kerrr81 Posted March 22, 2007 Share Posted March 22, 2007 Hi I just discovered AutoItV3 yesterday so be patient with me please! I have a requirement to update the Policy registry keys in HKLM and HKCU for all domain users when they logon to their XP SP2 workstation. To update these keys I need to do it with administrator credentials but in the "logged on users" environment so their Current User hive is updated. I can't get my commands to run as the admin account, it always seems like the command is being run in the context of the domain user logging on and not the adminuser because I get access denied messages. The au3 script has been compiled and gets called from a logon script. Here's my script, if someone could assist that'd be great! thanks. Dim $UserName, $DomainName, $Password $UserName = "adminuser" $DomainName = "DOMAIN" $Password = "********" RunAsSet ( $UserName, $DomainName, $Password, 2) Run (@ComSpec & " /c " & "%LogonServer%\NETLOGON\regupdate.cmd") The regupdate.cmd file contains this; reg.exe add HKCU\Software\Policies\Microsoft\Windows reg.exe add HKCU\Software\Policies\Microsoft\Windows\System reg.exe add HKCU\Software\Policies\Microsoft\Windows\System /v GroupPolicyMinTransferRate /t REG_DWORD /d 0 /f reg.exe add HKLM\Software\Policies\Microsoft\Windows reg.exe add HKLM\Software\Policies\Microsoft\Windows\System reg.exe add HKLM\Software\Policies\Microsoft\Windows\System /v GroupPolicyMinTransferRate /t REG_DWORD /d 0 /f Link to comment Share on other sites More sharing options...
cruizzer Posted March 22, 2007 Share Posted March 22, 2007 Hi Are you sure, that you can use the variable %LogonServer% in a logon script..?? Cruizzer Link to comment Share on other sites More sharing options...
Developers Jos Posted March 22, 2007 Developers Share Posted March 22, 2007 Hi I just discovered AutoItV3 yesterday so be patient with me please! I have a requirement to update the Policy registry keys in HKLM and HKCU for all domain users when they logon to their XP SP2 workstation. To update these keys I need to do it with administrator credentials but in the "logged on users" environment so their Current User hive is updated. I can't get my commands to run as the admin account, it always seems like the command is being run in the context of the domain user logging on and not the adminuser because I get access denied messages. The au3 script has been compiled and gets called from a logon script. Here's my script, if someone could assist that'd be great! thanks. Dim $UserName, $DomainName, $Password $UserName = "adminuser" $DomainName = "DOMAIN" $Password = "********" RunAsSet ( $UserName, $DomainName, $Password, 2) Run (@ComSpec & " /c " & "%LogonServer%\NETLOGON\regupdate.cmd") The regupdate.cmd file contains this; reg.exe add HKCU\Software\Policies\Microsoft\Windows reg.exe add HKCU\Software\Policies\Microsoft\Windows\System reg.exe add HKCU\Software\Policies\Microsoft\Windows\System /v GroupPolicyMinTransferRate /t REG_DWORD /d 0 /f reg.exe add HKLM\Software\Policies\Microsoft\Windows reg.exe add HKLM\Software\Policies\Microsoft\Windows\System reg.exe add HKLM\Software\Policies\Microsoft\Windows\System /v GroupPolicyMinTransferRate /t REG_DWORD /d 0 /f Opt("ExpandEnvStrings", 1) Run (@ComSpec & " /c \\%LogonServer%\NETLOGON\regupdate.cmd") SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
jinxter Posted March 22, 2007 Share Posted March 22, 2007 maybe use autoit to change in the registry instead of calling a cmd-file... RegWrite ( "keyname" [,"valuename", "type", value] ) > there are 10 types of people in the world, those who understand binary and those who don't. Link to comment Share on other sites More sharing options...
kerrr81 Posted March 22, 2007 Author Share Posted March 22, 2007 (edited) HiAre you sure, that you can use the variable %LogonServer% in a logon script..??CruizzerHi, yes. That variable is set before the login script runs.It's the login script defined in the users AD profile Edited March 22, 2007 by kerrr81 Link to comment Share on other sites More sharing options...
kerrr81 Posted March 22, 2007 Author Share Posted March 22, 2007 Opt("ExpandEnvStrings", 1) Run (@ComSpec & " /c \\%LogonServer%\NETLOGON\regupdate.cmd") Thanks JdeB - this got variables working in the dos shell OK and got me on the right track. However it seems that the Policy area in the HKCU hive is special and the only bit actually restricted to read only access to the current user. The way the hive gets loaded means that it's just not possible to use someone elses credentials to modify the current user hive while already open. Regwrite didn't work because of this reason, but thanks for the suggestion. I got a workaround by making the current user a local administrator first of all, then they have permission to update that area of their registry, then remove them from the group. Being new to this my script is clunky but it works so how can I streamline it. Thanks again Dim $UserName, $DomainName, $Password $UserName = "adminuser" $DomainName = "DOMAIN" $Password = "********" RunAsSet ( $UserName, $DomainName, $Password, 0) Opt("ExpandEnvStrings", 1) RunWait (@ComSpec & " /c net localgroup administrators /add %username%") RunAsSet ( $UserName, $DomainName, $Password, 2) RunWait (@ComSpec & " /c %LogonServer%\NETLOGON\regupdate.cmd", @SystemDir) RunAsSet ( $UserName, $DomainName, $Password, 0) RunWait (@ComSpec & " /c net localgroup administrators /delete %username%") Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now