When a login script runs at login on a client connected to a 2k server, does
it run with elevated rights or the users rights?

I want to push out a registry hack to all clients and the easiest way seems
to be through the login script, but obviously it would need to run with
elevated rights or it would not work.

Thanks

Keith

It runs as the user.

When you say it "obviously" needs to run with elevated rights, this may not
be true.

The two main registry hives that you'd want to modify are HKEY_LOCAL_MACHINE
and HKEY_CURRENT_USER. All users have permission to change almost all keys
in the HKEY_CURRENT_USER hive. It corresponds to the ntuser.dat file in
their profile and stores their settings.

If you are modifying keys in this hive, a login script will do fine.

If you want to modify keys in HKEY_LOCAL_MACHINE, then a computer startup
script assigned with group policy would be the way to do this. This runs
when the computer logs on to the domain, rather than when a user logs on.

Hope this helps

Oli



"Keith" <@.> wrote in message news:#(E-Mail Removed)...
> When a login script runs at login on a client connected to a 2k server,
does
> it run with elevated rights or the users rights?
>
> I want to push out a registry hack to all clients and the easiest way
seems
> to be through the login script, but obviously it would need to run with
> elevated rights or it would not work.
>
> Thanks
>
> Keith
>
>

If your running AD you can run the scripts as Start-up Scripts as these run
with admin rights.

--

Wocka



"Keith" <@.> wrote in message news:#(E-Mail Removed)...
> When a login script runs at login on a client connected to a 2k server,
does
> it run with elevated rights or the users rights?
>
> I want to push out a registry hack to all clients and the easiest way
seems
> to be through the login script, but obviously it would need to run with
> elevated rights or it would not work.
>
> Thanks
>
> Keith
>
>

I am modifying keys in the [HKEY_LOCAL_MACHINE], [HKEY_CURRENT_USER], and
[HKEY_USERS\.Default\].

If I create one .reg file, can I push it out using AD to all these hives at
once?

If I do it as a startup script, it will have admin rights to edit
[HKEY_LOCAL_MACHINE], but would it be able to change [HKEY_CURRENT_USER] at
the same time?


"Oli Restorick [MVP]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> It runs as the user.
>
> When you say it "obviously" needs to run with elevated rights, this may
not
> be true.
>
> The two main registry hives that you'd want to modify are
HKEY_LOCAL_MACHINE
> and HKEY_CURRENT_USER. All users have permission to change almost all
keys
> in the HKEY_CURRENT_USER hive. It corresponds to the ntuser.dat file in
> their profile and stores their settings.
>
> If you are modifying keys in this hive, a login script will do fine.
>
> If you want to modify keys in HKEY_LOCAL_MACHINE, then a computer startup
> script assigned with group policy would be the way to do this. This runs
> when the computer logs on to the domain, rather than when a user logs on.
>
> Hope this helps
>
> Oli
>
>
>
> "Keith" <@.> wrote in message news:#(E-Mail Removed)...
> > When a login script runs at login on a client connected to a 2k server,
> does
> > it run with elevated rights or the users rights?
> >
> > I want to push out a registry hack to all clients and the easiest way
> seems
> > to be through the login script, but obviously it would need to run with
> > elevated rights or it would not work.
> >
> > Thanks
> >
> > Keith
> >
> >
>
>

You'll need to break this down into two .reg files. You would run the one
containing the HKEY_CURRENT_USER (HKCU) entires as a login script.

The HKEY_LOCAL_MACHINE (HKLM) and HKEY_USERS\.Default go in the other .reg
file which you would apply using a computer startup script.

Just to clarify; HKCU contains the settings for the currently-logged in
session. The .Default branch is what's loaded when the computer is sitting
at the login screen. It isn't, as is commonly thought, the settings that
new users get when they log in for the first time.

Hope this helps

Oli



"Keith" <@.> wrote in message news:#(E-Mail Removed)...
> I am modifying keys in the [HKEY_LOCAL_MACHINE], [HKEY_CURRENT_USER], and
> [HKEY_USERS\.Default\].
>
> If I create one .reg file, can I push it out using AD to all these hives
at
> once?
>
> If I do it as a startup script, it will have admin rights to edit
> [HKEY_LOCAL_MACHINE], but would it be able to change [HKEY_CURRENT_USER]
at
> the same time?
>
>
> "Oli Restorick [MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > It runs as the user.
> >
> > When you say it "obviously" needs to run with elevated rights, this may
> not
> > be true.
> >
> > The two main registry hives that you'd want to modify are
> HKEY_LOCAL_MACHINE
> > and HKEY_CURRENT_USER. All users have permission to change almost all
> keys
> > in the HKEY_CURRENT_USER hive. It corresponds to the ntuser.dat file in
> > their profile and stores their settings.
> >
> > If you are modifying keys in this hive, a login script will do fine.
> >
> > If you want to modify keys in HKEY_LOCAL_MACHINE, then a computer
startup
> > script assigned with group policy would be the way to do this. This
runs
> > when the computer logs on to the domain, rather than when a user logs
on.
> >
> > Hope this helps
> >
> > Oli
> >
> >
> >
> > "Keith" <@.> wrote in message
news:#(E-Mail Removed)...
> > > When a login script runs at login on a client connected to a 2k
server,
> > does
> > > it run with elevated rights or the users rights?
> > >
> > > I want to push out a registry hack to all clients and the easiest way
> > seems
> > > to be through the login script, but obviously it would need to run
with
> > > elevated rights or it would not work.
> > >
> > > Thanks
> > >
> > > Keith
> > >
> > >
> >
> >
>
>