[K12OSN] Windows Grouppolicy Keys at login

Kevin Verheyen thepiano at telenet.be
Mon Aug 15 00:19:20 UTC 2005 

I'm yet working a whole day to get this scripted.
But cannot get my script f.e. to add the
>>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion   
>>>>>> \Policies\Explorer]
>>>>>> "NoInstrumentation"=dword:00000001
to the registry at login.

As Admin yes, as member of Domain Users, yes, bu unfortunately not as  
regular domain user.
Could you share you script or how you handle it?

Kevin

Op 15-aug-05, om 02:13 heeft Jason Ingalls het volgende geschreven:

> That was my understanding as well. However, someone made a good  
> point a few days
> ago on this list about how if a user could modify the GP registry  
> keys, they
> could simply edit away any restrictions placed on them by GP's.
>
> Plus, I've yet to successfully edit those keys as a regular user.  
> My problem
> with using this work around method is the admin password needs to  
> be put in the
> startup.bat file that can easily be seen by a regular user.
>
>
> -- 
> Jason Ingalls
> Ellsworth School Department
> IT Specialist
> 207-667-4722 Ext. 5529
> jingalls (at) ellsworthschools.org
>
>
> Quoting Brian Chivers <brian at portsmouth-college.ac.uk>:
>
>
>> I'll have to try that when I get to work, I was under the  
>> understanding that anything under HKEY_CURRENT_USER was alterable  
>> by a regular user ??
>>
>> Brian
>>
>> Kevin Verheyen wrote:
>>
>>> You have to be Local Admin to alter those keys that are part of  
>>> the  grouppolicy.
>>> You can't ex. change the
>>>
>>>
>>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion   
>>>>>> \Policies\Explorer]
>>>>>> "NoInstrumentation"=dword:00000001
>>>>>> "NoSimpleStartMenu"=dword:00000001
>>>>>> "NoWelcomeScreen"=dword:00000001
>>>>>>
>>>
>>>
>>> Without local admin rights.
>>> I've tried this opening regedit as normal user and altering  
>>> those  keys, and you'll get a access denied error
>>>
>>> Kevin
>>>
>>> Op 14-aug-05, om 12:09 heeft Brian Chivers het volgende geschreven:
>>>
>>>
>>>> For things that alter HKEY_CURRENT_USER you don't have to be a   
>>>> Local Admin. We run our login script as the users login in and   
>>>> alter my doc's etc without admin rights.
>>>>
>>>> Brian Chivers
>>>> Portsmouth College
>>>>
>>>>
>>>> Kevin Verheyen wrote:
>>>>
>>>>
>>>>> One more URL with all info about Group Policys
>>>>> http://www.computerperformance.co.uk/w2k3/gp/index.htm
>>>>> Kevin
>>>>> Op 13-aug-05, om 23:57 heeft Kevin Verheyen het volgende  
>>>>> geschreven:
>>>>>
>>>>>
>>>>>> Yeehaa !!!
>>>>>>
>>>>>> I've finally found the solution to add registery keys to the    
>>>>>> register at login,
>>>>>> while running regedit as (member of) Local Administrator  
>>>>>> (which  is  required for Group Policy Keys)
>>>>>> This disables or minimizes the need for an Active Directory  
>>>>>> server.
>>>>>> All possible keys are easy to find at:
>>>>>> http://winportal.net/support/grouppolicy.html
>>>>>>
>>>>>>
>>>>>> First of all there's the startup.bat script I do use (please   
>>>>>> adapt  to your needs):
>>>>>>
>>>>>> ---------------------------------------
>>>>>> @ECHO OFF
>>>>>> net use S: /DELETE
>>>>>> net use L: /DELETE
>>>>>> net use K: /DELETE
>>>>>> net use Z: /DELETE
>>>>>> net use R: /DELETE
>>>>>>
>>>>>> net use S: \\SINT-LUTGARDIS\Secretariaat
>>>>>> net use L: \\SINT-LUTGARDIS\Leerkrachten
>>>>>> net use K: \\SINT-LUTGARDIS\Leerlingen
>>>>>> net use Z: \\SINT-LUTGARDIS\Zorg
>>>>>> net use R: \\SINT-LUTGARDIS\Rapporten
>>>>>>
>>>>>> cd p:
>>>>>> IF NOT EXIST "P:\Mijn Documenten\." MD "P:\Mijn Documenten"
>>>>>> IF NOT EXIST "P:\Desktop\." MD "P:\Desktop"
>>>>>> regedit /s \\SINT-LUTGARDIS\netlogon\mydoc.reg
>>>>>> REM thnx to Jim Kronebusch for this one
>>>>>>
>>>>>> start /w "GROUPPOL.reg" "\\SINT-LUTGARDIS\netlogon\CPAU.exe" - 
>>>>>> u   SINT-LUTGARDIS\root -p slsictict -ex "\\SINT-LUTGARDIS 
>>>>>> \netlogon  \GROUPPOL.bat" -hide
>>>>>> :END
>>>>>>
>>>>>> -------------------
>>>>>>
>>>>>> The CPAU app you can find as freeware:
>>>>>> http://www.joeware.net/win/free/tools/cpau.htm
>>>>>>
>>>>>> the mydoc.reg
>>>>>> REM thnx to Jim Kronebusch for this one
>>>>>> ---------------------
>>>>>> REGEDIT4
>>>>>>
>>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT 
>>>>>> \CurrentVersion  \Winlogon]
>>>>>> "ExcludeProfileDirs"="Local Settings;Temporary Internet    
>>>>>> Files;Geschiedenis;Temp;Mijn Documenten;Bureaublad"
>>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion   
>>>>>> \Explorer\Shell Folders]
>>>>>> "Personal"="P:\\Mijn Documenten"
>>>>>> "Desktop"="P:\\Desktop"
>>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion   
>>>>>> \Explorer\User Shell Folders]
>>>>>> "Personal"="P:\\Mijn Documenten"
>>>>>> "Desktop"="P:\\Desktop"
>>>>>> -------------------
>>>>>>
>>>>>>
>>>>>> and finally the groupbat.bat is simply calling
>>>>>> ----------
>>>>>> regedit /s \\SINT-LUTGARDIS\netlogon\GROUPPOL.reg
>>>>>> ----------
>>>>>>
>>>>>> grouppol.reg
>>>>>> ---------------
>>>>>> REGEDIT4
>>>>>>
>>>>>> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion   
>>>>>> \Policies\Explorer]
>>>>>> "NoInstrumentation"=dword:00000001
>>>>>> "NoSimpleStartMenu"=dword:00000001
>>>>>> "NoWelcomeScreen"=dword:00000001
>>>>>>
>>>>>>
>>>>>> If any of you are having better options, please let me know
>>>>>> I'd like to learn every day of my life...
>>>>>> Don't know if this is a very secure way of life, if I do take   
>>>>>> big  risks please tell me :-)
>>>>>>
>>>>>> Kevin
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Op 12-aug-05, om 21:20 heeft Kevin Verheyen het volgende  
>>>>>> geschreven:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I found a wonderful source on the internet with all  
>>>>>>> possible   userkeys used by windows Group Policy
>>>>>>>
>>>>>>> http://winportal.net/support/grouppolicy.html
>>>>>>>
>>>>>>> Certainly a wonderful source of info !!
>>>>>>>
>>>>>>> Kevin
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> K12OSN mailing list
>>>>>>> K12OSN at redhat.com
>>>>>>> https://www.redhat.com/mailman/listinfo/k12osn
>>>>>>> For more info see <http://www.k12os.org>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> K12OSN mailing list
>>>>>> K12OSN at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/k12osn
>>>>>> For more info see <http://www.k12os.org>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> K12OSN mailing list
>>>>> K12OSN at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/k12osn
>>>>> For more info see <http://www.k12os.org>
>>>>>
>>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------
>>>>    The views expressed here are my own and not   
>>>> necessarily                the views of Portsmouth College
>>>> _______________________________________________
>>>> K12OSN mailing list
>>>> K12OSN at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/k12osn
>>>> For more info see <http://www.k12os.org>
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> https://www.redhat.com/mailman/listinfo/k12osn
>>> For more info see <http://www.k12os.org>
>>>
>>
>>
>> ---------------------------------------------------------------
>>    The views expressed here are my own and not  
>> necessarily                the views of Portsmouth  
>> College             _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>>
>>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
>

More information about the K12OSN mailing list