Only Administrator Can Change Registry

[Brian]

If I logon as a domain user and I try to update the
registry with a .reg file, I get an error saying that
those registry keys are open and in use. If I log on as
either the local, or the domain, administrator, it works.
What could be the problem, is this some sort of security
setting somewhere? I used a batch file, to import proxy
settings for IE6, by executing a .reg file at logon and
had no problems. What could possibly be preventing me from
updating other registry keys? Any information is
appreciated and thank you in advance.

 

[Oli Restorick [MVP]]

Registry keys have permissions too! They can be changed using the
regedt32.exe utility (see the security menu).

Administrators and power users can change (almost all) keys under
HKEY_LOCAL_MACHINE. All users can modify HKEY_CURRENT_USER (which maps to
the currently-loggon-on user's profile).

Regards

Oli

 

[Guest]

Thank you very much Oli, I used regedt32 to change the
permissions on that branch of the registry and it worked
like a charm...

Brian

-----Original Message-----
Registry keys have permissions too! They can be changed using the
regedt32.exe utility (see the security menu).

Administrators and power users can change (almost all) keys under
HKEY_LOCAL_MACHINE. All users can modify

HKEY_CURRENT_USER (which maps to

 

[Oli Restorick [MVP]]

Glad it worked. I hope you didn't change the entire HKEY_LOCAL_MACHINE
branch, though.

It sounds like you are trying to use login scripts for systems management,
which is generally a bad idea. You should really only change user-specific
settings in login scripts.

You could consider using a computer start-up script (applied with group
policy) to change registry settings. That way, the registry import gets
done in the security context of the machine, rather than that of the user.

Hope this helps

Oli

 

[Brian]

No, actually I wrote a VB program to allow us to move
hasps, for our CAD/CAM program, from computer to computer.
The hasp has to be present before the program will even
run, so I wrote a program that just merges a .reg file,
with the update reg keys, with the current registry. By
changing the reg settings, this allows us to move the
hasps around and use options available on all of the
computers. Also, I just changed the permissions on the
branch for that specific software package,
[HKEY_LOCAL_MACHINE\SOFTWARE\Cimatron\CimatronIT13\] this
way the rest of the reg will not be touched in the
process. In my original version, I used some of the
available API declarations to change the registry, but
when it didn't work I took the easy way out, with the .reg
files... I just hope that this works with the new XP Pro
machines that we will be using. Thanks again for the
help...

Brian

 

[Oli Restorick [MVP]]

Cool. That's the way to do these things.

If you're ever faced with having to loosen security to make a program run,
regmon from www.sysinternals.com is a great tool for monitoring which
registry keys a program is trying to access.

Cheers

Oli

No, actually I wrote a VB program to allow us to move
hasps, for our CAD/CAM program, from computer to computer.
The hasp has to be present before the program will even
run, so I wrote a program that just merges a .reg file,
with the update reg keys, with the current registry. By
changing the reg settings, this allows us to move the
hasps around and use options available on all of the
computers. Also, I just changed the permissions on the
branch for that specific software package,
[HKEY_LOCAL_MACHINE\SOFTWARE\Cimatron\CimatronIT13\] this
way the rest of the reg will not be touched in the
process. In my original version, I used some of the
available API declarations to change the registry, but
when it didn't work I took the easy way out, with the .reg
files... I just hope that this works with the new XP Pro
machines that we will be using. Thanks again for the
help...

Brian

-----Original Message-----
Glad it worked. I hope you didn't change the entire HKEY_LOCAL_MACHINE
branch, though.

It sounds like you are trying to use login scripts for systems management,
which is generally a bad idea. You should really only change user-specific
settings in login scripts.

You could consider using a computer start-up script (applied with group
policy) to change registry settings. That way, the registry import gets
done in the security context of the machine, rather than that of the user.

Hope this helps

Oli





.