[K12OSN] Windows Grouppolicy Keys at login

Jason Ingalls jingalls at ellsworthschools.org
Mon Aug 15 00:13:45 UTC 2005 

That was my understanding as well. However, someone made a good point a 
few days
ago on this list about how if a user could modify the GP registry keys, they
could simply edit away any restrictions placed on them by GP's.

Plus, I've yet to successfully edit those keys as a regular user. My problem
with using this work around method is the admin password needs to be 
put in the
startup.bat file that can easily be seen by a regular user.


-- 
Jason Ingalls
Ellsworth School Department
IT Specialist
207-667-4722 Ext. 5529
jingalls (at) ellsworthschools.org


Quoting Brian Chivers <brian at portsmouth-college.ac.uk>:

> I'll have to try that when I get to work, I was under the 
> understanding that anything under HKEY_CURRENT_USER was alterable by 
> a regular user ??
>
> Brian
>
> Kevin Verheyen wrote:
>> You have to be Local Admin to alter those keys that are part of the  
>> grouppolicy.
>> You can't ex. change the
>>
>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion  
>>>>> \Policies\Explorer]
>>>>> "NoInstrumentation"=dword:00000001
>>>>> "NoSimpleStartMenu"=dword:00000001
>>>>> "NoWelcomeScreen"=dword:00000001
>>
>>
>> Without local admin rights.
>> I've tried this opening regedit as normal user and altering those  
>> keys, and you'll get a access denied error
>>
>> Kevin
>>
>> Op 14-aug-05, om 12:09 heeft Brian Chivers het volgende geschreven:
>>
>>> For things that alter HKEY_CURRENT_USER you don't have to be a  
>>> Local Admin. We run our login script as the users login in and  
>>> alter my doc's etc without admin rights.
>>>
>>> Brian Chivers
>>> Portsmouth College
>>>
>>>
>>> Kevin Verheyen wrote:
>>>
>>>> One more URL with all info about Group Policys
>>>> http://www.computerperformance.co.uk/w2k3/gp/index.htm
>>>> Kevin
>>>> Op 13-aug-05, om 23:57 heeft Kevin Verheyen het volgende geschreven:
>>>>
>>>>> Yeehaa !!!
>>>>>
>>>>> I've finally found the solution to add registery keys to the   
>>>>> register at login,
>>>>> while running regedit as (member of) Local Administrator (which  
>>>>> is  required for Group Policy Keys)
>>>>> This disables or minimizes the need for an Active Directory server.
>>>>> All possible keys are easy to find at:
>>>>> http://winportal.net/support/grouppolicy.html
>>>>>
>>>>>
>>>>> First of all there's the startup.bat script I do use (please  
>>>>> adapt  to your needs):
>>>>>
>>>>> ---------------------------------------
>>>>> @ECHO OFF
>>>>> net use S: /DELETE
>>>>> net use L: /DELETE
>>>>> net use K: /DELETE
>>>>> net use Z: /DELETE
>>>>> net use R: /DELETE
>>>>>
>>>>> net use S: \\SINT-LUTGARDIS\Secretariaat
>>>>> net use L: \\SINT-LUTGARDIS\Leerkrachten
>>>>> net use K: \\SINT-LUTGARDIS\Leerlingen
>>>>> net use Z: \\SINT-LUTGARDIS\Zorg
>>>>> net use R: \\SINT-LUTGARDIS\Rapporten
>>>>>
>>>>> cd p:
>>>>> IF NOT EXIST "P:\Mijn Documenten\." MD "P:\Mijn Documenten"
>>>>> IF NOT EXIST "P:\Desktop\." MD "P:\Desktop"
>>>>> regedit /s \\SINT-LUTGARDIS\netlogon\mydoc.reg
>>>>> REM thnx to Jim Kronebusch for this one
>>>>>
>>>>> start /w "GROUPPOL.reg" "\\SINT-LUTGARDIS\netlogon\CPAU.exe" -u   
>>>>> SINT-LUTGARDIS\root -p slsictict -ex "\\SINT-LUTGARDIS\netlogon  
>>>>> \GROUPPOL.bat" -hide
>>>>> :END
>>>>>
>>>>> -------------------
>>>>>
>>>>> The CPAU app you can find as freeware:
>>>>> http://www.joeware.net/win/free/tools/cpau.htm
>>>>>
>>>>> the mydoc.reg
>>>>> REM thnx to Jim Kronebusch for this one
>>>>> ---------------------
>>>>> REGEDIT4
>>>>>
>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion  
>>>>> \Winlogon]
>>>>> "ExcludeProfileDirs"="Local Settings;Temporary Internet   
>>>>> Files;Geschiedenis;Temp;Mijn Documenten;Bureaublad"
>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion  
>>>>> \Explorer\Shell Folders]
>>>>> "Personal"="P:\\Mijn Documenten"
>>>>> "Desktop"="P:\\Desktop"
>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion  
>>>>> \Explorer\User Shell Folders]
>>>>> "Personal"="P:\\Mijn Documenten"
>>>>> "Desktop"="P:\\Desktop"
>>>>> -------------------
>>>>>
>>>>>
>>>>> and finally the groupbat.bat is simply calling
>>>>> ----------
>>>>> regedit /s \\SINT-LUTGARDIS\netlogon\GROUPPOL.reg
>>>>> ----------
>>>>>
>>>>> grouppol.reg
>>>>> ---------------
>>>>> REGEDIT4
>>>>>
>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion  
>>>>> \Policies\Explorer]
>>>>> "NoInstrumentation"=dword:00000001
>>>>> "NoSimpleStartMenu"=dword:00000001
>>>>> "NoWelcomeScreen"=dword:00000001
>>>>>
>>>>>
>>>>> If any of you are having better options, please let me know
>>>>> I'd like to learn every day of my life...
>>>>> Don't know if this is a very secure way of life, if I do take  
>>>>> big  risks please tell me :-)
>>>>>
>>>>> Kevin
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Op 12-aug-05, om 21:20 heeft Kevin Verheyen het volgende geschreven:
>>>>>
>>>>>
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I found a wonderful source on the internet with all possible   
>>>>>> userkeys used by windows Group Policy
>>>>>>
>>>>>> http://winportal.net/support/grouppolicy.html
>>>>>>
>>>>>> Certainly a wonderful source of info !!
>>>>>>
>>>>>> Kevin
>>>>>>
>>>>>> _______________________________________________
>>>>>> K12OSN mailing list
>>>>>> K12OSN at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/k12osn
>>>>>> For more info see <http://www.k12os.org>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> K12OSN mailing list
>>>>> K12OSN at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/k12osn
>>>>> For more info see <http://www.k12os.org>
>>>>>
>>>>>
>>>>>
>>>> _______________________________________________
>>>> K12OSN mailing list
>>>> K12OSN at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/k12osn
>>>> For more info see <http://www.k12os.org>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------
>>>    The views expressed here are my own and not  necessarily         
>>>        the views of Portsmouth College
>>> _______________________________________________
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> https://www.redhat.com/mailman/listinfo/k12osn
>>> For more info see <http://www.k12os.org>
>>>
>>>
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>
>
> ---------------------------------------------------------------
>    The views expressed here are my own and not necessarily            
>     the views of Portsmouth College             
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

More information about the K12OSN mailing list