I have a .bat script that runs for every user at login (copies Oracle Java Exception Sites). It copies a file to:
%userprofile%\appdata\LocalLow\Sun\Java\Deployment\security\exception.sites
Unfortunately, it works a little too well. Sometimes it attempts to run as LocalSystem or other system accounts.
Ok, so let's run this only when domain users are logged in. I searched for ways to do conditional checks before I copy the file, but I found someone hinting that %userdomain% gets set for the system accounts as well. From what I understand, this means when SIDs such as S-1-5-18 (LocalSystem), S-1-5-19 (Local Service), and S-1-5-20 (Network Service) are running they become HKCU and therefore may (?) get all of the variables you would see in a HKCU\Volatile Environment registry key, namely environment variables such as
APPDATA
HOMEDRIVE
HOMEPATH
LOCALAPPDATA
LOGONSERVER
USERDNSDOMAIN
USERDOMAIN
USERNAME
USERPROFILE
This means checking %USERDOMAIN% would be pointless because the system accounts inherit these values too. However, I have not found any official documentation (on MSDN or otherwise) that confirms whether system accounts would inherit some or all things a "normal" account would inherit.
So now I have the original problem, but am also curious in depth about Volatile Environment and whether it can actually be used to resolve the problem or not.
- Is there an obvious way to check for real domain users that I'm overlooking? Including real (user) local accounts would be ok as well, but not necessary.
- Do system accounts actually inherit all the variables I would see in Volatile Environment for other users?
- Bonus question: Where do the Volatile Environment variables get generated from?
