Modify HKCU\Software\Microsoft\Windows\Currentversion\Policy\Explorer permission

[Spring]

Hello,
I am in a windows 2003 and XP enviroment and I am trying to add two Dword
values for all the restrict users under
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policy\Explorer
However, by default, only administrators have write permission to the
location and logon script (batch file insert reg keys) only works for
administrators and will not work for restrict users or power users.
To make the logon script work, I need to change the default permission on
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policy\Explorer
I read some KB articles on "regini.exe". It appears I need to provide SIDs
for all the users. Is there a wild card I can use?
Or
Can I accomplish the task with GPO?
Or
Can I change premission on certain reg hives on local machines and when new
HKEY_Current_user is created, it inherate the permission from predefined
template?

Thanks in advance

 

[Mark Renoden [MSFT]]

Hi Spring

What are the specific DWORDs you are attempting to write?

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Mark Renoden [MSFT]]

Hi Spring

"NoRun" can be applied using policy under

User Configuration -> Administrative Templates -> Start Menu and
Taskbar -> Remove Run menu from Start menu

I can't see "NoFileURL" in any of the standard .ADM files. Your best bet is
probably to create a custom .ADM file for "NoFileURL" and add it to a policy
that then enforces both "NoFileURL" and "NoRun" on the appropriate OU of
users.

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Spring

What are the specific DWORDs you are attempting to write?

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no
rights.

Hello,
I am in a windows 2003 and XP enviroment and I am trying to add two Dword
values for all the restrict users under
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policy\Explorer
However, by default, only administrators have write permission to the
location and logon script (batch file insert reg keys) only works for
administrators and will not work for restrict users or power users.
To make the logon script work, I need to change the default permission on
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policy\Explorer
I read some KB articles on "regini.exe". It appears I need to provide
SIDs
for all the users. Is there a wild card I can use?
Or
Can I accomplish the task with GPO?
Or
Can I change premission on certain reg hives on local machines and when
new
HKEY_Current_user is created, it inherate the permission from predefined
template?

Thanks in advance