Database Search
TechHome
 |
- A definitve source of Registry info
- Accessing Alternate Registry View
- Additional Key Handles
- Backing up the Registry
- Basic Registry Info and Utilities
- Change Registry Permissions and Modify Read-Only Subkeys
- Changing Registry as Administrator in NT4
- Compare Registry - Before and After
- Connecting to a Registry on a Remote Computer
- Convert Qword
- Converting a Hex DWord Value into Four Octets
- DataItem or Subkey - Does Key Exist and RegQueryValue
- Determine All Extensions Associated with an Application
- Edit a REG File
- Error 5 Opening Registry Key
- Export Color Scheme from Registry
- How to Find a Particular Hive
- How to Make Registry Key Dump to a Text File
- How to Restore Registry in Win95
- How to Save Hive Files in Windows 95
- Importing 64 bit Registry Settings
- Modify Users Registry with Elevated Privileges
- PATH Information and RegApp
- Problem Closing RegConnect Connections Using WntCancelCon
- RegCreateKey Creating Key in Wrong Reg Hive
- RegDeleteKey failing from 64bit to 32-bit server
- RegEdit and Merging Databases
- RegEdit Command Line Options Syntax
- RegEdit Merge Into 64-bit Registry
- Registry Compare
- Registry Editing Permissions and Winbatch
- Registry Entry for WBTs
- Registry Keys additional for NT and 95
- Registry Run Keys - Run and Runonce
- RegLoadHive - RegUnloadHive - and Running REG Files
- RegOpenKeyEx Notes
- RegQueryEx for REG_EXPAND_SZ
- RegQueryKeys and Counting Subkeys
- RegQueryMulSz Problem
- RegSetBin and Hex7 Value
- RegSetDword and Hex
- RegSetDword and Setting Last Bit to 0
- Renaming Registry Keys
- Replace all Occurrences of a String
- Retain Percent Signs in SystemRoot
- Setting Binary Values Greater than 255 Chars
- Setting Unknown Registry Type
- SYSDIFF and other Registry Utilities
- Updating the Registry and Broadcast Message
- Utility to Monitor Registry
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Changing Registry as Administrator in NT4
Question:
We have a bug in a recent Novell ZEN deployment, where a certain very important reg key and subkeys has restricted rights (HKLM/Software/Novell/Workstation Manager). Only System and Administrators have rights, and the users in some cases can't even see the key to read policies and such.Is there a way to use a script to make a registry change acting as Administrator or System? Right now the scripts bail when I run them from a login script, because the user can't see the key for the script to open it. Thanks.
Answer:
First suggestion:We modify settings on the machines that users (currently logged on person) can not do as a restriction of rights. See WNTRUNASUSER, Run as a different user. (Requires NT 4.0 or newer))
Second Suggestion:
Try writing a WBT that will modify the permissions on the registry key(s) that are in question and then execute it remotely on the target with tools like PSEXEC in PSTools package from SysInternals (http://www.sysinternals.com/)
Thirdly:
If this client was installed via a MSI package you could edit the MSI to 'loosen' the rights on the keys in question
User reply:
As for the first suggestion: From the wntRunAsUser help:Note: The specified user must have the appropriate user rights assigned to be able to log in as a batch job or service. In order to use this function, the currently-logged-in user must have the following rights assigned: "Act as part of the operating system" "Increase quotas" "Replace a process level token"In my case, the currently logged in user doesn't *always* have the ability to act as part of the OS. The settings are there for a reason, and I don't want to change them if I don't have to. Can you at least point me to *which* item in the knowledge base I am supposed to look for? I haven't found anything yet, and I did look before I asked, thank you very much.
As for your second and third suggestions may be how I end up having to address this, but I would like to avoid (if possible) remotely or manually doing anything to the machines, since there are about 650 of them. I also want to avoid things like an automated login and reboot if I can, as that will really confuse my users. If necessary I will though. Any other suggestions anyone?
Answer:
Can you RegConnect to the machines registry using an admin account and see the key?If so, then you can also probably use a wntAccessAdd function to change persmission on the registry key from you own machine.
User Reply:
The workstations are nt4. I can connect and edit from my machine manually, so I could do so with a script from here with no problem. That's a lot of machines to have to connect to, though.Any suggestions as to how I would go about automating workstation discovery? And how could I keep a running list, so that the script knows when it sees a machine whether it has been updated or not, without having to connect again to that workstation? Thanks!
Answer:
It is all just code.Use the WNT extender, wntServerlist to get the names of all the machines.
loop through the list with a FOR/NEXT loop(ItemCount, ItemExtract) getting machine names.
Check a "completed.ini" file (IniReadPvt) to see if that machine has been done yet. If not...
Use the Winsock extender wxHost2Addr function (maybe) to convert the machine name to a ip address.
Try piniging the ip address (WinSock extender wxPing function) to see if machine is alive.
If alive do RegConnect to connect to machine and get registry key handle.
Use wntAccessAdd to modify permissions.
Close registry key. Update "completed.ini file of completed machines.
Loop back and get next machine
User Reply:
Beautiful! A bit of work, but beautiful! Thanks!Article ID: W16173
File Created: 2004:03:30:15:43:06
Last Updated: 2004:03:30:15:43:06