gptalk. You'll then get an activation link, after which you can pose your question.
Posted by:
Francoisracine
15 years ago
That policy might be bypass with a vbsscript or exe or the reg.exe tool.
That GPO is not strong.
That GPO is not strong.
Posted by:
reds4eva
15 years ago
I assume your "package" is an MSI ?
Why are you using wise scripts to copy files and create reg keys when the MSi can do that ?
SMS can set elevated permissions for installs, so even though the user is logged in, it installs as an administrator, which should by-pass the global policy that prevents changing the registry.
Why are you using wise scripts to copy files and create reg keys when the MSi can do that ?
SMS can set elevated permissions for installs, so even though the user is logged in, it installs as an administrator, which should by-pass the global policy that prevents changing the registry.
Posted by:
jmcfadyen
15 years ago
seems to me like this is overengineered to start with
why have A.exe and B.exe ? are they both just delivering reg keys ? what do they actually do ? are the EXE's files standalone or hosted in an msi ?
why have A.exe and B.exe ? are they both just delivering reg keys ? what do they actually do ? are the EXE's files standalone or hosted in an msi ?
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
