How can I script an HKCU setting for a handful of users on a specific server who don't have profiles?

Question

Here's what I would do manually:

Log onto a server with Account1 to create its Windows profile.
Start Internet Explorer. Click Tools > Internet Options > Advanced > Uncheck "Check for publisher's certificate revocation" and click OK. This updates "HKCU:\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\State".

I'd like to somehow automate the above process so that I don't have to login to the servers, but still apply the setting to all users. (Using a GPO would work, but isn't an option.)

Is there a way to simulate a user login and set their HKCU value?
Is there a way to at least automatically log somebody onto a server and set the vlaue?

offline edit the ntuser.dat! Use "reg load" – tony roth Jun 17 '11 at 13:29 — tony roth, Jun 17 '11 at 13:29
hmm not sure if this will work ! – tony roth Jun 17 '11 at 13:43 — tony roth, Jun 17 '11 at 13:43

score 2 · Answer 1 · answered Jun 17 '11 at 13:56

You will want to use reg load to edit the default ntuser.dat which will then propagate to all newly created profiles.

Example:

@echo off
SET Counter=0
SET LogFile=%windir%\temp\Reg.log
echo. > %LogFile%

:LoadRegHive
SET /A Counter += 1
sleep 5
REG LOAD HKU\ChangeMe "c:\Documents and Settings\Default User\NTUSER.DAT"
IF /I %Counter% GEQ 10 GOTO RegLoadError
IF ERRORLEVEL 0 IF NOT ERRORLEVEL 1 (SET Counter=0 && GOTO ChangeKeys) ELSE (GOTO LoadRegHive)

:ChangeKeys
REG ADD "HKEY_USERS\ChangeMe\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v "My Pictures" /t REG_EXPAND_SZ /d "%%SystemDrive%%\My Documents\My Pictures" /f
IF ERRORLEVEL 0 IF NOT ERRORLEVEL 1 (echo "Successfully changed My Pictures network reference" >> %LogFile%) ELSE (echo "Error changing My Pictures network reference" >> %LogFile%)

REG ADD "HKEY_USERS\ChangeMe\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v "My Music" /t REG_EXPAND_SZ /d "%%SystemDrive%%\My Documents\My Music" /f
IF ERRORLEVEL 0 IF NOT ERRORLEVEL 1 (echo "Successfully changed My Music network reference" >> %LogFile%) ELSE (echo "Error changing My Music network reference" >> %LogFile%)

REG ADD "HKEY_USERS\ChangeMe\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v "Personal" /t REG_EXPAND_SZ /d "%%SystemDrive%%\My Documents" /f
IF ERRORLEVEL 0 IF NOT ERRORLEVEL 1 (echo "Successfully changed Personal network reference" >> %LogFile%) ELSE (echo "Error changing My Music network reference" >> %LogFile%)

REG UNLOAD HKU\ChangeMe

GOTO End

:RegLoadError
echo "Error loading the registry hive after 10 tries." >> %LogFile%
GOTO END

:End
EXIT

kinda what I was getting at but wasn't sure if there was some strange reg load restriction on defualt users ntuser.dat. — tony roth, Jun 17 '11 at 13:59
Loading default makes the change for all future users. Any idea how to make this if you wanted to focus on a subset of users instead of all users? — Ro Yo Mi, Aug 16 '21 at 19:05

score 1 · Answer 2 · answered Jun 17 '11 at 14:43

It sounds like it would be fairly trivial to apply a logon script on the server in the local GPO that makes the change you want. When users logon the change happens.

In the case of the Terminal Server computer being a member of a domain I'd use loopback policy processing to assign the logon script.

In the script I'd just check to see that the user was one of the "handful" before applying the setting.

How can I script an HKCU setting for a handful of users on a specific server who don't have profiles?

2 Answers2