Setting registry permissions via GP

M

Mark

For a legacy piece of software I need to give users write
permissions to a specific registry key within
hkey_local_machine/software

Rather than doing this on each machine I would like to
use group policies, but the registry element is not
configurable. I have also come across poledit as a
possible way of doing this

Any advice on the best way to do this would be most
appreciated

I posted this originally to the registry newsgroup, but
this one may be more appropriate
 
G

Gary Mudgett [MSFT]

Poledit does not change registry permissions it will only set registry
values according to the loaded templates.

You should be able to setup a domain based GPO in your active directory
domain to do that. There you will have the Registry option you are looking
for. This is not an option when you are in the local group policy.

--
--
Gary Mudgett, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
M

Mark \(Continuation form previosu reply\)

oops

I am assuming that MACHINE\SOFTWARE translates to
HKEY_LOCAL_MACHINE\SOFTWARE when the policy is loaded
onto the workstation
 
G

Gary Mudgett [MSFT]

You are correct that Machine is the same as HKEY_LOCAL_MACHINE.

What SP are the 2000 machines at?
I just tried it on my Win2k SP3 test domain controller and it did work.
There might be something about Pro workstations that is preventing it from
working. I remember one of my co-workers having a case like this, but
unfortunately nothing came of it.

You might need to consider a startup script for the computer and use
information from the following article to get that pushed out without having
to go to each workstation:
237607 How to Use Regini.exe to Set Permissions on Registry Keys
http://support.microsoft.com/?id=237607

or use SUBINACL (from the Windows 2000 resource kit) in a startup script to
grant those desired permissions, but be careful about a permission ordering
issue with the utility:
296865 The Subinacl Utility Arranges Access Control Entries Incorrectly
http://support.microsoft.com/?id=296865

An example command line might be to give them Set value permissions to the
key:
subinacl /subkeyreg hkey_local_machine\software\test
/grant="<domain>\Domain Users"=S

Hope that helps more!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

permissions to registry 1
Error Importing Registry file through GP 13
Group Policy Registry Wizard 2008 Server 2
EFS Registry Key Different on Different Machines 1
Setting HKCU register permissions 1
deploying registry permission fixes via GPO 1
Deploy MSI software with commands via GP? 2
GP Administrative template - cant get it to work 1

Top