Sign in to follow this  
Followers 0
fgilain

RegWrite + user permission ? runas ?

4 posts in this topic

#1 ·  Posted (edited)

hi all,

I have a little script that need to be able to create/update a key in the Registry. in HKLM and/or HKCU sub-tree.

Problem : when i run my AutoIT EXE file in the user session, he isn't allowed to d othis.

is there a tip to do this using another DOMAIN user account in order to get access to these 2 registry keys ?

thanks

Florent

Edited by fgilain

Share this post


Link to post
Share on other sites



Windows XP SP3 OS, here is what i try to do (but doesn't works at all...):

deleting key :

RunAs($sUserName, $sDomainName, $sPassword, 0, @ComSpec & " /c " & "reg.exe delete HKLM\Software\Policies\Microsoft\Communicator\TabUrl /f", @SystemDir, @SW_HIDE)

RunAs($sUserName, $sDomainName, $sPassword, 0, @ComSpec & " /c " & "reg.exe delete HKCU\Software\Policies\Microsoft\Communicator\TabUrl /f", @SystemDir, @SW_HIDE)

adding key :

Select

Case $User_Btn And BitAND(GUICtrlRead($User_Btn), $GUI_CHECKED) = $GUI_CHECKED

;$add_conf_tab = RegWrite("HKEY_CURRENT_USER\Software\Policies\Microsoft\Communicator", "TabUrl", "REG_SZ", GUICtrlRead($TabUrl))

RunAs($sUserName, $sDomainName, $sPassword, 0, @ComSpec & " /c " & "reg.exe add HKCU\Software\Policies\Microsoft\Communicator /v TabUrl /d " & $TabUrl & " /t REG_SZ /f", @SystemDir, @SW_HIDE)

Case $Machine_Btn And BitAND(GUICtrlRead($Machine_Btn), $GUI_CHECKED) = $GUI_CHECKED

;$add_conf_tab = RegWrite("HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Communicator", "TabUrl", "REG_SZ", GUICtrlRead($TabUrl))

RunAs($sUserName, $sDomainName, $sPassword, 0, @ComSpec & " /c " & "reg.exe add HKLM\Software\Policies\Microsoft\Communicator /v TabUrl /d " & $TabUrl & " /t REG_SZ /f", @SystemDir, @SW_HIDE)

EndSelect

Share this post


Link to post
Share on other sites

Hi,

RunAs($sUserName, $sDomainName, $sPassword, 0, @ComSpec & " /c " & "reg.exe delete HKCU\Software\Policies\Microsoft\Communicator\TabUrl /f", @SystemDir, @SW_HIDE)

will delete and (later on) create the registry keys in the registry-path of the user that belongs to $sUserName. Your user that will logon to the machine won't ever get this registry key. Another hint: What will happen if someone else will logon to this machine? He also will never get the registry settings.

If you are on a Windows 2008 domain level, you can deploy registry keys easily via GPO.

If you are on an earlier domain level you should try to create MSI packages via InstallShield LE (yes, it's still alive!) and also distribute them via GPO. It's just as easy as AutoIt >_<

Sorry for my solution is not in conjunction with AutoIt.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0