Help needed with setting registry premissions

TheMSsForum.com: The Microsoft Software Forum

We are in the process of locking down workstations at our company and
after doing so many of the applications we use don't work properly. We
have identified the registry keys that need permission changes (there
are 4 per user)

Is there a way we can write a script that will run under a system
context that will change these permissions in the registry? We have to
modify the key permissions to EVERYONE with FULL ACCESS on 4 keys.

Thanks for any insight!

-Fran-
Top

Re: Help needed with setting registry premissions by Jerold

Jerold
Tue Apr 11 19:37:43 CDT 2006

On 11 Apr 2006 18:22:03 -0500, Fran <> wrote:

>We are in the process of locking down workstations at our company and
>after doing so many of the applications we use don't work properly. We
>have identified the registry keys that need permission changes (there
>are 4 per user)
>
>Is there a way we can write a script that will run under a system
>context that will change these permissions in the registry? We have to
>modify the key permissions to EVERYONE with FULL ACCESS on 4 keys.
>
>Thanks for any insight!
>
>-Fran-

Have you tried using Group Policy?
See tip 8724 » How can I use Group Policy to set File System and/or Registry permissions?
in the 'Tips & Tricks' at http://www.jsifaq.com

See tip 4141 » PsExec freeware executes programs remotely.
See tip 8530 » Corrected version of SubInAcl.

You could use psexec to remotely run subinacl on each workstation

@echo off
setlocal
set netdm=netdom query /domain:%userdnsdomain% workstation
for /f "Skip=1 Tokens=*" %%C in ('%netdm%') Do set cmp=%%C&call :getit
endlocal
goto :EOF
:getit
if "%cmp%" EQU "The command completed successfully." goto :EOF
:: Run PSEXEC here

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com
Top

Re: Help needed with setting registry premissions by Fran

Fran
Wed Apr 12 05:08:02 CDT 2006

I knew I could do SOME registry tricks but I didn't know THIS. Thanks
for the links! I'll check them out today.

-Fran-


>
>Have you tried using Group Policy?
>See tip 8724 » How can I use Group Policy to set File System and/or Registry permissions?
> in the 'Tips & Tricks' at http://www.jsifaq.com
>
>See tip 4141 » PsExec freeware executes programs remotely.
>See tip 8530 » Corrected version of SubInAcl.
>
>You could use psexec to remotely run subinacl on each workstation
>
>@echo off
>setlocal
>set netdm=netdom query /domain:%userdnsdomain% workstation
>for /f "Skip=1 Tokens=*" %%C in ('%netdm%') Do set cmp=%%C&call :getit
>endlocal
>goto :EOF
>:getit
>if "%cmp%" EQU "The command completed successfully." goto :EOF
>:: Run PSEXEC here
>
>Jerold Schulman
>Windows Server MVP
>JSI, Inc.
>http://www.jsiinc.com
>http://www.jsifaq.com
Top